kernel-fxtec-pro1x/crypto/testmgr.h

36787 lines
1.3 MiB
C
Raw Normal View History

/*
* Algorithm testing framework and tests.
*
* Copyright (c) 2002 James Morris <jmorris@intercode.com.au>
* Copyright (c) 2002 Jean-Francois Dive <jef@linuxbe.org>
* Copyright (c) 2007 Nokia Siemens Networks
* Copyright (c) 2008 Herbert Xu <herbert@gondor.apana.org.au>
*
* Updated RFC4106 AES-GCM testing. Some test vectors were taken from
* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/
* gcm/gcm-test-vectors.tar.gz
* Authors: Aidan O'Mahony (aidan.o.mahony@intel.com)
* Adrian Hoban <adrian.hoban@intel.com>
* Gabriele Paoloni <gabriele.paoloni@intel.com>
* Tadeusz Struk (tadeusz.struk@intel.com)
* Copyright (c) 2010, Intel Corporation.
*
* This program is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License as published by the Free
* Software Foundation; either version 2 of the License, or (at your option)
* any later version.
*
*/
#ifndef _CRYPTO_TESTMGR_H
#define _CRYPTO_TESTMGR_H
#include <linux/netlink.h>
#define MAX_DIGEST_SIZE 64
#define MAX_TAP 8
#define MAX_KEYLEN 1088
#define MAX_IVLEN 32
struct hash_testvec {
/* only used with keyed hash algorithms */
const char *key;
const char *plaintext;
const char *digest;
unsigned short tap[MAX_TAP];
unsigned short np;
unsigned short psize;
unsigned short ksize;
};
/*
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* cipher_testvec: structure to describe a symmetric cipher test
* @key: Pointer to key
* @klen: Length of @key in bytes
* @iv: Pointer to IV (optional for some ciphers)
* @ptext: Pointer to plaintext
* @ctext: Pointer to ciphertext
* @len: Length of @ptext and @ctext in bytes
* @fail: If set to one, the test need to fail
* @wk: Does the test need CRYPTO_TFM_REQ_WEAK_KEY
* ( e.g. test needs to fail due to a weak key )
* @np: numbers of SG to distribute data in (from 1 to MAX_TAP)
* @tap: How to distribute data in @np SGs
* @also_non_np: if set to 1, the test will be also done without
* splitting data in @np SGs
* @fips_skip: Skip the test vector in FIPS mode
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* @generates_iv: Encryption should ignore the given IV, and output @iv.
* Decryption takes @iv. Needed for AES Keywrap ("kw(aes)").
*/
struct cipher_testvec {
const char *key;
const char *iv;
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
const char *ptext;
const char *ctext;
unsigned short tap[MAX_TAP];
int np;
unsigned char also_non_np;
bool fail;
unsigned char wk; /* weak key flag */
unsigned char klen;
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
unsigned short len;
bool fips_skip;
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
bool generates_iv;
};
struct aead_testvec {
const char *key;
const char *iv;
const char *input;
const char *assoc;
const char *result;
unsigned char tap[MAX_TAP];
unsigned char atap[MAX_TAP];
int np;
int anp;
bool fail;
unsigned char novrfy; /* ccm dec verification failure expected */
unsigned char wk; /* weak key flag */
unsigned char klen;
unsigned short ilen;
unsigned short alen;
unsigned short rlen;
};
struct cprng_testvec {
const char *key;
const char *dt;
const char *v;
const char *result;
unsigned char klen;
unsigned short dtlen;
unsigned short vlen;
unsigned short rlen;
unsigned short loops;
};
struct drbg_testvec {
const unsigned char *entropy;
size_t entropylen;
const unsigned char *entpra;
const unsigned char *entprb;
size_t entprlen;
const unsigned char *addtla;
const unsigned char *addtlb;
size_t addtllen;
const unsigned char *pers;
size_t perslen;
const unsigned char *expected;
size_t expectedlen;
};
struct akcipher_testvec {
const unsigned char *key;
const unsigned char *m;
const unsigned char *c;
unsigned int key_len;
unsigned int m_size;
unsigned int c_size;
bool public_key_vec;
bool siggen_sigver_test;
};
struct kpp_testvec {
const unsigned char *secret;
const unsigned char *b_secret;
const unsigned char *b_public;
const unsigned char *expected_a_public;
const unsigned char *expected_ss;
unsigned short secret_size;
unsigned short b_secret_size;
unsigned short b_public_size;
unsigned short expected_a_public_size;
unsigned short expected_ss_size;
bool genkey;
};
static const char zeroed_string[48];
/*
* RSA test vectors. Borrowed from openSSL.
*/
static const struct akcipher_testvec rsa_tv_template[] = {
{
#ifndef CONFIG_CRYPTO_FIPS
.key =
"\x30\x81\x9A" /* sequence of 154 bytes */
"\x02\x01\x01" /* version - integer of 1 byte */
"\x02\x41" /* modulus - integer of 65 bytes */
"\x00\xAA\x36\xAB\xCE\x88\xAC\xFD\xFF\x55\x52\x3C\x7F\xC4\x52\x3F"
"\x90\xEF\xA0\x0D\xF3\x77\x4A\x25\x9F\x2E\x62\xB4\xC5\xD9\x9C\xB5"
"\xAD\xB3\x00\xA0\x28\x5E\x53\x01\x93\x0E\x0C\x70\xFB\x68\x76\x93"
"\x9C\xE6\x16\xCE\x62\x4A\x11\xE0\x08\x6D\x34\x1E\xBC\xAC\xA0\xA1"
"\xF5"
"\x02\x01\x11" /* public key - integer of 1 byte */
"\x02\x40" /* private key - integer of 64 bytes */
"\x0A\x03\x37\x48\x62\x64\x87\x69\x5F\x5F\x30\xBC\x38\xB9\x8B\x44"
"\xC2\xCD\x2D\xFF\x43\x40\x98\xCD\x20\xD8\xA1\x38\xD0\x90\xBF\x64"
"\x79\x7C\x3F\xA7\xA2\xCD\xCB\x3C\xD1\xE0\xBD\xBA\x26\x54\xB4\xF9"
"\xDF\x8E\x8A\xE5\x9D\x73\x3D\x9F\x33\xB3\x01\x62\x4A\xFD\x1D\x51"
"\x02\x01\x00" /* prime1 - integer of 1 byte */
"\x02\x01\x00" /* prime2 - integer of 1 byte */
"\x02\x01\x00" /* exponent1 - integer of 1 byte */
"\x02\x01\x00" /* exponent2 - integer of 1 byte */
"\x02\x01\x00", /* coefficient - integer of 1 byte */
.m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
.c =
"\x63\x1c\xcd\x7b\xe1\x7e\xe4\xde\xc9\xa8\x89\xa1\x74\xcb\x3c\x63"
"\x7d\x24\xec\x83\xc3\x15\xe4\x7f\x73\x05\x34\xd1\xec\x22\xbb\x8a"
"\x5e\x32\x39\x6d\xc1\x1d\x7d\x50\x3b\x9f\x7a\xad\xf0\x2e\x25\x53"
"\x9f\x6e\xbd\x4c\x55\x84\x0c\x9b\xcf\x1a\x4b\x51\x1e\x9e\x0c\x06",
.key_len = 157,
.m_size = 8,
.c_size = 64,
}, {
.key =
"\x30\x82\x01\x1D" /* sequence of 285 bytes */
"\x02\x01\x01" /* version - integer of 1 byte */
"\x02\x81\x81" /* modulus - integer of 129 bytes */
"\x00\xBB\xF8\x2F\x09\x06\x82\xCE\x9C\x23\x38\xAC\x2B\x9D\xA8\x71"
"\xF7\x36\x8D\x07\xEE\xD4\x10\x43\xA4\x40\xD6\xB6\xF0\x74\x54\xF5"
"\x1F\xB8\xDF\xBA\xAF\x03\x5C\x02\xAB\x61\xEA\x48\xCE\xEB\x6F\xCD"
"\x48\x76\xED\x52\x0D\x60\xE1\xEC\x46\x19\x71\x9D\x8A\x5B\x8B\x80"
"\x7F\xAF\xB8\xE0\xA3\xDF\xC7\x37\x72\x3E\xE6\xB4\xB7\xD9\x3A\x25"
"\x84\xEE\x6A\x64\x9D\x06\x09\x53\x74\x88\x34\xB2\x45\x45\x98\x39"
"\x4E\xE0\xAA\xB1\x2D\x7B\x61\xA5\x1F\x52\x7A\x9A\x41\xF6\xC1\x68"
"\x7F\xE2\x53\x72\x98\xCA\x2A\x8F\x59\x46\xF8\xE5\xFD\x09\x1D\xBD"
"\xCB"
"\x02\x01\x11" /* public key - integer of 1 byte */
"\x02\x81\x81" /* private key - integer of 129 bytes */
"\x00\xA5\xDA\xFC\x53\x41\xFA\xF2\x89\xC4\xB9\x88\xDB\x30\xC1\xCD"
"\xF8\x3F\x31\x25\x1E\x06\x68\xB4\x27\x84\x81\x38\x01\x57\x96\x41"
"\xB2\x94\x10\xB3\xC7\x99\x8D\x6B\xC4\x65\x74\x5E\x5C\x39\x26\x69"
"\xD6\x87\x0D\xA2\xC0\x82\xA9\x39\xE3\x7F\xDC\xB8\x2E\xC9\x3E\xDA"
"\xC9\x7F\xF3\xAD\x59\x50\xAC\xCF\xBC\x11\x1C\x76\xF1\xA9\x52\x94"
"\x44\xE5\x6A\xAF\x68\xC5\x6C\x09\x2C\xD3\x8D\xC3\xBE\xF5\xD2\x0A"
"\x93\x99\x26\xED\x4F\x74\xA1\x3E\xDD\xFB\xE1\xA1\xCE\xCC\x48\x94"
"\xAF\x94\x28\xC2\xB7\xB8\x88\x3F\xE4\x46\x3A\x4B\xC8\x5B\x1C\xB3"
"\xC1"
"\x02\x01\x00" /* prime1 - integer of 1 byte */
"\x02\x01\x00" /* prime2 - integer of 1 byte */
"\x02\x01\x00" /* exponent1 - integer of 1 byte */
"\x02\x01\x00" /* exponent2 - integer of 1 byte */
"\x02\x01\x00", /* coefficient - integer of 1 byte */
.key_len = 289,
.m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
.c =
"\x74\x1b\x55\xac\x47\xb5\x08\x0a\x6e\x2b\x2d\xf7\x94\xb8\x8a\x95"
"\xed\xa3\x6b\xc9\x29\xee\xb2\x2c\x80\xc3\x39\x3b\x8c\x62\x45\x72"
"\xc2\x7f\x74\x81\x91\x68\x44\x48\x5a\xdc\xa0\x7e\xa7\x0b\x05\x7f"
"\x0e\xa0\x6c\xe5\x8f\x19\x4d\xce\x98\x47\x5f\xbd\x5f\xfe\xe5\x34"
"\x59\x89\xaf\xf0\xba\x44\xd7\xf1\x1a\x50\x72\xef\x5e\x4a\xb6\xb7"
"\x54\x34\xd1\xc4\x83\x09\xdf\x0f\x91\x5f\x7d\x91\x70\x2f\xd4\x13"
"\xcc\x5e\xa4\x6c\xc3\x4d\x28\xef\xda\xaf\xec\x14\x92\xfc\xa3\x75"
"\x13\xb4\xc1\xa1\x11\xfc\x40\x2f\x4c\x9d\xdf\x16\x76\x11\x20\x6b",
.m_size = 8,
.c_size = 128,
}, {
#endif
.key =
"\x30\x82\x02\x1F" /* sequence of 543 bytes */
"\x02\x01\x01" /* version - integer of 1 byte */
"\x02\x82\x01\x00" /* modulus - integer of 256 bytes */
"\xDB\x10\x1A\xC2\xA3\xF1\xDC\xFF\x13\x6B\xED\x44\xDF\xF0\x02\x6D"
"\x13\xC7\x88\xDA\x70\x6B\x54\xF1\xE8\x27\xDC\xC3\x0F\x99\x6A\xFA"
"\xC6\x67\xFF\x1D\x1E\x3C\x1D\xC1\xB5\x5F\x6C\xC0\xB2\x07\x3A\x6D"
"\x41\xE4\x25\x99\xAC\xFC\xD2\x0F\x02\xD3\xD1\x54\x06\x1A\x51\x77"
"\xBD\xB6\xBF\xEA\xA7\x5C\x06\xA9\x5D\x69\x84\x45\xD7\xF5\x05\xBA"
"\x47\xF0\x1B\xD7\x2B\x24\xEC\xCB\x9B\x1B\x10\x8D\x81\xA0\xBE\xB1"
"\x8C\x33\xE4\x36\xB8\x43\xEB\x19\x2A\x81\x8D\xDE\x81\x0A\x99\x48"
"\xB6\xF6\xBC\xCD\x49\x34\x3A\x8F\x26\x94\xE3\x28\x82\x1A\x7C\x8F"
"\x59\x9F\x45\xE8\x5D\x1A\x45\x76\x04\x56\x05\xA1\xD0\x1B\x8C\x77"
"\x6D\xAF\x53\xFA\x71\xE2\x67\xE0\x9A\xFE\x03\xA9\x85\xD2\xC9\xAA"
"\xBA\x2A\xBC\xF4\xA0\x08\xF5\x13\x98\x13\x5D\xF0\xD9\x33\x34\x2A"
"\x61\xC3\x89\x55\xF0\xAE\x1A\x9C\x22\xEE\x19\x05\x8D\x32\xFE\xEC"
"\x9C\x84\xBA\xB7\xF9\x6C\x3A\x4F\x07\xFC\x45\xEB\x12\xE5\x7B\xFD"
"\x55\xE6\x29\x69\xD1\xC2\xE8\xB9\x78\x59\xF6\x79\x10\xC6\x4E\xEB"
"\x6A\x5E\xB9\x9A\xC7\xC4\x5B\x63\xDA\xA3\x3F\x5E\x92\x7A\x81\x5E"
"\xD6\xB0\xE2\x62\x8F\x74\x26\xC2\x0C\xD3\x9A\x17\x47\xE6\x8E\xAB"
"\x02\x03\x01\x00\x01" /* public key - integer of 3 bytes */
"\x02\x82\x01\x00" /* private key - integer of 256 bytes */
"\x52\x41\xF4\xDA\x7B\xB7\x59\x55\xCA\xD4\x2F\x0F\x3A\xCB\xA4\x0D"
"\x93\x6C\xCC\x9D\xC1\xB2\xFB\xFD\xAE\x40\x31\xAC\x69\x52\x21\x92"
"\xB3\x27\xDF\xEA\xEE\x2C\x82\xBB\xF7\x40\x32\xD5\x14\xC4\x94\x12"
"\xEC\xB8\x1F\xCA\x59\xE3\xC1\x78\xF3\x85\xD8\x47\xA5\xD7\x02\x1A"
"\x65\x79\x97\x0D\x24\xF4\xF0\x67\x6E\x75\x2D\xBF\x10\x3D\xA8\x7D"
"\xEF\x7F\x60\xE4\xE6\x05\x82\x89\x5D\xDF\xC6\xD2\x6C\x07\x91\x33"
"\x98\x42\xF0\x02\x00\x25\x38\xC5\x85\x69\x8A\x7D\x2F\x95\x6C\x43"
"\x9A\xB8\x81\xE2\xD0\x07\x35\xAA\x05\x41\xC9\x1E\xAF\xE4\x04\x3B"
"\x19\xB8\x73\xA2\xAC\x4B\x1E\x66\x48\xD8\x72\x1F\xAC\xF6\xCB\xBC"
"\x90\x09\xCA\xEC\x0C\xDC\xF9\x2C\xD7\xEB\xAE\xA3\xA4\x47\xD7\x33"
"\x2F\x8A\xCA\xBC\x5E\xF0\x77\xE4\x97\x98\x97\xC7\x10\x91\x7D\x2A"
"\xA6\xFF\x46\x83\x97\xDE\xE9\xE2\x17\x03\x06\x14\xE2\xD7\xB1\x1D"
"\x77\xAF\x51\x27\x5B\x5E\x69\xB8\x81\xE6\x11\xC5\x43\x23\x81\x04"
"\x62\xFF\xE9\x46\xB8\xD8\x44\xDB\xA5\xCC\x31\x54\x34\xCE\x3E\x82"
"\xD6\xBF\x7A\x0B\x64\x21\x6D\x88\x7E\x5B\x45\x12\x1E\x63\x8D\x49"
"\xA7\x1D\xD9\x1E\x06\xCD\xE8\xBA\x2C\x8C\x69\x32\xEA\xBE\x60\x71"
"\x02\x01\x00" /* prime1 - integer of 1 byte */
"\x02\x01\x00" /* prime2 - integer of 1 byte */
"\x02\x01\x00" /* exponent1 - integer of 1 byte */
"\x02\x01\x00" /* exponent2 - integer of 1 byte */
"\x02\x01\x00", /* coefficient - integer of 1 byte */
.key_len = 547,
.m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
.c =
"\xb2\x97\x76\xb4\xae\x3e\x38\x3c\x7e\x64\x1f\xcc\xa2\x7f\xf6\xbe"
"\xcf\x49\xbc\x48\xd3\x6c\x8f\x0a\x0e\xc1\x73\xbd\x7b\x55\x79\x36"
"\x0e\xa1\x87\x88\xb9\x2c\x90\xa6\x53\x5e\xe9\xef\xc4\xe2\x4d\xdd"
"\xf7\xa6\x69\x82\x3f\x56\xa4\x7b\xfb\x62\xe0\xae\xb8\xd3\x04\xb3"
"\xac\x5a\x15\x2a\xe3\x19\x9b\x03\x9a\x0b\x41\xda\x64\xec\x0a\x69"
"\xfc\xf2\x10\x92\xf3\xc1\xbf\x84\x7f\xfd\x2c\xae\xc8\xb5\xf6\x41"
"\x70\xc5\x47\x03\x8a\xf8\xff\x6f\x3f\xd2\x6f\x09\xb4\x22\xf3\x30"
"\xbe\xa9\x85\xcb\x9c\x8d\xf9\x8f\xeb\x32\x91\xa2\x25\x84\x8f\xf5"
"\xdc\xc7\x06\x9c\x2d\xe5\x11\x2c\x09\x09\x87\x09\xa9\xf6\x33\x73"
"\x90\xf1\x60\xf2\x65\xdd\x30\xa5\x66\xce\x62\x7b\xd0\xf8\x2d\x3d"
"\x19\x82\x77\xe3\x0a\x5f\x75\x2f\x8e\xb1\xe5\xe8\x91\x35\x1b\x3b"
"\x33\xb7\x66\x92\xd1\xf2\x8e\x6f\xe5\x75\x0c\xad\x36\xfb\x4e\xd0"
"\x66\x61\xbd\x49\xfe\xf4\x1a\xa2\x2b\x49\xfe\x03\x4c\x74\x47\x8d"
"\x9a\x66\xb2\x49\x46\x4d\x77\xea\x33\x4d\x6b\x3c\xb4\x49\x4a\xc6"
"\x7d\x3d\xb5\xb9\x56\x41\x15\x67\x0f\x94\x3c\x93\x65\x27\xe0\x21"
"\x5d\x59\xc3\x62\xd5\xa6\xda\x38\x26\x22\x5e\x34\x1c\x94\xaf\x98",
.m_size = 8,
.c_size = 256,
}, {
.key =
"\x30\x82\x01\x09" /* sequence of 265 bytes */
"\x02\x82\x01\x00" /* modulus - integer of 256 bytes */
"\xDB\x10\x1A\xC2\xA3\xF1\xDC\xFF\x13\x6B\xED\x44\xDF\xF0\x02\x6D"
"\x13\xC7\x88\xDA\x70\x6B\x54\xF1\xE8\x27\xDC\xC3\x0F\x99\x6A\xFA"
"\xC6\x67\xFF\x1D\x1E\x3C\x1D\xC1\xB5\x5F\x6C\xC0\xB2\x07\x3A\x6D"
"\x41\xE4\x25\x99\xAC\xFC\xD2\x0F\x02\xD3\xD1\x54\x06\x1A\x51\x77"
"\xBD\xB6\xBF\xEA\xA7\x5C\x06\xA9\x5D\x69\x84\x45\xD7\xF5\x05\xBA"
"\x47\xF0\x1B\xD7\x2B\x24\xEC\xCB\x9B\x1B\x10\x8D\x81\xA0\xBE\xB1"
"\x8C\x33\xE4\x36\xB8\x43\xEB\x19\x2A\x81\x8D\xDE\x81\x0A\x99\x48"
"\xB6\xF6\xBC\xCD\x49\x34\x3A\x8F\x26\x94\xE3\x28\x82\x1A\x7C\x8F"
"\x59\x9F\x45\xE8\x5D\x1A\x45\x76\x04\x56\x05\xA1\xD0\x1B\x8C\x77"
"\x6D\xAF\x53\xFA\x71\xE2\x67\xE0\x9A\xFE\x03\xA9\x85\xD2\xC9\xAA"
"\xBA\x2A\xBC\xF4\xA0\x08\xF5\x13\x98\x13\x5D\xF0\xD9\x33\x34\x2A"
"\x61\xC3\x89\x55\xF0\xAE\x1A\x9C\x22\xEE\x19\x05\x8D\x32\xFE\xEC"
"\x9C\x84\xBA\xB7\xF9\x6C\x3A\x4F\x07\xFC\x45\xEB\x12\xE5\x7B\xFD"
"\x55\xE6\x29\x69\xD1\xC2\xE8\xB9\x78\x59\xF6\x79\x10\xC6\x4E\xEB"
"\x6A\x5E\xB9\x9A\xC7\xC4\x5B\x63\xDA\xA3\x3F\x5E\x92\x7A\x81\x5E"
"\xD6\xB0\xE2\x62\x8F\x74\x26\xC2\x0C\xD3\x9A\x17\x47\xE6\x8E\xAB"
"\x02\x03\x01\x00\x01", /* public key - integer of 3 bytes */
.key_len = 269,
.m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
.c =
"\xb2\x97\x76\xb4\xae\x3e\x38\x3c\x7e\x64\x1f\xcc\xa2\x7f\xf6\xbe"
"\xcf\x49\xbc\x48\xd3\x6c\x8f\x0a\x0e\xc1\x73\xbd\x7b\x55\x79\x36"
"\x0e\xa1\x87\x88\xb9\x2c\x90\xa6\x53\x5e\xe9\xef\xc4\xe2\x4d\xdd"
"\xf7\xa6\x69\x82\x3f\x56\xa4\x7b\xfb\x62\xe0\xae\xb8\xd3\x04\xb3"
"\xac\x5a\x15\x2a\xe3\x19\x9b\x03\x9a\x0b\x41\xda\x64\xec\x0a\x69"
"\xfc\xf2\x10\x92\xf3\xc1\xbf\x84\x7f\xfd\x2c\xae\xc8\xb5\xf6\x41"
"\x70\xc5\x47\x03\x8a\xf8\xff\x6f\x3f\xd2\x6f\x09\xb4\x22\xf3\x30"
"\xbe\xa9\x85\xcb\x9c\x8d\xf9\x8f\xeb\x32\x91\xa2\x25\x84\x8f\xf5"
"\xdc\xc7\x06\x9c\x2d\xe5\x11\x2c\x09\x09\x87\x09\xa9\xf6\x33\x73"
"\x90\xf1\x60\xf2\x65\xdd\x30\xa5\x66\xce\x62\x7b\xd0\xf8\x2d\x3d"
"\x19\x82\x77\xe3\x0a\x5f\x75\x2f\x8e\xb1\xe5\xe8\x91\x35\x1b\x3b"
"\x33\xb7\x66\x92\xd1\xf2\x8e\x6f\xe5\x75\x0c\xad\x36\xfb\x4e\xd0"
"\x66\x61\xbd\x49\xfe\xf4\x1a\xa2\x2b\x49\xfe\x03\x4c\x74\x47\x8d"
"\x9a\x66\xb2\x49\x46\x4d\x77\xea\x33\x4d\x6b\x3c\xb4\x49\x4a\xc6"
"\x7d\x3d\xb5\xb9\x56\x41\x15\x67\x0f\x94\x3c\x93\x65\x27\xe0\x21"
"\x5d\x59\xc3\x62\xd5\xa6\xda\x38\x26\x22\x5e\x34\x1c\x94\xaf\x98",
.m_size = 8,
.c_size = 256,
.public_key_vec = true,
#ifndef CONFIG_CRYPTO_FIPS
}, {
.key =
"\x30\x82\x09\x29" /* sequence of 2345 bytes */
"\x02\x01\x00" /* version integer of 1 byte */
"\x02\x82\x02\x01" /* modulus - integer of 513 bytes */
"\x00\xC3\x8B\x55\x7B\x73\x4D\xFF\xE9\x9B\xC6\xDC\x67\x3C\xB4\x8E"
"\xA0\x86\xED\xF2\xB9\x50\x5C\x54\x5C\xBA\xE4\xA1\xB2\xA7\xAE\x2F"
"\x1B\x7D\xF1\xFB\xAC\x79\xC5\xDF\x1A\x00\xC9\xB2\xC1\x61\x25\x33"
"\xE6\x9C\xE9\xCF\xD6\x27\xC4\x4E\x44\x30\x44\x5E\x08\xA1\x87\x52"
"\xCC\x6B\x97\x70\x8C\xBC\xA5\x06\x31\x0C\xD4\x2F\xD5\x7D\x26\x24"
"\xA2\xE2\xAC\x78\xF4\x53\x14\xCE\xF7\x19\x2E\xD7\xF7\xE6\x0C\xB9"
"\x56\x7F\x0B\xF1\xB1\xE2\x43\x70\xBD\x86\x1D\xA1\xCC\x2B\x19\x08"
"\x76\xEF\x91\xAC\xBF\x20\x24\x0D\x38\xC0\x89\xB8\x9A\x70\xB3\x64"
"\xD9\x8F\x80\x41\x10\x5B\x9F\xB1\xCB\x76\x43\x00\x21\x25\x36\xD4"
"\x19\xFC\x55\x95\x10\xE4\x26\x74\x98\x2C\xD9\xBD\x0B\x2B\x04\xC2"
"\xAC\x82\x38\xB4\xDD\x4C\x04\x7E\x51\x36\x40\x1E\x0B\xC4\x7C\x25"
"\xDD\x4B\xB2\xE7\x20\x0A\x57\xF9\xB4\x94\xC3\x08\x33\x22\x6F\x8B"
"\x48\xDB\x03\x68\x5A\x5B\xBA\xAE\xF3\xAD\xCF\xC3\x6D\xBA\xF1\x28"
"\x67\x7E\x6C\x79\x07\xDE\xFC\xED\xE7\x96\xE3\x6C\xE0\x2C\x87\xF8"
"\x02\x01\x28\x38\x43\x21\x53\x84\x69\x75\x78\x15\x7E\xEE\xD2\x1B"
"\xB9\x23\x40\xA8\x86\x1E\x38\x83\xB2\x73\x1D\x53\xFB\x9E\x2A\x8A"
"\xB2\x75\x35\x01\xC3\xC3\xC4\x94\xE8\x84\x86\x64\x81\xF4\x42\xAA"
"\x3C\x0E\xD6\x4F\xBC\x0A\x09\x2D\xE7\x1B\xD4\x10\xA8\x54\xEA\x89"
"\x84\x8A\xCB\xF7\x5A\x3C\xCA\x76\x08\x29\x62\xB4\x6A\x22\xDF\x14"
"\x95\x71\xFD\xB6\x86\x39\xB8\x8B\xF8\x91\x7F\x38\xAA\x14\xCD\xE5"
"\xF5\x1D\xC2\x6D\x53\x69\x52\x84\x7F\xA3\x1A\x5E\x26\x04\x83\x06"
"\x73\x52\x56\xCF\x76\x26\xC9\xDD\x75\xD7\xFC\xF4\x69\xD8\x7B\x55"
"\xB7\x68\x13\x53\xB9\xE7\x89\xC3\xE8\xD6\x6E\xA7\x6D\xEA\x81\xFD"
"\xC4\xB7\x05\x5A\xB7\x41\x0A\x23\x8E\x03\x8A\x1C\xAE\xD3\x1E\xCE"
"\xE3\x5E\xFC\x19\x4A\xEE\x61\x9B\x8E\xE5\xE5\xDD\x85\xF9\x41\xEC"
"\x14\x53\x92\xF7\xDD\x06\x85\x02\x91\xE3\xEB\x6C\x43\x03\xB1\x36"
"\x7B\x89\x5A\xA8\xEB\xFC\xD5\xA8\x35\xDC\x81\xD9\x5C\xBD\xCA\xDC"
"\x9B\x98\x0B\x06\x5D\x0C\x5B\xEE\xF3\xD5\xCC\x57\xC9\x71\x2F\x90"
"\x3B\x3C\xF0\x8E\x4E\x35\x48\xAE\x63\x74\xA9\xFC\x72\x75\x8E\x34"
"\xA8\xF2\x1F\xEA\xDF\x3A\x37\x2D\xE5\x39\x39\xF8\x57\x58\x3C\x04"
"\xFE\x87\x06\x98\xBC\x7B\xD3\x21\x36\x60\x25\x54\xA7\x3D\xFA\x91"
"\xCC\xA8\x0B\x92\x8E\xB4\xF7\x06\xFF\x1E\x95\xCB\x07\x76\x97\x3B"
"\x9D"
"\x02\x03\x01\x00\x01" /* public key integer of 3 bytes */
"\x02\x82\x02\x00" /* private key integer of 512 bytes */
"\x74\xA9\xE0\x6A\x32\xB4\xCA\x85\xD9\x86\x9F\x60\x88\x7B\x40\xCC"
"\xCD\x33\x91\xA8\xB6\x25\x1F\xBF\xE3\x51\x1C\x97\xB6\x2A\xD9\xB8"
"\x11\x40\x19\xE3\x21\x13\xC8\xB3\x7E\xDC\xD7\x65\x40\x4C\x2D\xD6"
"\xDC\xAF\x32\x6C\x96\x75\x2C\x2C\xCA\x8F\x3F\x7A\xEE\xC4\x09\xC6"
"\x24\x3A\xC9\xCF\x6D\x8D\x17\x50\x94\x52\xD3\xE7\x0F\x2F\x7E\x94"
"\x1F\xA0\xBE\xD9\x25\xE8\x38\x42\x7C\x27\xD2\x79\xF8\x2A\x87\x38"
"\xEF\xBB\x74\x8B\xA8\x6E\x8C\x08\xC6\xC7\x4F\x0C\xBC\x79\xC6\xEF"
"\x0E\xA7\x5E\xE4\xF8\x8C\x09\xC7\x5E\x37\xCC\x87\x77\xCD\xCF\xD1"
"\x6D\x28\x1B\xA9\x62\xC0\xB8\x16\xA7\x8B\xF9\xBB\xCC\xB4\x15\x7F"
"\x1B\x69\x03\xF2\x7B\xEB\xE5\x8C\x14\xD6\x23\x4F\x52\x6F\x18\xA6"
"\x4B\x5B\x01\xAD\x35\xF9\x48\x53\xB3\x86\x35\x66\xD7\xE7\x29\xC0"
"\x09\xB5\xC6\xE6\xFA\xC4\xDA\x19\xBE\xD7\x4D\x41\x14\xBE\x6F\xDF"
"\x1B\xAB\xC0\xCA\x88\x07\xAC\xF1\x7D\x35\x83\x67\x28\x2D\x50\xE9"
"\xCE\x27\x71\x5E\x1C\xCF\xD2\x30\x65\x79\x72\x2F\x9C\xE1\xD2\x39"
"\x7F\xEF\x3B\x01\xF2\x14\x1D\xDF\xBD\x51\xD3\xA1\x53\x62\xCF\x5F"
"\x79\x84\xCE\x06\x96\x69\x29\x49\x82\x1C\x71\x4A\xA1\x66\xC8\x2F"
"\xFD\x7B\x96\x7B\xFC\xC4\x26\x58\xC4\xFC\x7C\xAF\xB5\xE8\x95\x83"
"\x87\xCB\x46\xDE\x97\xA7\xB3\xA2\x54\x5B\xD7\xAF\xAB\xEB\xC8\xF3"
"\x55\x9D\x48\x2B\x30\x9C\xDC\x26\x4B\xC2\x89\x45\x13\xB2\x01\x9A"
"\xA4\x65\xC3\xEC\x24\x2D\x26\x97\xEB\x80\x8A\x9D\x03\xBC\x59\x66"
"\x9E\xE2\xBB\xBB\x63\x19\x64\x93\x11\x7B\x25\x65\x30\xCD\x5B\x4B"
"\x2C\xFF\xDC\x2D\x30\x87\x1F\x3C\x88\x07\xD0\xFC\x48\xCC\x05\x8A"
"\xA2\xC8\x39\x3E\xD5\x51\xBC\x0A\xBE\x6D\xA8\xA0\xF6\x88\x06\x79"
"\x13\xFF\x1B\x45\xDA\x54\xC9\x24\x25\x8A\x75\x0A\x26\xD1\x69\x81"
"\x14\x14\xD1\x79\x7D\x8E\x76\xF2\xE0\xEB\xDD\x0F\xDE\xC2\xEC\x80"
"\xD7\xDC\x16\x99\x92\xBE\xCB\x40\x0C\xCE\x7C\x3B\x46\xA2\x5B\x5D"
"\x0C\x45\xEB\xE1\x00\xDE\x72\x50\xB1\xA6\x0B\x76\xC5\x8D\xFC\x82"
"\x38\x6D\x99\x14\x1D\x1A\x4A\xD3\x7C\x53\xB8\x12\x46\xA2\x30\x38"
"\x82\xF4\x96\x6E\x8C\xCE\x47\x0D\xAF\x0A\x3B\x45\xB7\x43\x95\x43"
"\x9E\x02\x2C\x44\x07\x6D\x1F\x3C\x66\x89\x09\xB6\x1F\x06\x30\xCC"
"\xAD\xCE\x7D\x9A\xDE\x3E\xFB\x6C\xE4\x58\x43\xD2\x4F\xA5\x9E\x5E"
"\xA7\x7B\xAE\x3A\xF6\x7E\xD9\xDB\xD3\xF5\xC5\x41\xAF\xE6\x9C\x91"
"\x02\x82\x01\x01" /* prime1 - integer of 257 bytes */
"\x00\xE0\xA6\x6C\xF0\xA2\xF8\x81\x85\x36\x43\xD0\x13\x0B\x33\x8B"
"\x8F\x78\x3D\xAC\xC7\x5E\x46\x6A\x7F\x05\xAE\x3E\x26\x0A\xA6\xD0"
"\x51\xF3\xC8\x61\xF5\x77\x22\x48\x10\x87\x4C\xD5\xA4\xD5\xAE\x2D"
"\x4E\x7A\xFE\x1C\x31\xE7\x6B\xFF\xA4\x69\x20\xF9\x2A\x0B\x99\xBE"
"\x7C\x32\x68\xAD\xB0\xC6\x94\x81\x41\x75\xDC\x06\x78\x0A\xB4\xCF"
"\xCD\x1B\x2D\x31\xE4\x7B\xEA\xA8\x35\x99\x75\x57\xC6\x0E\xF6\x78"
"\x4F\xA0\x92\x4A\x00\x1B\xE7\x96\xF2\x5B\xFD\x2C\x0A\x0A\x13\x81"
"\xAF\xCB\x59\x87\x31\xD9\x83\x65\xF2\x22\x48\xD0\x03\x67\x39\xF6"
"\xFF\xA8\x36\x07\x3A\x68\xE3\x7B\xA9\x64\xFD\x9C\xF7\xB1\x3D\xBF"
"\x26\x5C\xCC\x7A\xFC\xA2\x8F\x51\xD1\xE1\xE2\x3C\xEC\x06\x75\x7C"
"\x34\xF9\xA9\x33\x70\x11\xAD\x5A\xDC\x5F\xCF\x50\xF6\x23\x2F\x39"
"\xAC\x92\x48\x53\x4D\x01\x96\x3C\xD8\xDC\x1F\x23\x23\x78\x80\x34"
"\x54\x14\x76\x8B\xB6\xBB\xFB\x88\x78\x31\x59\x28\xD2\xB1\x75\x17"
"\x88\x04\x4A\x78\x62\x18\x2E\xF5\xFB\x9B\xEF\x15\xD8\x16\x47\xC6"
"\x42\xB1\x02\xDA\x9E\xE3\x84\x90\xB4\x2D\xC3\xCE\x13\xC9\x12\x7D"
"\x3E\xCD\x39\x39\xC9\xAD\xA1\x1A\xE6\xD5\xAD\x5A\x09\x4D\x1B\x0C"
"\xAB"
"\x02\x82\x01\x01" /* prime 2 - integer of 257 bytes */
"\x00\xDE\xD5\x1B\xF6\xCD\x83\xB1\xC6\x47\x7E\xB9\xC0\x6B\xA9\xB8"
"\x02\xF3\xAE\x40\x5D\xFC\xD3\xE5\x4E\xF1\xE3\x39\x04\x52\x84\x89"
"\x40\x37\xBB\xC2\xCD\x7F\x71\x77\x17\xDF\x6A\x4C\x31\x24\x7F\xB9"
"\x7E\x7F\xC8\x43\x4A\x3C\xEB\x8D\x1B\x7F\x21\x51\x67\x45\x8F\xA0"
"\x36\x29\x3A\x18\x45\xA5\x32\xEC\x74\x88\x3C\x98\x5D\x67\x3B\xD7"
"\x51\x1F\xE9\xAE\x09\x01\xDE\xDE\x7C\xFB\x60\xD1\xA5\x6C\xE9\x6A"
"\x93\x04\x02\x3A\xBB\x67\x02\xB9\xFD\x23\xF0\x02\x2B\x49\x85\xC9"
"\x5B\xE7\x4B\xDF\xA3\xF4\xEE\x59\x4C\x45\xEF\x8B\xC1\x6B\xDE\xDE"
"\xBC\x1A\xFC\xD2\x76\x3F\x33\x74\xA9\x8E\xA3\x7E\x0C\xC6\xCE\x70"
"\xA1\x5B\xA6\x77\xEA\x76\xEB\x18\xCE\xB9\xD7\x78\x8D\xAE\x06\xBB"
"\xD3\x1F\x16\x0D\x05\xAB\x4F\xC6\x52\xC8\x6B\x36\x51\x7D\x1D\x27"
"\xAF\x88\x9A\x6F\xCC\x25\x2E\x74\x06\x72\xCE\x9E\xDB\xE0\x9D\x30"
"\xEF\x55\xA5\x58\x21\xA7\x42\x12\x2C\x2C\x23\x87\xC1\x0F\xE8\x51"
"\xDA\x53\xDA\xFC\x05\x36\xDF\x08\x0E\x08\x36\xBE\x5C\x86\x9E\xCA"
"\x68\x90\x33\x12\x0B\x14\x82\xAB\x90\x1A\xD4\x49\x32\x9C\xBD\xAA"
"\xAB\x4E\x38\xF1\xEE\xED\x3D\x3F\xE8\xBD\x48\x56\xA6\x64\xEE\xC8"
"\xD7"
"\x02\x82\x01\x01" /* exponent 1 - integer of 257 bytes */
"\x00\x96\x5E\x6F\x8F\x06\xD6\xE6\x03\x1F\x96\x76\x81\x38\xBF\x30"
"\xCC\x40\x84\xAF\xD0\xE7\x06\xA5\x24\x0E\xCE\x59\xA5\x26\xFE\x0F"
"\x74\xBB\x83\xC6\x26\x02\xAF\x3C\xA3\x6B\x9C\xFF\x68\x0C\xEB\x40"
"\x42\x46\xCB\x2E\x5E\x2C\xF4\x3A\x32\x77\x77\xED\xAF\xBA\x02\x17"
"\xE1\x93\xF0\x43\x4A\x8F\x31\x39\xEF\x72\x0F\x6B\x79\x10\x59\x84"
"\xBA\x5A\x55\x7F\x0E\xDB\xEE\xEE\xD6\xA9\xB8\x44\x9F\x3A\xC6\xB9"
"\x33\x3B\x5C\x90\x11\xD0\x9B\xCC\x8A\xBF\x0E\x10\x5B\x4B\xF1\x50"
"\x9E\x35\xB3\xE0\x6D\x7A\x95\x9C\x38\x5D\xC0\x75\x13\xC2\x15\xA7"
"\x81\xEA\xBA\xF7\x4D\x9E\x85\x9D\xF1\x7D\xBA\xD0\x45\x6F\x2A\xD0"
"\x76\xC2\x28\xD0\xAD\xA7\xB5\xDC\xE3\x6A\x99\xFF\x83\x50\xB3\x75"
"\x07\x14\x91\xAF\xEF\x74\xB5\x9F\x9A\xE0\xBA\xA9\x0B\x87\xF3\x85"
"\x5C\x40\xB2\x0E\xA7\xFD\xC6\xED\x45\x8E\xD9\x7C\xB0\xB2\x68\xC6"
"\x1D\xFD\x70\x78\x06\x41\x7F\x95\x12\x36\x9D\xE2\x58\x5D\x15\xEE"
"\x41\x49\xF5\xFA\xEC\x56\x19\xA0\xE6\xE0\xB2\x40\xE1\xD9\xD0\x03"
"\x22\x02\xCF\xD1\x3C\x07\x38\x65\x8F\x65\x0E\xAA\x32\xCE\x25\x05"
"\x16\x73\x51\xB9\x9F\x88\x0B\xCD\x30\xF3\x97\xCC\x2B\x6B\xA4\x0E"
"\x6F"
"\x02\x82\x01\x00" /* exponent 2 - integer of 256 bytes */
"\x2A\x5F\x3F\xB8\x08\x90\x58\x47\xA9\xE4\xB1\x11\xA3\xE7\x5B\xF4"
"\x43\xBE\x08\xC3\x56\x86\x3C\x7E\x6C\x84\x96\x9C\xF9\xCB\xF6\x05"
"\x5E\x13\xB8\x11\x37\x80\xAD\xF2\xBE\x2B\x0A\x5D\xF5\xE0\xCB\xB7"
"\x00\x39\x66\x82\x41\x5F\x51\x2F\xBF\x56\xE8\x91\xC8\xAA\x6C\xFE"
"\x9F\x8C\x4A\x7D\x43\xD2\x91\x1F\xFF\x9F\xF6\x21\x1C\xB6\x46\x55"
"\x48\xCA\x38\xAB\xC1\xCD\x4D\x65\x5A\xAF\xA8\x6D\xDA\x6D\xF0\x34"
"\x10\x79\x14\x0D\xFA\xA2\x8C\x17\x54\xB4\x18\xD5\x7E\x5F\x90\x50"
"\x87\x84\xE7\xFB\xD7\x61\x53\x5D\xAB\x96\xC7\x6E\x7A\x42\xA0\xFC"
"\x07\xED\xB7\x5F\x80\xD9\x19\xFF\xFB\xFD\x9E\xC4\x73\x31\x62\x3D"
"\x6C\x9E\x15\x03\x62\xA5\x85\xCC\x19\x8E\x9D\x7F\xE3\x6D\xA8\x5D"
"\x96\xF5\xAC\x78\x3D\x81\x27\xE7\x29\xF1\x29\x1D\x09\xBB\x77\x86"
"\x6B\x65\x62\x88\xE1\x31\x1A\x22\xF7\xC5\xCE\x73\x65\x1C\xBE\xE7"
"\x63\xD3\xD3\x14\x63\x27\xAF\x28\xF3\x23\xB6\x76\xC1\xBD\x9D\x82"
"\xF4\x9B\x19\x7D\x2C\x57\xF0\xC2\x2A\x51\xAE\x95\x0D\x8C\x38\x54"
"\xF5\xC6\xA0\x51\xB7\x0E\xB9\xEC\xE7\x0D\x22\xF6\x1A\xD3\xFE\x16"
"\x21\x03\xB7\x0D\x85\xD3\x35\xC9\xDD\xE4\x59\x85\xBE\x7F\xA1\x75"
"\x02\x82\x01\x01" /* coefficient - integer of 257 bytes */
"\x00\xB9\x48\xD2\x54\x2F\x19\x54\x64\xAE\x62\x80\x61\x89\x80\xB4"
"\x48\x0B\x8D\x7E\x1B\x0F\x50\x08\x82\x3F\xED\x75\x84\xB7\x13\xE4"
"\xF8\x8D\xA8\xBB\x54\x21\x4C\x5A\x54\x07\x16\x4B\xB4\xA4\x9E\x30"
"\xBF\x7A\x30\x1B\x39\x60\xA3\x21\x53\xFB\xB0\xDC\x0F\x7C\x2C\xFB"
"\xAA\x95\x7D\x51\x39\x28\x33\x1F\x25\x31\x53\xF5\xD2\x64\x2B\xF2"
"\x1E\xB3\xC0\x6A\x0B\xC9\xA4\x42\x64\x5C\xFB\x15\xA3\xE8\x4C\x3A"
"\x9C\x3C\xBE\xA3\x39\x83\x23\xE3\x6D\x18\xCC\xC2\xDC\x63\x8D\xBA"
"\x98\xE0\xE0\x31\x4A\x2B\x37\x9C\x4D\x6B\xF3\x9F\x51\xE4\x43\x5C"
"\x83\x5F\xBF\x5C\xFE\x92\x45\x01\xAF\xF5\xC2\xF4\xB7\x56\x93\xA5"
"\xF4\xAA\x67\x3C\x48\x37\xBD\x9A\x3C\xFE\xA5\x9A\xB0\xD1\x6B\x85"
"\xDD\x81\xD4\xFA\xAD\x31\x83\xA8\x22\x9B\xFD\xB4\x61\xDC\x7A\x51"
"\x59\x62\x10\x1B\x7E\x44\xA3\xFE\x90\x51\x5A\x3E\x02\x87\xAD\xFA"
"\xDD\x0B\x1F\x3D\x35\xAF\xEE\x13\x85\x51\xA7\x42\xC0\xEE\x9E\x20"
"\xE9\xD0\x29\xB2\xE4\x21\xE4\x6D\x62\xB9\xF4\x48\x4A\xD8\x46\x8E"
"\x61\xA6\x2C\x5D\xDF\x8F\x97\x2B\x3A\x75\x1D\x83\x17\x6F\xC6\xB0"
"\xDE\xFC\x14\x25\x06\x5A\x60\xBB\xB8\x21\x89\xD1\xEF\x57\xF1\x71"
"\x3D",
.m = "\x54\x85\x9b\x34\x2c\x49\xea\x2a",
.c =
"\x5c\xce\x9c\xd7\x9a\x9e\xa1\xfe\x7a\x82\x3c\x68\x27\x98\xe3\x5d"
"\xd5\xd7\x07\x29\xf5\xfb\xc3\x1a\x7f\x63\x1e\x62\x31\x3b\x19\x87"
"\x79\x4f\xec\x7b\xf3\xcb\xea\x9b\x95\x52\x3a\x40\xe5\x87\x7b\x72"
"\xd1\x72\xc9\xfb\x54\x63\xd8\xc9\xd7\x2c\xfc\x7b\xc3\x14\x1e\xbc"
"\x18\xb4\x34\xa1\xbf\x14\xb1\x37\x31\x6e\xf0\x1b\x35\x19\x54\x07"
"\xf7\x99\xec\x3e\x63\xe2\xcd\x61\x28\x65\xc3\xcd\xb1\x38\x36\xa5"
"\xb2\xd7\xb0\xdc\x1f\xf5\xef\x19\xc7\x53\x32\x2d\x1c\x26\xda\xe4"
"\x0d\xd6\x90\x7e\x28\xd8\xdc\xe4\x61\x05\xd2\x25\x90\x01\xd3\x96"
"\x6d\xa6\xcf\x58\x20\xbb\x03\xf4\x01\xbc\x79\xb9\x18\xd8\xb8\xba"
"\xbd\x93\xfc\xf2\x62\x5d\x8c\x66\x1e\x0e\x84\x59\x93\xdd\xe2\x93"
"\xa2\x62\x7d\x08\x82\x7a\xdd\xfc\xb8\xbc\xc5\x4f\x9c\x4e\xbf\xb4"
"\xfc\xf4\xc5\x01\xe8\x00\x70\x4d\x28\x26\xcc\x2e\xfe\x0e\x58\x41"
"\x8b\xec\xaf\x7c\x4b\x54\xd0\xa0\x64\xf9\x32\xf4\x2e\x47\x65\x0a"
"\x67\x88\x39\x3a\xdb\xb2\xdb\x7b\xb5\xf6\x17\xa8\xd9\xc6\x5e\x28"
"\x13\x82\x8a\x99\xdb\x60\x08\xa5\x23\x37\xfa\x88\x90\x31\xc8\x9d"
"\x8f\xec\xfb\x85\x9f\xb1\xce\xa6\x24\x50\x46\x44\x47\xcb\x65\xd1"
"\xdf\xc0\xb1\x6c\x90\x1f\x99\x8e\x4d\xd5\x9e\x31\x07\x66\x87\xdf"
"\x01\xaa\x56\x3c\x71\xe0\x2b\x6f\x67\x3b\x23\xed\xc2\xbd\x03\x30"
"\x79\x76\x02\x10\x10\x98\x85\x8a\xff\xfd\x0b\xda\xa5\xd9\x32\x48"
"\x02\xa0\x0b\xb9\x2a\x8a\x18\xca\xc6\x8f\x3f\xbb\x16\xb2\xaa\x98"
"\x27\xe3\x60\x43\xed\x15\x70\xd4\x57\x15\xfe\x19\xd4\x9b\x13\x78"
"\x8a\xf7\x21\xf1\xa2\xa2\x2d\xb3\x09\xcf\x44\x91\x6e\x08\x3a\x30"
"\x81\x3e\x90\x93\x8a\x67\x33\x00\x59\x54\x9a\x25\xd3\x49\x8e\x9f"
"\xc1\x4b\xe5\x86\xf3\x50\x4c\xbc\xc5\xd3\xf5\x3a\x54\xe1\x36\x3f"
"\xe2\x5a\xb4\x37\xc0\xeb\x70\x35\xec\xf6\xb7\xe8\x44\x3b\x7b\xf3"
"\xf1\xf2\x1e\xdb\x60\x7d\xd5\xbe\xf0\x71\x34\x90\x4c\xcb\xd4\x35"
"\x51\xc7\xdd\xd8\xc9\x81\xf5\x5d\x57\x46\x2c\xb1\x7b\x9b\xaa\xcb"
"\xd1\x22\x25\x49\x44\xa3\xd4\x6b\x29\x7b\xd8\xb2\x07\x93\xbf\x3d"
"\x52\x49\x84\x79\xef\xb8\xe5\xc4\xad\xca\xa8\xc6\xf6\xa6\x76\x70"
"\x5b\x0b\xe5\x83\xc6\x0e\xef\x55\xf2\xe7\xff\x04\xea\xe6\x13\xbe"
"\x40\xe1\x40\x45\x48\x66\x75\x31\xae\x35\x64\x91\x11\x6f\xda\xee"
"\x26\x86\x45\x6f\x0b\xd5\x9f\x03\xb1\x65\x5b\xdb\xa4\xe4\xf9\x45",
.key_len = 2349,
.m_size = 8,
.c_size = 512,
#endif
}
};
/*
* PKCS#1 RSA test vectors. Obtained from CAVS testing.
*/
static const struct akcipher_testvec pkcs1pad_rsa_tv_template[] = {
{
.key =
"\x30\x82\x03\x1f\x02\x01\x00\x02\x82\x01\x01\x00\xd7\x1e\x77\x82"
"\x8c\x92\x31\xe7\x69\x02\xa2\xd5\x5c\x78\xde\xa2\x0c\x8f\xfe\x28"
"\x59\x31\xdf\x40\x9c\x60\x61\x06\xb9\x2f\x62\x40\x80\x76\xcb\x67"
"\x4a\xb5\x59\x56\x69\x17\x07\xfa\xf9\x4c\xbd\x6c\x37\x7a\x46\x7d"
"\x70\xa7\x67\x22\xb3\x4d\x7a\x94\xc3\xba\x4b\x7c\x4b\xa9\x32\x7c"
"\xb7\x38\x95\x45\x64\xa4\x05\xa8\x9f\x12\x7c\x4e\xc6\xc8\x2d\x40"
"\x06\x30\xf4\x60\xa6\x91\xbb\x9b\xca\x04\x79\x11\x13\x75\xf0\xae"
"\xd3\x51\x89\xc5\x74\xb9\xaa\x3f\xb6\x83\xe4\x78\x6b\xcd\xf9\x5c"
"\x4c\x85\xea\x52\x3b\x51\x93\xfc\x14\x6b\x33\x5d\x30\x70\xfa\x50"
"\x1b\x1b\x38\x81\x13\x8d\xf7\xa5\x0c\xc0\x8e\xf9\x63\x52\x18\x4e"
"\xa9\xf9\xf8\x5c\x5d\xcd\x7a\x0d\xd4\x8e\x7b\xee\x91\x7b\xad\x7d"
"\xb4\x92\xd5\xab\x16\x3b\x0a\x8a\xce\x8e\xde\x47\x1a\x17\x01\x86"
"\x7b\xab\x99\xf1\x4b\x0c\x3a\x0d\x82\x47\xc1\x91\x8c\xbb\x2e\x22"
"\x9e\x49\x63\x6e\x02\xc1\xc9\x3a\x9b\xa5\x22\x1b\x07\x95\xd6\x10"
"\x02\x50\xfd\xfd\xd1\x9b\xbe\xab\xc2\xc0\x74\xd7\xec\x00\xfb\x11"
"\x71\xcb\x7a\xdc\x81\x79\x9f\x86\x68\x46\x63\x82\x4d\xb7\xf1\xe6"
"\x16\x6f\x42\x63\xf4\x94\xa0\xca\x33\xcc\x75\x13\x02\x82\x01\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x01\x00\x01"
"\x02\x82\x01\x00\x62\xb5\x60\x31\x4f\x3f\x66\x16\xc1\x60\xac\x47"
"\x2a\xff\x6b\x69\x00\x4a\xb2\x5c\xe1\x50\xb9\x18\x74\xa8\xe4\xdc"
"\xa8\xec\xcd\x30\xbb\xc1\xc6\xe3\xc6\xac\x20\x2a\x3e\x5e\x8b\x12"
"\xe6\x82\x08\x09\x38\x0b\xab\x7c\xb3\xcc\x9c\xce\x97\x67\xdd\xef"
"\x95\x40\x4e\x92\xe2\x44\xe9\x1d\xc1\x14\xfd\xa9\xb1\xdc\x71\x9c"
"\x46\x21\xbd\x58\x88\x6e\x22\x15\x56\xc1\xef\xe0\xc9\x8d\xe5\x80"
"\x3e\xda\x7e\x93\x0f\x52\xf6\xf5\xc1\x91\x90\x9e\x42\x49\x4f\x8d"
"\x9c\xba\x38\x83\xe9\x33\xc2\x50\x4f\xec\xc2\xf0\xa8\xb7\x6e\x28"
"\x25\x56\x6b\x62\x67\xfe\x08\xf1\x56\xe5\x6f\x0e\x99\xf1\xe5\x95"
"\x7b\xef\xeb\x0a\x2c\x92\x97\x57\x23\x33\x36\x07\xdd\xfb\xae\xf1"
"\xb1\xd8\x33\xb7\x96\x71\x42\x36\xc5\xa4\xa9\x19\x4b\x1b\x52\x4c"
"\x50\x69\x91\xf0\x0e\xfa\x80\x37\x4b\xb5\xd0\x2f\xb7\x44\x0d\xd4"
"\xf8\x39\x8d\xab\x71\x67\x59\x05\x88\x3d\xeb\x48\x48\x33\x88\x4e"
"\xfe\xf8\x27\x1b\xd6\x55\x60\x5e\x48\xb7\x6d\x9a\xa8\x37\xf9\x7a"
"\xde\x1b\xcd\x5d\x1a\x30\xd4\xe9\x9e\x5b\x3c\x15\xf8\x9c\x1f\xda"
"\xd1\x86\x48\x55\xce\x83\xee\x8e\x51\xc7\xde\x32\x12\x47\x7d\x46"
"\xb8\x35\xdf\x41\x02\x01\x00\x02\x01\x00\x02\x01\x00\x02\x01\x00"
"\x02\x01\x00",
.key_len = 804,
/*
* m is SHA256 hash of following message:
* "\x49\x41\xbe\x0a\x0c\xc9\xf6\x35\x51\xe4\x27\x56\x13\x71\x4b\xd0"
* "\x36\x92\x84\x89\x1b\xf8\x56\x4a\x72\x61\x14\x69\x4f\x5e\x98\xa5"
* "\x80\x5a\x37\x51\x1f\xd8\xf5\xb5\x63\xfc\xf4\xb1\xbb\x4d\x33\xa3"
* "\x1e\xb9\x75\x8b\x9c\xda\x7e\x6d\x3a\x77\x85\xf7\xfc\x4e\xe7\x64"
* "\x43\x10\x19\xa0\x59\xae\xe0\xad\x4b\xd3\xc4\x45\xf7\xb1\xc2\xc1"
* "\x65\x01\x41\x39\x5b\x45\x47\xed\x2b\x51\xed\xe3\xd0\x09\x10\xd2"
* "\x39\x6c\x4a\x3f\xe5\xd2\x20\xe6\xb0\x71\x7d\x5b\xed\x26\x60\xf1"
* "\xb4\x73\xd1\xdb\x7d\xc4\x19\x91\xee\xf6\x32\x76\xf2\x19\x7d\xb7"
*/
.m =
"\x3e\xc8\xa1\x26\x20\x54\x44\x52\x48\x0d\xe5\x66\xf3\xb3\xf5\x04"
"\xbe\x10\xa8\x48\x94\x22\x2d\xdd\xba\x7a\xb4\x76\x8d\x79\x98\x89",
.m_size = 32,
.c =
"\xc7\xa3\x98\xeb\x43\xd1\x08\xc2\x3d\x78\x45\x04\x70\xc9\x01\xee"
"\xf8\x85\x37\x7c\x0b\xf9\x19\x70\x5c\x45\x7b\x2f\x3a\x0b\xb7\x8b"
"\xc4\x0d\x7b\x3a\x64\x0b\x0f\xdb\x78\xa9\x0b\xfd\x8d\x82\xa4\x86"
"\x39\xbf\x21\xb8\x84\xc4\xce\x9f\xc2\xe8\xb6\x61\x46\x17\xb9\x4e"
"\x0b\x57\x05\xb4\x4f\xf9\x9c\x93\x2d\x9b\xd5\x48\x1d\x80\x12\xef"
"\x3a\x77\x7f\xbc\xb5\x8e\x2b\x6b\x7c\xfc\x9f\x8c\x9d\xa2\xc4\x85"
"\xb0\x87\xe9\x17\x9b\xb6\x23\x62\xd2\xa9\x9f\x57\xe8\xf7\x04\x45"
"\x24\x3a\x45\xeb\xeb\x6a\x08\x8e\xaf\xc8\xa0\x84\xbc\x5d\x13\x38"
"\xf5\x17\x8c\xa3\x96\x9b\xa9\x38\x8d\xf0\x35\xad\x32\x8a\x72\x5b"
"\xdf\x21\xab\x4b\x0e\xa8\x29\xbb\x61\x54\xbf\x05\xdb\x84\x84\xde"
"\xdd\x16\x36\x31\xda\xf3\x42\x6d\x7a\x90\x22\x9b\x11\x29\xa6\xf8"
"\x30\x61\xda\xd3\x8b\x54\x1e\x42\xd1\x47\x1d\x6f\xd1\xcd\x42\x0b"
"\xd1\xe4\x15\x85\x7e\x08\xd6\x59\x64\x4c\x01\x34\x91\x92\x26\xe8"
"\xb0\x25\x8c\xf8\xf4\xfa\x8b\xc9\x31\x33\x76\x72\xfb\x64\x92\x9f"
"\xda\x62\x8d\xe1\x2a\x71\x91\x43\x40\x61\x3c\x5a\xbe\x86\xfc\x5b"
"\xe6\xf9\xa9\x16\x31\x1f\xaf\x25\x6d\xc2\x4a\x23\x6e\x63\x02\xa2",
.c_size = 256,
.siggen_sigver_test = true,
}
};
static const struct kpp_testvec dh_tv_template[] = {
{
.secret =
#ifdef __LITTLE_ENDIAN
"\x01\x00" /* type */
"\x15\x02" /* len */
"\x00\x01\x00\x00" /* key_size */
"\x00\x01\x00\x00" /* p_size */
"\x00\x00\x00\x00" /* q_size */
"\x01\x00\x00\x00" /* g_size */
#else
"\x00\x01" /* type */
"\x02\x15" /* len */
"\x00\x00\x01\x00" /* key_size */
"\x00\x00\x01\x00" /* p_size */
"\x00\x00\x00\x00" /* q_size */
"\x00\x00\x00\x01" /* g_size */
#endif
/* xa */
"\x44\xc1\x48\x36\xa7\x2b\x6f\x4e\x43\x03\x68\xad\x31\x00\xda\xf3"
"\x2a\x01\xa8\x32\x63\x5f\x89\x32\x1f\xdf\x4c\xa1\x6a\xbc\x10\x15"
"\x90\x35\xc9\x26\x41\xdf\x7b\xaa\x56\x56\x3d\x85\x44\xb5\xc0\x8e"
"\x37\x83\x06\x50\xb3\x5f\x0e\x28\x2c\xd5\x46\x15\xe3\xda\x7d\x74"
"\x87\x13\x91\x4f\xd4\x2d\xf6\xc7\x5e\x14\x2c\x11\xc2\x26\xb4\x3a"
"\xe3\xb2\x36\x20\x11\x3b\x22\xf2\x06\x65\x66\xe2\x57\x58\xf8\x22"
"\x1a\x94\xbd\x2b\x0e\x8c\x55\xad\x61\x23\x45\x2b\x19\x1e\x63\x3a"
"\x13\x61\xe3\xa0\x79\x70\x3e\x6d\x98\x32\xbc\x7f\x82\xc3\x11\xd8"
"\xeb\x53\xb5\xfc\xb5\xd5\x3c\x4a\xea\x92\x3e\x01\xce\x15\x65\xd4"
"\xaa\x85\xc1\x11\x90\x83\x31\x6e\xfe\xe7\x7f\x7d\xed\xab\xf9\x29"
"\xf8\xc7\xf1\x68\xc6\xb7\xe4\x1f\x2f\x28\xa0\xc9\x1a\x50\x64\x29"
"\x4b\x01\x6d\x1a\xda\x46\x63\x21\x07\x40\x8c\x8e\x4c\x6f\xb5\xe5"
"\x12\xf3\xc2\x1b\x48\x27\x5e\x27\x01\xb1\xaa\xed\x68\x9b\x83\x18"
"\x8f\xb1\xeb\x1f\x04\xd1\x3c\x79\xed\x4b\xf7\x0a\x33\xdc\xe0\xc6"
"\xd8\x02\x51\x59\x00\x74\x30\x07\x4c\x2d\xac\xe4\x13\xf1\x80\xf0"
"\xce\xfa\xff\xa9\xce\x29\x46\xdd\x9d\xad\xd1\xc3\xc6\x58\x1a\x63"
/* p */
"\xb9\x36\x3a\xf1\x82\x1f\x60\xd3\x22\x47\xb8\xbc\x2d\x22\x6b\x81"
"\x7f\xe8\x20\x06\x09\x23\x73\x49\x9a\x59\x8b\x35\x25\xf8\x31\xbc"
"\x7d\xa8\x1c\x9d\x56\x0d\x1a\xf7\x4b\x4f\x96\xa4\x35\x77\x6a\x89"
"\xab\x42\x00\x49\x21\x71\xed\x28\x16\x1d\x87\x5a\x10\xa7\x9c\x64"
"\x94\xd4\x87\x3d\x28\xef\x44\xfe\x4b\xe2\xb4\x15\x8c\x82\xa6\xf3"
"\x50\x5f\xa8\xe8\xa2\x60\xe7\x00\x86\x78\x05\xd4\x78\x19\xa1\x98"
"\x62\x4e\x4a\x00\x78\x56\x96\xe6\xcf\xd7\x10\x1b\x74\x5d\xd0\x26"
"\x61\xdb\x6b\x32\x09\x51\xd8\xa5\xfd\x54\x16\x71\x01\xb3\x39\xe6"
"\x4e\x69\xb1\xd7\x06\x8f\xd6\x1e\xdc\x72\x25\x26\x74\xc8\x41\x06"
"\x5c\xd1\x26\x5c\xb0\x2f\xf9\x59\x13\xc1\x2a\x0f\x78\xea\x7b\xf7"
"\xbd\x59\xa0\x90\x1d\xfc\x33\x5b\x4c\xbf\x05\x9c\x3a\x3f\x69\xa2"
"\x45\x61\x4e\x10\x6a\xb3\x17\xc5\x68\x30\xfb\x07\x5f\x34\xc6\xfb"
"\x73\x07\x3c\x70\xf6\xae\xe7\x72\x84\xc3\x18\x81\x8f\xe8\x11\x1f"
"\x3d\x83\x83\x01\x2a\x14\x73\xbf\x32\x32\x2e\xc9\x4d\xdb\x2a\xca"
"\xee\x71\xf9\xda\xad\xe8\x82\x0b\x4d\x0c\x1f\xb6\x1d\xef\x00\x67"
"\x74\x3d\x95\xe0\xb7\xc4\x30\x8a\x24\x87\x12\x47\x27\x70\x0d\x73"
/* g */
"\x02",
.b_public =
"\x2a\x67\x5c\xfd\x63\x5d\xc0\x97\x0a\x8b\xa2\x1f\xf8\x8a\xcb\x54"
"\xca\x2f\xd3\x49\x3f\x01\x8e\x87\xfe\xcc\x94\xa0\x3e\xd4\x26\x79"
"\x9a\x94\x3c\x11\x81\x58\x5c\x60\x3d\xf5\x98\x90\x89\x64\x62\x1f"
"\xbd\x05\x6d\x2b\xcd\x84\x40\x9b\x4a\x1f\xe0\x19\xf1\xca\x20\xb3"
"\x4e\xa0\x4f\x15\xcc\xa5\xfe\xa5\xb4\xf5\x0b\x18\x7a\x5a\x37\xaa"
"\x58\x00\x19\x7f\xe2\xa3\xd9\x1c\x44\x57\xcc\xde\x2e\xc1\x38\xea"
"\xeb\xe3\x90\x40\xc4\x6c\xf7\xcd\xe9\x22\x50\x71\xf5\x7c\xdb\x37"
"\x0e\x80\xc3\xed\x7e\xb1\x2b\x2f\xbe\x71\xa6\x11\xa5\x9d\xf5\x39"
"\xf1\xa2\xe5\x85\xbc\x25\x91\x4e\x84\x8d\x26\x9f\x4f\xe6\x0f\xa6"
"\x2b\x6b\xf9\x0d\xaf\x6f\xbb\xfa\x2d\x79\x15\x31\x57\xae\x19\x60"
"\x22\x0a\xf5\xfd\x98\x0e\xbf\x5d\x49\x75\x58\x37\xbc\x7f\xf5\x21"
"\x56\x1e\xd5\xb3\x50\x0b\xca\x96\xf3\xd1\x3f\xb3\x70\xa8\x6d\x63"
"\x48\xfb\x3d\xd7\x29\x91\x45\xb5\x48\xcd\xb6\x78\x30\xf2\x3f\x1e"
"\xd6\x22\xd6\x35\x9b\xf9\x1f\x85\xae\xab\x4b\xd7\xe0\xc7\x86\x67"
"\x3f\x05\x7f\xa6\x0d\x2f\x0d\xbf\x53\x5f\x4d\x2c\x6d\x5e\x57\x40"
"\x30\x3a\x23\x98\xf9\xb4\x32\xf5\x32\x83\xdd\x0b\xae\x33\x97\x2f",
.expected_a_public =
"\x5c\x24\xdf\xeb\x5b\x4b\xf8\xc5\xef\x39\x48\x82\xe0\x1e\x62\xee"
"\x8a\xae\xdf\x93\x6c\x2b\x16\x95\x92\x16\x3f\x16\x7b\x75\x03\x85"
"\xd9\xf1\x69\xc2\x14\x87\x45\xfc\xa4\x19\xf6\xf0\xa4\xf3\xec\xd4"
"\x6c\x5c\x03\x3b\x94\xc2\x2f\x92\xe4\xce\xb3\xe4\x72\xe8\x17\xe6"
"\x23\x7e\x00\x01\x09\x59\x13\xbf\xc1\x2f\x99\xa9\x07\xaa\x02\x23"
"\x4a\xca\x39\x4f\xbc\xec\x0f\x27\x4f\x19\x93\x6c\xb9\x30\x52\xfd"
"\x2b\x9d\x86\xf1\x06\x1e\xb6\x56\x27\x4a\xc9\x8a\xa7\x8a\x48\x5e"
"\xb5\x60\xcb\xdf\xff\x03\x26\x10\xbf\x90\x8f\x46\x60\xeb\x9b\x9a"
"\xd6\x6f\x44\x91\x03\x92\x18\x2c\x96\x5e\x40\x19\xfb\xf4\x4f\x3a"
"\x02\x7b\xaf\xcc\x22\x20\x79\xb9\xf8\x9f\x8f\x85\x6b\xec\x44\xbb"
"\xe6\xa8\x8e\xb1\xe8\x2c\xee\x64\xee\xf8\xbd\x00\xf3\xe2\x2b\x93"
"\xcd\xe7\xc4\xdf\xc9\x19\x46\xfe\xb6\x07\x73\xc1\x8a\x64\x79\x26"
"\xe7\x30\xad\x2a\xdf\xe6\x8f\x59\xf5\x81\xbf\x4a\x29\x91\xe7\xb7"
"\xcf\x48\x13\x27\x75\x79\x40\xd9\xd6\x32\x52\x4e\x6a\x86\xae\x6f"
"\xc2\xbf\xec\x1f\xc2\x69\xb2\xb6\x59\xe5\xa5\x17\xa4\x77\xb7\x62"
"\x46\xde\xe8\xd2\x89\x78\x9a\xef\xa3\xb5\x8f\x26\xec\x80\xda\x39",
.expected_ss =
"\x8f\xf3\xac\xa2\xea\x22\x11\x5c\x45\x65\x1a\x77\x75\x2e\xcf\x46"
"\x23\x14\x1e\x67\x53\x4d\x35\xb0\x38\x1d\x4e\xb9\x41\x9a\x21\x24"
"\x6e\x9f\x40\xfe\x90\x51\xb1\x06\xa4\x7b\x87\x17\x2f\xe7\x5e\x22"
"\xf0\x7b\x54\x84\x0a\xac\x0a\x90\xd2\xd7\xe8\x7f\xe7\xe3\x30\x75"
"\x01\x1f\x24\x75\x56\xbe\xcc\x8d\x1e\x68\x0c\x41\x72\xd3\xfa\xbb"
"\xe5\x9c\x60\xc7\x28\x77\x0c\xbe\x89\xab\x08\xd6\x21\xe7\x2e\x1a"
"\x58\x7a\xca\x4f\x22\xf3\x2b\x30\xfd\xf4\x98\xc1\xa3\xf8\xf6\xcc"
"\xa9\xe4\xdb\x5b\xee\xd5\x5c\x6f\x62\x4c\xd1\x1a\x02\x2a\x23\xe4"
"\xb5\x57\xf3\xf9\xec\x04\x83\x54\xfe\x08\x5e\x35\xac\xfb\xa8\x09"
"\x82\x32\x60\x11\xb2\x16\x62\x6b\xdf\xda\xde\x9c\xcb\x63\x44\x6c"
"\x59\x26\x6a\x8f\xb0\x24\xcb\xa6\x72\x48\x1e\xeb\xe0\xe1\x09\x44"
"\xdd\xee\x66\x6d\x84\xcf\xa5\xc1\xb8\x36\x74\xd3\x15\x96\xc3\xe4"
"\xc6\x5a\x4d\x23\x97\x0c\x5c\xcb\xa9\xf5\x29\xc2\x0e\xff\x93\x82"
"\xd3\x34\x49\xad\x64\xa6\xb1\xc0\x59\x28\x75\x60\xa7\x8a\xb0\x11"
"\x56\x89\x42\x74\x11\xf5\xf6\x5e\x6f\x16\x54\x6a\xb1\x76\x4d\x50"
"\x8a\x68\xc1\x5b\x82\xb9\x0d\x00\x32\x50\xed\x88\x87\x48\x92\x17",
.secret_size = 533,
.b_public_size = 256,
.expected_a_public_size = 256,
.expected_ss_size = 256,
},
{
.secret =
#ifdef __LITTLE_ENDIAN
"\x01\x00" /* type */
"\x15\x02" /* len */
"\x00\x01\x00\x00" /* key_size */
"\x00\x01\x00\x00" /* p_size */
"\x00\x00\x00\x00" /* q_size */
"\x01\x00\x00\x00" /* g_size */
#else
"\x00\x01" /* type */
"\x02\x15" /* len */
"\x00\x00\x01\x00" /* key_size */
"\x00\x00\x01\x00" /* p_size */
"\x00\x00\x00\x00" /* q_size */
"\x00\x00\x00\x01" /* g_size */
#endif
/* xa */
"\x4d\x75\xa8\x6e\xba\x23\x3a\x0c\x63\x56\xc8\xc9\x5a\xa7\xd6\x0e"
"\xed\xae\x40\x78\x87\x47\x5f\xe0\xa7\x7b\xba\x84\x88\x67\x4e\xe5"
"\x3c\xcc\x5c\x6a\xe7\x4a\x20\xec\xbe\xcb\xf5\x52\x62\x9f\x37\x80"
"\x0c\x72\x7b\x83\x66\xa4\xf6\x7f\x95\x97\x1c\x6a\x5c\x7e\xf1\x67"
"\x37\xb3\x93\x39\x3d\x0b\x55\x35\xd9\xe5\x22\x04\x9f\xf8\xc1\x04"
"\xce\x13\xa5\xac\xe1\x75\x05\xd1\x2b\x53\xa2\x84\xef\xb1\x18\xf4"
"\x66\xdd\xea\xe6\x24\x69\x5a\x49\xe0\x7a\xd8\xdf\x1b\xb7\xf1\x6d"
"\x9b\x50\x2c\xc8\x1c\x1c\xa3\xb4\x37\xfb\x66\x3f\x67\x71\x73\xa9"
"\xff\x5f\xd9\xa2\x25\x6e\x25\x1b\x26\x54\xbf\x0c\xc6\xdb\xea\x0a"
"\x52\x6c\x16\x7c\x27\x68\x15\x71\x58\x73\x9d\xe6\xc2\x80\xaa\x97"
"\x31\x66\xfb\xa6\xfb\xfd\xd0\x9c\x1d\xbe\x81\x48\xf5\x9a\x32\xf1"
"\x69\x62\x18\x78\xae\x72\x36\xe6\x94\x27\xd1\xff\x18\x4f\x28\x6a"
"\x16\xbd\x6a\x60\xee\xe5\xf9\x6d\x16\xe4\xb8\xa6\x41\x9b\x23\x7e"
"\xf7\x9d\xd1\x1d\x03\x15\x66\x3a\xcf\xb6\x2c\x13\x96\x2c\x52\x21"
"\xe4\x2d\x48\x7a\x8a\x5d\xb2\x88\xed\x98\x61\x79\x8b\x6a\x1e\x5f"
"\xd0\x8a\x2d\x99\x5a\x2b\x0f\xbc\xef\x53\x8f\x32\xc1\xa2\x99\x26"
/* p */
"\xb9\x36\x3a\xf1\x82\x1f\x60\xd3\x22\x47\xb8\xbc\x2d\x22\x6b\x81"
"\x7f\xe8\x20\x06\x09\x23\x73\x49\x9a\x59\x8b\x35\x25\xf8\x31\xbc"
"\x7d\xa8\x1c\x9d\x56\x0d\x1a\xf7\x4b\x4f\x96\xa4\x35\x77\x6a\x89"
"\xab\x42\x00\x49\x21\x71\xed\x28\x16\x1d\x87\x5a\x10\xa7\x9c\x64"
"\x94\xd4\x87\x3d\x28\xef\x44\xfe\x4b\xe2\xb4\x15\x8c\x82\xa6\xf3"
"\x50\x5f\xa8\xe8\xa2\x60\xe7\x00\x86\x78\x05\xd4\x78\x19\xa1\x98"
"\x62\x4e\x4a\x00\x78\x56\x96\xe6\xcf\xd7\x10\x1b\x74\x5d\xd0\x26"
"\x61\xdb\x6b\x32\x09\x51\xd8\xa5\xfd\x54\x16\x71\x01\xb3\x39\xe6"
"\x4e\x69\xb1\xd7\x06\x8f\xd6\x1e\xdc\x72\x25\x26\x74\xc8\x41\x06"
"\x5c\xd1\x26\x5c\xb0\x2f\xf9\x59\x13\xc1\x2a\x0f\x78\xea\x7b\xf7"
"\xbd\x59\xa0\x90\x1d\xfc\x33\x5b\x4c\xbf\x05\x9c\x3a\x3f\x69\xa2"
"\x45\x61\x4e\x10\x6a\xb3\x17\xc5\x68\x30\xfb\x07\x5f\x34\xc6\xfb"
"\x73\x07\x3c\x70\xf6\xae\xe7\x72\x84\xc3\x18\x81\x8f\xe8\x11\x1f"
"\x3d\x83\x83\x01\x2a\x14\x73\xbf\x32\x32\x2e\xc9\x4d\xdb\x2a\xca"
"\xee\x71\xf9\xda\xad\xe8\x82\x0b\x4d\x0c\x1f\xb6\x1d\xef\x00\x67"
"\x74\x3d\x95\xe0\xb7\xc4\x30\x8a\x24\x87\x12\x47\x27\x70\x0d\x73"
/* g */
"\x02",
.b_public =
"\x99\x4d\xd9\x01\x84\x8e\x4a\x5b\xb8\xa5\x64\x8c\x6c\x00\x5c\x0e"
"\x1e\x1b\xee\x5d\x9f\x53\xe3\x16\x70\x01\xed\xbf\x4f\x14\x36\x6e"
"\xe4\x43\x45\x43\x49\xcc\xb1\xb0\x2a\xc0\x6f\x22\x55\x42\x17\x94"
"\x18\x83\xd7\x2a\x5c\x51\x54\xf8\x4e\x7c\x10\xda\x76\x68\x57\x77"
"\x1e\x62\x03\x30\x04\x7b\x4c\x39\x9c\x54\x01\x54\xec\xef\xb3\x55"
"\xa4\xc0\x24\x6d\x3d\xbd\xcc\x46\x5b\x00\x96\xc7\xea\x93\xd1\x3f"
"\xf2\x6a\x72\xe3\xf2\xc1\x92\x24\x5b\xda\x48\x70\x2c\xa9\x59\x97"
"\x19\xb1\xd6\x54\xb3\x9c\x2e\xb0\x63\x07\x9b\x5e\xac\xb5\xf2\xb1"
"\x5b\xf8\xf3\xd7\x2d\x37\x9b\x68\x6c\xf8\x90\x07\xbc\x37\x9a\xa5"
"\xe2\x91\x12\x25\x47\x77\xe3\x3d\xb2\x95\x69\x44\x0b\x91\x1e\xaf"
"\x7c\x8c\x7c\x34\x41\x6a\xab\x60\x6e\xc6\x52\xec\x7e\x94\x0a\x37"
"\xec\x98\x90\xdf\x3f\x02\xbd\x23\x52\xdd\xd9\xe5\x31\x80\x74\x25"
"\xb6\xd2\xd3\xcc\xd5\xcc\x6d\xf9\x7e\x4d\x78\xab\x77\x51\xfa\x77"
"\x19\x94\x49\x8c\x05\xd4\x75\xed\xd2\xb3\x64\x57\xe0\x52\x99\xc0"
"\x83\xe3\xbb\x5e\x2b\xf1\xd2\xc0\xb1\x37\x36\x0b\x7c\xb5\x63\x96"
"\x8e\xde\x04\x23\x11\x95\x62\x11\x9a\xce\x6f\x63\xc8\xd5\xd1\x8f",
.expected_a_public =
"\x90\x89\xe4\x82\xd6\x0a\xcf\x1a\xae\xce\x1b\x66\xa7\x19\x71\x18"
"\x8f\x95\x4b\x5b\x80\x45\x4a\x5a\x43\x99\x4d\x37\xcf\xa3\xa7\x28"
"\x9c\xc7\x73\xf1\xb2\x17\xf6\x99\xe3\x6b\x56\xcb\x3e\x35\x60\x7d"
"\x65\xc7\x84\x6b\x3e\x60\xee\xcd\xd2\x70\xe7\xc9\x32\x1c\xf0\xb4"
"\xf9\x52\xd9\x88\x75\xfd\x40\x2c\xa7\xbe\x19\x1c\x0a\xae\x93\xe1"
"\x71\xc7\xcd\x4f\x33\x5c\x10\x7d\x39\x56\xfc\x73\x84\xb2\x67\xc3"
"\x77\x26\x20\x97\x2b\xf8\x13\x43\x93\x9c\x9a\xa4\x08\xc7\x34\x83"
"\xe6\x98\x61\xe7\x16\x30\x2c\xb1\xdb\x2a\xb2\xcc\xc3\x02\xa5\x3c"
"\x71\x50\x14\x83\xc7\xbb\xa4\xbe\x98\x1b\xfe\xcb\x43\xe9\x97\x62"
"\xd6\xf0\x8c\xcb\x1c\xba\x1e\xa8\xa6\xa6\x50\xfc\x85\x7d\x47\xbf"
"\xf4\x3e\x23\xd3\x5f\xb2\x71\x3e\x40\x94\xaa\x87\x83\x2c\x6c\x8e"
"\x60\xfd\xdd\xf7\xf4\x76\x03\xd3\x1d\xec\x18\x51\xa3\xf2\x44\x1a"
"\x3f\xb4\x7c\x18\x0d\x68\x65\x92\x54\x0d\x2d\x81\x16\xf1\x84\x66"
"\x89\x92\xd0\x1a\x5e\x1f\x42\x46\x5b\xe5\x83\x86\x80\xd9\xcd\x3a"
"\x5a\x2f\xb9\x59\x9b\xe4\x43\x84\x64\xf3\x09\x1a\x0a\xa2\x64\x0f"
"\x77\x4e\x8d\x8b\xe6\x88\xd1\xfc\xaf\x8f\xdf\x1d\xbc\x31\xb3\xbd",
.expected_ss =
"\x34\xc3\x35\x14\x88\x46\x26\x23\x97\xbb\xdd\x28\x5c\x94\xf6\x47"
"\xca\xb3\x19\xaf\xca\x44\x9b\xc2\x7d\x89\xfd\x96\x14\xfd\x6d\x58"
"\xd8\xc4\x6b\x61\x2a\x0d\xf2\x36\x45\xc8\xe4\xa4\xed\x81\x53\x81"
"\x66\x1e\xe0\x5a\xb1\x78\x2d\x0b\x5c\xb4\xd1\xfc\x90\xc6\x9c\xdb"
"\x5a\x30\x0b\x14\x7d\xbe\xb3\x7d\xb1\xb2\x76\x3c\x6c\xef\x74\x6b"
"\xe7\x1f\x64\x0c\xab\x65\xe1\x76\x5c\x3d\x83\xb5\x8a\xfb\xaf\x0f"
"\xf2\x06\x14\x8f\xa0\xf6\xc1\x89\x78\xf2\xba\x72\x73\x3c\xf7\x76"
"\x21\x67\xbc\x24\x31\xb8\x09\x65\x0f\x0c\x02\x32\x4a\x98\x14\xfc"
"\x72\x2c\x25\x60\x68\x5f\x2f\x30\x1e\x5b\xf0\x3b\xd1\xa2\x87\xa0"
"\x54\xdf\xdb\xc0\xee\x0a\x0f\x47\xc9\x90\x20\x2c\xf9\xe3\x52\xad"
"\x27\x65\x8d\x54\x8d\xa8\xa1\xf3\xed\x15\xd4\x94\x28\x90\x31\x93"
"\x1b\xc0\x51\xbb\x43\x5d\x76\x3b\x1d\x2a\x71\x50\xea\x5d\x48\x94"
"\x7f\x6f\xf1\x48\xdb\x30\xe5\xae\x64\x79\xd9\x7a\xdb\xc6\xff\xd8"
"\x5e\x5a\x64\xbd\xf6\x85\x04\xe8\x28\x6a\xac\xef\xce\x19\x8e\x9a"
"\xfe\x75\xc0\x27\x69\xe3\xb3\x7b\x21\xa7\xb1\x16\xa4\x85\x23\xee"
"\xb0\x1b\x04\x6e\xbd\xab\x16\xde\xfd\x86\x6b\xa9\x95\xd7\x0b\xfd",
.secret_size = 533,
.b_public_size = 256,
.expected_a_public_size = 256,
.expected_ss_size = 256,
}
};
static const struct kpp_testvec curve25519_tv_template[] = {
{
.secret = (u8[32]){ 0x77, 0x07, 0x6d, 0x0a, 0x73, 0x18, 0xa5, 0x7d,
0x3c, 0x16, 0xc1, 0x72, 0x51, 0xb2, 0x66, 0x45,
0xdf, 0x4c, 0x2f, 0x87, 0xeb, 0xc0, 0x99, 0x2a,
0xb1, 0x77, 0xfb, 0xa5, 0x1d, 0xb9, 0x2c, 0x2a },
.b_public = (u8[32]){ 0xde, 0x9e, 0xdb, 0x7d, 0x7b, 0x7d, 0xc1, 0xb4,
0xd3, 0x5b, 0x61, 0xc2, 0xec, 0xe4, 0x35, 0x37,
0x3f, 0x83, 0x43, 0xc8, 0x5b, 0x78, 0x67, 0x4d,
0xad, 0xfc, 0x7e, 0x14, 0x6f, 0x88, 0x2b, 0x4f },
.expected_ss = (u8[32]){ 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
{
.secret = (u8[32]){ 0x5d, 0xab, 0x08, 0x7e, 0x62, 0x4a, 0x8a, 0x4b,
0x79, 0xe1, 0x7f, 0x8b, 0x83, 0x80, 0x0e, 0xe6,
0x6f, 0x3b, 0xb1, 0x29, 0x26, 0x18, 0xb6, 0xfd,
0x1c, 0x2f, 0x8b, 0x27, 0xff, 0x88, 0xe0, 0xeb },
.b_public = (u8[32]){ 0x85, 0x20, 0xf0, 0x09, 0x89, 0x30, 0xa7, 0x54,
0x74, 0x8b, 0x7d, 0xdc, 0xb4, 0x3e, 0xf7, 0x5a,
0x0d, 0xbf, 0x3a, 0x0d, 0x26, 0x38, 0x1a, 0xf4,
0xeb, 0xa4, 0xa9, 0x8e, 0xaa, 0x9b, 0x4e, 0x6a },
.expected_ss = (u8[32]){ 0x4a, 0x5d, 0x9d, 0x5b, 0xa4, 0xce, 0x2d, 0xe1,
0x72, 0x8e, 0x3b, 0xf4, 0x80, 0x35, 0x0f, 0x25,
0xe0, 0x7e, 0x21, 0xc9, 0x47, 0xd1, 0x9e, 0x33,
0x76, 0xf0, 0x9b, 0x3c, 0x1e, 0x16, 0x17, 0x42 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
{
.secret = (u8[32]){ 1 },
.b_public = (u8[32]){ 0x25, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.expected_ss = (u8[32]){ 0x3c, 0x77, 0x77, 0xca, 0xf9, 0x97, 0xb2, 0x64,
0x41, 0x60, 0x77, 0x66, 0x5b, 0x4e, 0x22, 0x9d,
0x0b, 0x95, 0x48, 0xdc, 0x0c, 0xd8, 0x19, 0x98,
0xdd, 0xcd, 0xc5, 0xc8, 0x53, 0x3c, 0x79, 0x7f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
{
.secret = (u8[32]){ 1 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0xb3, 0x2d, 0x13, 0x62, 0xc2, 0x48, 0xd6, 0x2f,
0xe6, 0x26, 0x19, 0xcf, 0xf0, 0x4d, 0xd4, 0x3d,
0xb7, 0x3f, 0xfc, 0x1b, 0x63, 0x08, 0xed, 0xe3,
0x0b, 0x78, 0xd8, 0x73, 0x80, 0xf1, 0xe8, 0x34 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
{
.secret = (u8[32]){ 0xa5, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd,
0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0xc4 },
.b_public = (u8[32]){ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb,
0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c,
0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b,
0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c },
.expected_ss = (u8[32]){ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90,
0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f,
0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7,
0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
{
.secret = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0x0a, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0x0a, 0x00, 0xfb, 0x9f },
.expected_ss = (u8[32]){ 0x77, 0x52, 0xb6, 0x18, 0xc1, 0x2d, 0x48, 0xd2,
0xc6, 0x93, 0x46, 0x83, 0x81, 0x7c, 0xc6, 0x57,
0xf3, 0x31, 0x03, 0x19, 0x49, 0x48, 0x20, 0x05,
0x42, 0x2b, 0x4e, 0xae, 0x8d, 0x1d, 0x43, 0x23 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
{
.secret = (u8[32]){ 0x8e, 0x0a, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.b_public = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x8e, 0x06 },
.expected_ss = (u8[32]){ 0x5a, 0xdf, 0xaa, 0x25, 0x86, 0x8e, 0x32, 0x3d,
0xae, 0x49, 0x62, 0xc1, 0x01, 0x5c, 0xb3, 0x12,
0xe1, 0xc5, 0xc7, 0x9e, 0x95, 0x3f, 0x03, 0x99,
0xb0, 0xba, 0x16, 0x22, 0xf3, 0xb6, 0xf7, 0x0c },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - normal case */
{
.secret = (u8[32]){ 0x48, 0x52, 0x83, 0x4d, 0x9d, 0x6b, 0x77, 0xda,
0xde, 0xab, 0xaa, 0xf2, 0xe1, 0x1d, 0xca, 0x66,
0xd1, 0x9f, 0xe7, 0x49, 0x93, 0xa7, 0xbe, 0xc3,
0x6c, 0x6e, 0x16, 0xa0, 0x98, 0x3f, 0xea, 0xba },
.b_public = (u8[32]){ 0x9c, 0x64, 0x7d, 0x9a, 0xe5, 0x89, 0xb9, 0xf5,
0x8f, 0xdc, 0x3c, 0xa4, 0x94, 0x7e, 0xfb, 0xc9,
0x15, 0xc4, 0xb2, 0xe0, 0x8e, 0x74, 0x4a, 0x0e,
0xdf, 0x46, 0x9d, 0xac, 0x59, 0xc8, 0xf8, 0x5a },
.expected_ss = (u8[32]){ 0x87, 0xb7, 0xf2, 0x12, 0xb6, 0x27, 0xf7, 0xa5,
0x4c, 0xa5, 0xe0, 0xbc, 0xda, 0xdd, 0xd5, 0x38,
0x9d, 0x9d, 0xe6, 0x15, 0x6c, 0xdb, 0xcf, 0x8e,
0xbe, 0x14, 0xff, 0xbc, 0xfb, 0x43, 0x65, 0x51 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key on twist */
{
.secret = (u8[32]){ 0x58, 0x8c, 0x06, 0x1a, 0x50, 0x80, 0x4a, 0xc4,
0x88, 0xad, 0x77, 0x4a, 0xc7, 0x16, 0xc3, 0xf5,
0xba, 0x71, 0x4b, 0x27, 0x12, 0xe0, 0x48, 0x49,
0x13, 0x79, 0xa5, 0x00, 0x21, 0x19, 0x98, 0xa8 },
.b_public = (u8[32]){ 0x63, 0xaa, 0x40, 0xc6, 0xe3, 0x83, 0x46, 0xc5,
0xca, 0xf2, 0x3a, 0x6d, 0xf0, 0xa5, 0xe6, 0xc8,
0x08, 0x89, 0xa0, 0x86, 0x47, 0xe5, 0x51, 0xb3,
0x56, 0x34, 0x49, 0xbe, 0xfc, 0xfc, 0x97, 0x33 },
.expected_ss = (u8[32]){ 0xb1, 0xa7, 0x07, 0x51, 0x94, 0x95, 0xff, 0xff,
0xb2, 0x98, 0xff, 0x94, 0x17, 0x16, 0xb0, 0x6d,
0xfa, 0xb8, 0x7c, 0xf8, 0xd9, 0x11, 0x23, 0xfe,
0x2b, 0xe9, 0xa2, 0x33, 0xdd, 0xa2, 0x22, 0x12 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key on twist */
{
.secret = (u8[32]){ 0xb0, 0x5b, 0xfd, 0x32, 0xe5, 0x53, 0x25, 0xd9,
0xfd, 0x64, 0x8c, 0xb3, 0x02, 0x84, 0x80, 0x39,
0x00, 0x0b, 0x39, 0x0e, 0x44, 0xd5, 0x21, 0xe5,
0x8a, 0xab, 0x3b, 0x29, 0xa6, 0x96, 0x0b, 0xa8 },
.b_public = (u8[32]){ 0x0f, 0x83, 0xc3, 0x6f, 0xde, 0xd9, 0xd3, 0x2f,
0xad, 0xf4, 0xef, 0xa3, 0xae, 0x93, 0xa9, 0x0b,
0xb5, 0xcf, 0xa6, 0x68, 0x93, 0xbc, 0x41, 0x2c,
0x43, 0xfa, 0x72, 0x87, 0xdb, 0xb9, 0x97, 0x79 },
.expected_ss = (u8[32]){ 0x67, 0xdd, 0x4a, 0x6e, 0x16, 0x55, 0x33, 0x53,
0x4c, 0x0e, 0x3f, 0x17, 0x2e, 0x4a, 0xb8, 0x57,
0x6b, 0xca, 0x92, 0x3a, 0x5f, 0x07, 0xb2, 0xc0,
0x69, 0xb4, 0xc3, 0x10, 0xff, 0x2e, 0x93, 0x5b },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key on twist */
{
.secret = (u8[32]){ 0x70, 0xe3, 0x4b, 0xcb, 0xe1, 0xf4, 0x7f, 0xbc,
0x0f, 0xdd, 0xfd, 0x7c, 0x1e, 0x1a, 0xa5, 0x3d,
0x57, 0xbf, 0xe0, 0xf6, 0x6d, 0x24, 0x30, 0x67,
0xb4, 0x24, 0xbb, 0x62, 0x10, 0xbe, 0xd1, 0x9c },
.b_public = (u8[32]){ 0x0b, 0x82, 0x11, 0xa2, 0xb6, 0x04, 0x90, 0x97,
0xf6, 0x87, 0x1c, 0x6c, 0x05, 0x2d, 0x3c, 0x5f,
0xc1, 0xba, 0x17, 0xda, 0x9e, 0x32, 0xae, 0x45,
0x84, 0x03, 0xb0, 0x5b, 0xb2, 0x83, 0x09, 0x2a },
.expected_ss = (u8[32]){ 0x4a, 0x06, 0x38, 0xcf, 0xaa, 0x9e, 0xf1, 0x93,
0x3b, 0x47, 0xf8, 0x93, 0x92, 0x96, 0xa6, 0xb2,
0x5b, 0xe5, 0x41, 0xef, 0x7f, 0x70, 0xe8, 0x44,
0xc0, 0xbc, 0xc0, 0x0b, 0x13, 0x4d, 0xe6, 0x4a },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key on twist */
{
.secret = (u8[32]){ 0x68, 0xc1, 0xf3, 0xa6, 0x53, 0xa4, 0xcd, 0xb1,
0xd3, 0x7b, 0xba, 0x94, 0x73, 0x8f, 0x8b, 0x95,
0x7a, 0x57, 0xbe, 0xb2, 0x4d, 0x64, 0x6e, 0x99,
0x4d, 0xc2, 0x9a, 0x27, 0x6a, 0xad, 0x45, 0x8d },
.b_public = (u8[32]){ 0x34, 0x3a, 0xc2, 0x0a, 0x3b, 0x9c, 0x6a, 0x27,
0xb1, 0x00, 0x81, 0x76, 0x50, 0x9a, 0xd3, 0x07,
0x35, 0x85, 0x6e, 0xc1, 0xc8, 0xd8, 0xfc, 0xae,
0x13, 0x91, 0x2d, 0x08, 0xd1, 0x52, 0xf4, 0x6c },
.expected_ss = (u8[32]){ 0x39, 0x94, 0x91, 0xfc, 0xe8, 0xdf, 0xab, 0x73,
0xb4, 0xf9, 0xf6, 0x11, 0xde, 0x8e, 0xa0, 0xb2,
0x7b, 0x28, 0xf8, 0x59, 0x94, 0x25, 0x0b, 0x0f,
0x47, 0x5d, 0x58, 0x5d, 0x04, 0x2a, 0xc2, 0x07 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key on twist */
{
.secret = (u8[32]){ 0xd8, 0x77, 0xb2, 0x6d, 0x06, 0xdf, 0xf9, 0xd9,
0xf7, 0xfd, 0x4c, 0x5b, 0x37, 0x69, 0xf8, 0xcd,
0xd5, 0xb3, 0x05, 0x16, 0xa5, 0xab, 0x80, 0x6b,
0xe3, 0x24, 0xff, 0x3e, 0xb6, 0x9e, 0xa0, 0xb2 },
.b_public = (u8[32]){ 0xfa, 0x69, 0x5f, 0xc7, 0xbe, 0x8d, 0x1b, 0xe5,
0xbf, 0x70, 0x48, 0x98, 0xf3, 0x88, 0xc4, 0x52,
0xba, 0xfd, 0xd3, 0xb8, 0xea, 0xe8, 0x05, 0xf8,
0x68, 0x1a, 0x8d, 0x15, 0xc2, 0xd4, 0xe1, 0x42 },
.expected_ss = (u8[32]){ 0x2c, 0x4f, 0xe1, 0x1d, 0x49, 0x0a, 0x53, 0x86,
0x17, 0x76, 0xb1, 0x3b, 0x43, 0x54, 0xab, 0xd4,
0xcf, 0x5a, 0x97, 0x69, 0x9d, 0xb6, 0xe6, 0xc6,
0x8c, 0x16, 0x26, 0xd0, 0x76, 0x62, 0xf7, 0x58 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case on twist */
{
.secret = (u8[32]){ 0x38, 0xdd, 0xe9, 0xf3, 0xe7, 0xb7, 0x99, 0x04,
0x5f, 0x9a, 0xc3, 0x79, 0x3d, 0x4a, 0x92, 0x77,
0xda, 0xde, 0xad, 0xc4, 0x1b, 0xec, 0x02, 0x90,
0xf8, 0x1f, 0x74, 0x4f, 0x73, 0x77, 0x5f, 0x84 },
.b_public = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.expected_ss = (u8[32]){ 0x9a, 0x2c, 0xfe, 0x84, 0xff, 0x9c, 0x4a, 0x97,
0x39, 0x62, 0x5c, 0xae, 0x4a, 0x3b, 0x82, 0xa9,
0x06, 0x87, 0x7a, 0x44, 0x19, 0x46, 0xf8, 0xd7,
0xb3, 0xd7, 0x95, 0xfe, 0x8f, 0x5d, 0x16, 0x39 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case on twist */
{
.secret = (u8[32]){ 0x98, 0x57, 0xa9, 0x14, 0xe3, 0xc2, 0x90, 0x36,
0xfd, 0x9a, 0x44, 0x2b, 0xa5, 0x26, 0xb5, 0xcd,
0xcd, 0xf2, 0x82, 0x16, 0x15, 0x3e, 0x63, 0x6c,
0x10, 0x67, 0x7a, 0xca, 0xb6, 0xbd, 0x6a, 0xa5 },
.b_public = (u8[32]){ 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.expected_ss = (u8[32]){ 0x4d, 0xa4, 0xe0, 0xaa, 0x07, 0x2c, 0x23, 0x2e,
0xe2, 0xf0, 0xfa, 0x4e, 0x51, 0x9a, 0xe5, 0x0b,
0x52, 0xc1, 0xed, 0xd0, 0x8a, 0x53, 0x4d, 0x4e,
0xf3, 0x46, 0xc2, 0xe1, 0x06, 0xd2, 0x1d, 0x60 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case on twist */
{
.secret = (u8[32]){ 0x48, 0xe2, 0x13, 0x0d, 0x72, 0x33, 0x05, 0xed,
0x05, 0xe6, 0xe5, 0x89, 0x4d, 0x39, 0x8a, 0x5e,
0x33, 0x36, 0x7a, 0x8c, 0x6a, 0xac, 0x8f, 0xcd,
0xf0, 0xa8, 0x8e, 0x4b, 0x42, 0x82, 0x0d, 0xb7 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0x03, 0x00, 0x00, 0xf8, 0xff,
0xff, 0x1f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0xfe, 0xff, 0xff, 0x07, 0x00,
0x00, 0xf0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00 },
.expected_ss = (u8[32]){ 0x9e, 0xd1, 0x0c, 0x53, 0x74, 0x7f, 0x64, 0x7f,
0x82, 0xf4, 0x51, 0x25, 0xd3, 0xde, 0x15, 0xa1,
0xe6, 0xb8, 0x24, 0x49, 0x6a, 0xb4, 0x04, 0x10,
0xff, 0xcc, 0x3c, 0xfe, 0x95, 0x76, 0x0f, 0x3b },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case on twist */
{
.secret = (u8[32]){ 0x28, 0xf4, 0x10, 0x11, 0x69, 0x18, 0x51, 0xb3,
0xa6, 0x2b, 0x64, 0x15, 0x53, 0xb3, 0x0d, 0x0d,
0xfd, 0xdc, 0xb8, 0xff, 0xfc, 0xf5, 0x37, 0x00,
0xa7, 0xbe, 0x2f, 0x6a, 0x87, 0x2e, 0x9f, 0xb0 },
.b_public = (u8[32]){ 0x00, 0x00, 0x00, 0xfc, 0xff, 0xff, 0x07, 0x00,
0x00, 0xe0, 0xff, 0xff, 0x3f, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0x01, 0x00, 0x00, 0xf8, 0xff,
0xff, 0x0f, 0x00, 0x00, 0xc0, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0xcf, 0x72, 0xb4, 0xaa, 0x6a, 0xa1, 0xc9, 0xf8,
0x94, 0xf4, 0x16, 0x5b, 0x86, 0x10, 0x9a, 0xa4,
0x68, 0x51, 0x76, 0x48, 0xe1, 0xf0, 0xcc, 0x70,
0xe1, 0xab, 0x08, 0x46, 0x01, 0x76, 0x50, 0x6b },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case on twist */
{
.secret = (u8[32]){ 0x18, 0xa9, 0x3b, 0x64, 0x99, 0xb9, 0xf6, 0xb3,
0x22, 0x5c, 0xa0, 0x2f, 0xef, 0x41, 0x0e, 0x0a,
0xde, 0xc2, 0x35, 0x32, 0x32, 0x1d, 0x2d, 0x8e,
0xf1, 0xa6, 0xd6, 0x02, 0xa8, 0xc6, 0x5b, 0x83 },
.b_public = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0xff,
0x00, 0x00, 0x00, 0x00, 0xff, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0x5d, 0x50, 0xb6, 0x28, 0x36, 0xbb, 0x69, 0x57,
0x94, 0x10, 0x38, 0x6c, 0xf7, 0xbb, 0x81, 0x1c,
0x14, 0xbf, 0x85, 0xb1, 0xc7, 0xb1, 0x7e, 0x59,
0x24, 0xc7, 0xff, 0xea, 0x91, 0xef, 0x9e, 0x12 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case on twist */
{
.secret = (u8[32]){ 0xc0, 0x1d, 0x13, 0x05, 0xa1, 0x33, 0x8a, 0x1f,
0xca, 0xc2, 0xba, 0x7e, 0x2e, 0x03, 0x2b, 0x42,
0x7e, 0x0b, 0x04, 0x90, 0x31, 0x65, 0xac, 0xa9,
0x57, 0xd8, 0xd0, 0x55, 0x3d, 0x87, 0x17, 0xb0 },
.b_public = (u8[32]){ 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0x19, 0x23, 0x0e, 0xb1, 0x48, 0xd5, 0xd6, 0x7c,
0x3c, 0x22, 0xab, 0x1d, 0xae, 0xff, 0x80, 0xa5,
0x7e, 0xae, 0x42, 0x65, 0xce, 0x28, 0x72, 0x65,
0x7b, 0x2c, 0x80, 0x99, 0xfc, 0x69, 0x8e, 0x50 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for public key */
{
.secret = (u8[32]){ 0x38, 0x6f, 0x7f, 0x16, 0xc5, 0x07, 0x31, 0xd6,
0x4f, 0x82, 0xe6, 0xa1, 0x70, 0xb1, 0x42, 0xa4,
0xe3, 0x4f, 0x31, 0xfd, 0x77, 0x68, 0xfc, 0xb8,
0x90, 0x29, 0x25, 0xe7, 0xd1, 0xe2, 0x1a, 0xbe },
.b_public = (u8[32]){ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.expected_ss = (u8[32]){ 0x0f, 0xca, 0xb5, 0xd8, 0x42, 0xa0, 0x78, 0xd7,
0xa7, 0x1f, 0xc5, 0x9b, 0x57, 0xbf, 0xb4, 0xca,
0x0b, 0xe6, 0x87, 0x3b, 0x49, 0xdc, 0xdb, 0x9f,
0x44, 0xe1, 0x4a, 0xe8, 0xfb, 0xdf, 0xa5, 0x42 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for public key */
{
.secret = (u8[32]){ 0xe0, 0x23, 0xa2, 0x89, 0xbd, 0x5e, 0x90, 0xfa,
0x28, 0x04, 0xdd, 0xc0, 0x19, 0xa0, 0x5e, 0xf3,
0xe7, 0x9d, 0x43, 0x4b, 0xb6, 0xea, 0x2f, 0x52,
0x2e, 0xcb, 0x64, 0x3a, 0x75, 0x29, 0x6e, 0x95 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00,
0xff, 0xff, 0xff, 0xff, 0x00, 0x00, 0x00, 0x00 },
.expected_ss = (u8[32]){ 0x54, 0xce, 0x8f, 0x22, 0x75, 0xc0, 0x77, 0xe3,
0xb1, 0x30, 0x6a, 0x39, 0x39, 0xc5, 0xe0, 0x3e,
0xef, 0x6b, 0xbb, 0x88, 0x06, 0x05, 0x44, 0x75,
0x8d, 0x9f, 0xef, 0x59, 0xb0, 0xbc, 0x3e, 0x4f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for public key */
{
.secret = (u8[32]){ 0x68, 0xf0, 0x10, 0xd6, 0x2e, 0xe8, 0xd9, 0x26,
0x05, 0x3a, 0x36, 0x1c, 0x3a, 0x75, 0xc6, 0xea,
0x4e, 0xbd, 0xc8, 0x60, 0x6a, 0xb2, 0x85, 0x00,
0x3a, 0x6f, 0x8f, 0x40, 0x76, 0xb0, 0x1e, 0x83 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03 },
.expected_ss = (u8[32]){ 0xf1, 0x36, 0x77, 0x5c, 0x5b, 0xeb, 0x0a, 0xf8,
0x11, 0x0a, 0xf1, 0x0b, 0x20, 0x37, 0x23, 0x32,
0x04, 0x3c, 0xab, 0x75, 0x24, 0x19, 0x67, 0x87,
0x75, 0xa2, 0x23, 0xdf, 0x57, 0xc9, 0xd3, 0x0d },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for public key */
{
.secret = (u8[32]){ 0x58, 0xeb, 0xcb, 0x35, 0xb0, 0xf8, 0x84, 0x5c,
0xaf, 0x1e, 0xc6, 0x30, 0xf9, 0x65, 0x76, 0xb6,
0x2c, 0x4b, 0x7b, 0x6c, 0x36, 0xb2, 0x9d, 0xeb,
0x2c, 0xb0, 0x08, 0x46, 0x51, 0x75, 0x5c, 0x96 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xfb, 0xff, 0xff, 0xfb, 0xff,
0xff, 0xdf, 0xff, 0xff, 0xdf, 0xff, 0xff, 0xff,
0xfe, 0xff, 0xff, 0xfe, 0xff, 0xff, 0xf7, 0xff,
0xff, 0xf7, 0xff, 0xff, 0xbf, 0xff, 0xff, 0x3f },
.expected_ss = (u8[32]){ 0xbf, 0x9a, 0xff, 0xd0, 0x6b, 0x84, 0x40, 0x85,
0x58, 0x64, 0x60, 0x96, 0x2e, 0xf2, 0x14, 0x6f,
0xf3, 0xd4, 0x53, 0x3d, 0x94, 0x44, 0xaa, 0xb0,
0x06, 0xeb, 0x88, 0xcc, 0x30, 0x54, 0x40, 0x7d },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for public key */
{
.secret = (u8[32]){ 0x18, 0x8c, 0x4b, 0xc5, 0xb9, 0xc4, 0x4b, 0x38,
0xbb, 0x65, 0x8b, 0x9b, 0x2a, 0xe8, 0x2d, 0x5b,
0x01, 0x01, 0x5e, 0x09, 0x31, 0x84, 0xb1, 0x7c,
0xb7, 0x86, 0x35, 0x03, 0xa7, 0x83, 0xe1, 0xbb },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
.expected_ss = (u8[32]){ 0xd4, 0x80, 0xde, 0x04, 0xf6, 0x99, 0xcb, 0x3b,
0xe0, 0x68, 0x4a, 0x9c, 0xc2, 0xe3, 0x12, 0x81,
0xea, 0x0b, 0xc5, 0xa9, 0xdc, 0xc1, 0x57, 0xd3,
0xd2, 0x01, 0x58, 0xd4, 0x6c, 0xa5, 0x24, 0x6d },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for public key */
{
.secret = (u8[32]){ 0xe0, 0x6c, 0x11, 0xbb, 0x2e, 0x13, 0xce, 0x3d,
0xc7, 0x67, 0x3f, 0x67, 0xf5, 0x48, 0x22, 0x42,
0x90, 0x94, 0x23, 0xa9, 0xae, 0x95, 0xee, 0x98,
0x6a, 0x98, 0x8d, 0x98, 0xfa, 0xee, 0x23, 0xa2 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f,
0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f,
0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f,
0xff, 0xff, 0xff, 0xff, 0xfe, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0x4c, 0x44, 0x01, 0xcc, 0xe6, 0xb5, 0x1e, 0x4c,
0xb1, 0x8f, 0x27, 0x90, 0x24, 0x6c, 0x9b, 0xf9,
0x14, 0xdb, 0x66, 0x77, 0x50, 0xa1, 0xcb, 0x89,
0x06, 0x90, 0x92, 0xaf, 0x07, 0x29, 0x22, 0x76 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for public key */
{
.secret = (u8[32]){ 0xc0, 0x65, 0x8c, 0x46, 0xdd, 0xe1, 0x81, 0x29,
0x29, 0x38, 0x77, 0x53, 0x5b, 0x11, 0x62, 0xb6,
0xf9, 0xf5, 0x41, 0x4a, 0x23, 0xcf, 0x4d, 0x2c,
0xbc, 0x14, 0x0a, 0x4d, 0x99, 0xda, 0x2b, 0x8f },
.b_public = (u8[32]){ 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0x57, 0x8b, 0xa8, 0xcc, 0x2d, 0xbd, 0xc5, 0x75,
0xaf, 0xcf, 0x9d, 0xf2, 0xb3, 0xee, 0x61, 0x89,
0xf5, 0x33, 0x7d, 0x68, 0x54, 0xc7, 0x9b, 0x4c,
0xe1, 0x65, 0xea, 0x12, 0x29, 0x3b, 0x3a, 0x0f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0xf0, 0x1e, 0x48, 0xda, 0xfa, 0xc9, 0xd7, 0xbc,
0xf5, 0x89, 0xcb, 0xc3, 0x82, 0xc8, 0x78, 0xd1,
0x8b, 0xda, 0x35, 0x50, 0x58, 0x9f, 0xfb, 0x5d,
0x50, 0xb5, 0x23, 0xbe, 0xbe, 0x32, 0x9d, 0xae },
.b_public = (u8[32]){ 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0xbd, 0x36, 0xa0, 0x79, 0x0e, 0xb8, 0x83, 0x09,
0x8c, 0x98, 0x8b, 0x21, 0x78, 0x67, 0x73, 0xde,
0x0b, 0x3a, 0x4d, 0xf1, 0x62, 0x28, 0x2c, 0xf1,
0x10, 0xde, 0x18, 0xdd, 0x48, 0x4c, 0xe7, 0x4b },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x28, 0x87, 0x96, 0xbc, 0x5a, 0xff, 0x4b, 0x81,
0xa3, 0x75, 0x01, 0x75, 0x7b, 0xc0, 0x75, 0x3a,
0x3c, 0x21, 0x96, 0x47, 0x90, 0xd3, 0x86, 0x99,
0x30, 0x8d, 0xeb, 0xc1, 0x7a, 0x6e, 0xaf, 0x8d },
.b_public = (u8[32]){ 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0xb4, 0xe0, 0xdd, 0x76, 0xda, 0x7b, 0x07, 0x17,
0x28, 0xb6, 0x1f, 0x85, 0x67, 0x71, 0xaa, 0x35,
0x6e, 0x57, 0xed, 0xa7, 0x8a, 0x5b, 0x16, 0x55,
0xcc, 0x38, 0x20, 0xfb, 0x5f, 0x85, 0x4c, 0x5c },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x98, 0xdf, 0x84, 0x5f, 0x66, 0x51, 0xbf, 0x11,
0x38, 0x22, 0x1f, 0x11, 0x90, 0x41, 0xf7, 0x2b,
0x6d, 0xbc, 0x3c, 0x4a, 0xce, 0x71, 0x43, 0xd9,
0x9f, 0xd5, 0x5a, 0xd8, 0x67, 0x48, 0x0d, 0xa8 },
.b_public = (u8[32]){ 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0x6f, 0xdf, 0x6c, 0x37, 0x61, 0x1d, 0xbd, 0x53,
0x04, 0xdc, 0x0f, 0x2e, 0xb7, 0xc9, 0x51, 0x7e,
0xb3, 0xc5, 0x0e, 0x12, 0xfd, 0x05, 0x0a, 0xc6,
0xde, 0xc2, 0x70, 0x71, 0xd4, 0xbf, 0xc0, 0x34 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0xf0, 0x94, 0x98, 0xe4, 0x6f, 0x02, 0xf8, 0x78,
0x82, 0x9e, 0x78, 0xb8, 0x03, 0xd3, 0x16, 0xa2,
0xed, 0x69, 0x5d, 0x04, 0x98, 0xa0, 0x8a, 0xbd,
0xf8, 0x27, 0x69, 0x30, 0xe2, 0x4e, 0xdc, 0xb0 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.expected_ss = (u8[32]){ 0x4c, 0x8f, 0xc4, 0xb1, 0xc6, 0xab, 0x88, 0xfb,
0x21, 0xf1, 0x8f, 0x6d, 0x4c, 0x81, 0x02, 0x40,
0xd4, 0xe9, 0x46, 0x51, 0xba, 0x44, 0xf7, 0xa2,
0xc8, 0x63, 0xce, 0xc7, 0xdc, 0x56, 0x60, 0x2d },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x18, 0x13, 0xc1, 0x0a, 0x5c, 0x7f, 0x21, 0xf9,
0x6e, 0x17, 0xf2, 0x88, 0xc0, 0xcc, 0x37, 0x60,
0x7c, 0x04, 0xc5, 0xf5, 0xae, 0xa2, 0xdb, 0x13,
0x4f, 0x9e, 0x2f, 0xfc, 0x66, 0xbd, 0x9d, 0xb8 },
.b_public = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 },
.expected_ss = (u8[32]){ 0x1c, 0xd0, 0xb2, 0x82, 0x67, 0xdc, 0x54, 0x1c,
0x64, 0x2d, 0x6d, 0x7d, 0xca, 0x44, 0xa8, 0xb3,
0x8a, 0x63, 0x73, 0x6e, 0xef, 0x5c, 0x4e, 0x65,
0x01, 0xff, 0xbb, 0xb1, 0x78, 0x0c, 0x03, 0x3c },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x78, 0x57, 0xfb, 0x80, 0x86, 0x53, 0x64, 0x5a,
0x0b, 0xeb, 0x13, 0x8a, 0x64, 0xf5, 0xf4, 0xd7,
0x33, 0xa4, 0x5e, 0xa8, 0x4c, 0x3c, 0xda, 0x11,
0xa9, 0xc0, 0x6f, 0x7e, 0x71, 0x39, 0x14, 0x9e },
.b_public = (u8[32]){ 0x03, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 },
.expected_ss = (u8[32]){ 0x87, 0x55, 0xbe, 0x01, 0xc6, 0x0a, 0x7e, 0x82,
0x5c, 0xff, 0x3e, 0x0e, 0x78, 0xcb, 0x3a, 0xa4,
0x33, 0x38, 0x61, 0x51, 0x6a, 0xa5, 0x9b, 0x1c,
0x51, 0xa8, 0xb2, 0xa5, 0x43, 0xdf, 0xa8, 0x22 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0xe0, 0x3a, 0xa8, 0x42, 0xe2, 0xab, 0xc5, 0x6e,
0x81, 0xe8, 0x7b, 0x8b, 0x9f, 0x41, 0x7b, 0x2a,
0x1e, 0x59, 0x13, 0xc7, 0x23, 0xee, 0xd2, 0x8d,
0x75, 0x2f, 0x8d, 0x47, 0xa5, 0x9f, 0x49, 0x8f },
.b_public = (u8[32]){ 0x04, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80 },
.expected_ss = (u8[32]){ 0x54, 0xc9, 0xa1, 0xed, 0x95, 0xe5, 0x46, 0xd2,
0x78, 0x22, 0xa3, 0x60, 0x93, 0x1d, 0xda, 0x60,
0xa1, 0xdf, 0x04, 0x9d, 0xa6, 0xf9, 0x04, 0x25,
0x3c, 0x06, 0x12, 0xbb, 0xdc, 0x08, 0x74, 0x76 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0xf8, 0xf7, 0x07, 0xb7, 0x99, 0x9b, 0x18, 0xcb,
0x0d, 0x6b, 0x96, 0x12, 0x4f, 0x20, 0x45, 0x97,
0x2c, 0xa2, 0x74, 0xbf, 0xc1, 0x54, 0xad, 0x0c,
0x87, 0x03, 0x8c, 0x24, 0xc6, 0xd0, 0xd4, 0xb2 },
.b_public = (u8[32]){ 0xda, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0xcc, 0x1f, 0x40, 0xd7, 0x43, 0xcd, 0xc2, 0x23,
0x0e, 0x10, 0x43, 0xda, 0xba, 0x8b, 0x75, 0xe8,
0x10, 0xf1, 0xfb, 0xab, 0x7f, 0x25, 0x52, 0x69,
0xbd, 0x9e, 0xbb, 0x29, 0xe6, 0xbf, 0x49, 0x4f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0xa0, 0x34, 0xf6, 0x84, 0xfa, 0x63, 0x1e, 0x1a,
0x34, 0x81, 0x18, 0xc1, 0xce, 0x4c, 0x98, 0x23,
0x1f, 0x2d, 0x9e, 0xec, 0x9b, 0xa5, 0x36, 0x5b,
0x4a, 0x05, 0xd6, 0x9a, 0x78, 0x5b, 0x07, 0x96 },
.b_public = (u8[32]){ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0x54, 0x99, 0x8e, 0xe4, 0x3a, 0x5b, 0x00, 0x7b,
0xf4, 0x99, 0xf0, 0x78, 0xe7, 0x36, 0x52, 0x44,
0x00, 0xa8, 0xb5, 0xc7, 0xe9, 0xb9, 0xb4, 0x37,
0x71, 0x74, 0x8c, 0x7c, 0xdf, 0x88, 0x04, 0x12 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x30, 0xb6, 0xc6, 0xa0, 0xf2, 0xff, 0xa6, 0x80,
0x76, 0x8f, 0x99, 0x2b, 0xa8, 0x9e, 0x15, 0x2d,
0x5b, 0xc9, 0x89, 0x3d, 0x38, 0xc9, 0x11, 0x9b,
0xe4, 0xf7, 0x67, 0xbf, 0xab, 0x6e, 0x0c, 0xa5 },
.b_public = (u8[32]){ 0xdc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0xea, 0xd9, 0xb3, 0x8e, 0xfd, 0xd7, 0x23, 0x63,
0x79, 0x34, 0xe5, 0x5a, 0xb7, 0x17, 0xa7, 0xae,
0x09, 0xeb, 0x86, 0xa2, 0x1d, 0xc3, 0x6a, 0x3f,
0xee, 0xb8, 0x8b, 0x75, 0x9e, 0x39, 0x1e, 0x09 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x90, 0x1b, 0x9d, 0xcf, 0x88, 0x1e, 0x01, 0xe0,
0x27, 0x57, 0x50, 0x35, 0xd4, 0x0b, 0x43, 0xbd,
0xc1, 0xc5, 0x24, 0x2e, 0x03, 0x08, 0x47, 0x49,
0x5b, 0x0c, 0x72, 0x86, 0x46, 0x9b, 0x65, 0x91 },
.b_public = (u8[32]){ 0xea, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0x60, 0x2f, 0xf4, 0x07, 0x89, 0xb5, 0x4b, 0x41,
0x80, 0x59, 0x15, 0xfe, 0x2a, 0x62, 0x21, 0xf0,
0x7a, 0x50, 0xff, 0xc2, 0xc3, 0xfc, 0x94, 0xcf,
0x61, 0xf1, 0x3d, 0x79, 0x04, 0xe8, 0x8e, 0x0e },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x80, 0x46, 0x67, 0x7c, 0x28, 0xfd, 0x82, 0xc9,
0xa1, 0xbd, 0xb7, 0x1a, 0x1a, 0x1a, 0x34, 0xfa,
0xba, 0x12, 0x25, 0xe2, 0x50, 0x7f, 0xe3, 0xf5,
0x4d, 0x10, 0xbd, 0x5b, 0x0d, 0x86, 0x5f, 0x8e },
.b_public = (u8[32]){ 0xeb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0xe0, 0x0a, 0xe8, 0xb1, 0x43, 0x47, 0x12, 0x47,
0xba, 0x24, 0xf1, 0x2c, 0x88, 0x55, 0x36, 0xc3,
0xcb, 0x98, 0x1b, 0x58, 0xe1, 0xe5, 0x6b, 0x2b,
0xaf, 0x35, 0xc1, 0x2a, 0xe1, 0xf7, 0x9c, 0x26 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x60, 0x2f, 0x7e, 0x2f, 0x68, 0xa8, 0x46, 0xb8,
0x2c, 0xc2, 0x69, 0xb1, 0xd4, 0x8e, 0x93, 0x98,
0x86, 0xae, 0x54, 0xfd, 0x63, 0x6c, 0x1f, 0xe0,
0x74, 0xd7, 0x10, 0x12, 0x7d, 0x47, 0x24, 0x91 },
.b_public = (u8[32]){ 0xef, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0x98, 0xcb, 0x9b, 0x50, 0xdd, 0x3f, 0xc2, 0xb0,
0xd4, 0xf2, 0xd2, 0xbf, 0x7c, 0x5c, 0xfd, 0xd1,
0x0c, 0x8f, 0xcd, 0x31, 0xfc, 0x40, 0xaf, 0x1a,
0xd4, 0x4f, 0x47, 0xc1, 0x31, 0x37, 0x63, 0x62 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x60, 0x88, 0x7b, 0x3d, 0xc7, 0x24, 0x43, 0x02,
0x6e, 0xbe, 0xdb, 0xbb, 0xb7, 0x06, 0x65, 0xf4,
0x2b, 0x87, 0xad, 0xd1, 0x44, 0x0e, 0x77, 0x68,
0xfb, 0xd7, 0xe8, 0xe2, 0xce, 0x5f, 0x63, 0x9d },
.b_public = (u8[32]){ 0xf0, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0x38, 0xd6, 0x30, 0x4c, 0x4a, 0x7e, 0x6d, 0x9f,
0x79, 0x59, 0x33, 0x4f, 0xb5, 0x24, 0x5b, 0xd2,
0xc7, 0x54, 0x52, 0x5d, 0x4c, 0x91, 0xdb, 0x95,
0x02, 0x06, 0x92, 0x62, 0x34, 0xc1, 0xf6, 0x33 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0x78, 0xd3, 0x1d, 0xfa, 0x85, 0x44, 0x97, 0xd7,
0x2d, 0x8d, 0xef, 0x8a, 0x1b, 0x7f, 0xb0, 0x06,
0xce, 0xc2, 0xd8, 0xc4, 0x92, 0x46, 0x47, 0xc9,
0x38, 0x14, 0xae, 0x56, 0xfa, 0xed, 0xa4, 0x95 },
.b_public = (u8[32]){ 0xf1, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0x78, 0x6c, 0xd5, 0x49, 0x96, 0xf0, 0x14, 0xa5,
0xa0, 0x31, 0xec, 0x14, 0xdb, 0x81, 0x2e, 0xd0,
0x83, 0x55, 0x06, 0x1f, 0xdb, 0x5d, 0xe6, 0x80,
0xa8, 0x00, 0xac, 0x52, 0x1f, 0x31, 0x8e, 0x23 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - public key >= p */
{
.secret = (u8[32]){ 0xc0, 0x4c, 0x5b, 0xae, 0xfa, 0x83, 0x02, 0xdd,
0xde, 0xd6, 0xa4, 0xbb, 0x95, 0x77, 0x61, 0xb4,
0xeb, 0x97, 0xae, 0xfa, 0x4f, 0xc3, 0xb8, 0x04,
0x30, 0x85, 0xf9, 0x6a, 0x56, 0x59, 0xb3, 0xa5 },
.b_public = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff },
.expected_ss = (u8[32]){ 0x29, 0xae, 0x8b, 0xc7, 0x3e, 0x9b, 0x10, 0xa0,
0x8b, 0x4f, 0x68, 0x1c, 0x43, 0xc3, 0xe0, 0xac,
0x1a, 0x17, 0x1d, 0x31, 0xb3, 0x8f, 0x1a, 0x48,
0xef, 0xba, 0x29, 0xae, 0x63, 0x9e, 0xa1, 0x34 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - RFC 7748 */
{
.secret = (u8[32]){ 0xa0, 0x46, 0xe3, 0x6b, 0xf0, 0x52, 0x7c, 0x9d,
0x3b, 0x16, 0x15, 0x4b, 0x82, 0x46, 0x5e, 0xdd,
0x62, 0x14, 0x4c, 0x0a, 0xc1, 0xfc, 0x5a, 0x18,
0x50, 0x6a, 0x22, 0x44, 0xba, 0x44, 0x9a, 0x44 },
.b_public = (u8[32]){ 0xe6, 0xdb, 0x68, 0x67, 0x58, 0x30, 0x30, 0xdb,
0x35, 0x94, 0xc1, 0xa4, 0x24, 0xb1, 0x5f, 0x7c,
0x72, 0x66, 0x24, 0xec, 0x26, 0xb3, 0x35, 0x3b,
0x10, 0xa9, 0x03, 0xa6, 0xd0, 0xab, 0x1c, 0x4c },
.expected_ss = (u8[32]){ 0xc3, 0xda, 0x55, 0x37, 0x9d, 0xe9, 0xc6, 0x90,
0x8e, 0x94, 0xea, 0x4d, 0xf2, 0x8d, 0x08, 0x4f,
0x32, 0xec, 0xcf, 0x03, 0x49, 0x1c, 0x71, 0xf7,
0x54, 0xb4, 0x07, 0x55, 0x77, 0xa2, 0x85, 0x52 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - RFC 7748 */
{
.secret = (u8[32]){ 0x48, 0x66, 0xe9, 0xd4, 0xd1, 0xb4, 0x67, 0x3c,
0x5a, 0xd2, 0x26, 0x91, 0x95, 0x7d, 0x6a, 0xf5,
0xc1, 0x1b, 0x64, 0x21, 0xe0, 0xea, 0x01, 0xd4,
0x2c, 0xa4, 0x16, 0x9e, 0x79, 0x18, 0xba, 0x4d },
.b_public = (u8[32]){ 0xe5, 0x21, 0x0f, 0x12, 0x78, 0x68, 0x11, 0xd3,
0xf4, 0xb7, 0x95, 0x9d, 0x05, 0x38, 0xae, 0x2c,
0x31, 0xdb, 0xe7, 0x10, 0x6f, 0xc0, 0x3c, 0x3e,
0xfc, 0x4c, 0xd5, 0x49, 0xc7, 0x15, 0xa4, 0x13 },
.expected_ss = (u8[32]){ 0x95, 0xcb, 0xde, 0x94, 0x76, 0xe8, 0x90, 0x7d,
0x7a, 0xad, 0xe4, 0x5c, 0xb4, 0xb8, 0x73, 0xf8,
0x8b, 0x59, 0x5a, 0x68, 0x79, 0x9f, 0xa1, 0x52,
0xe6, 0xf8, 0xf7, 0x64, 0x7a, 0xac, 0x79, 0x57 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x0a, 0xb4, 0xe7, 0x63, 0x80, 0xd8, 0x4d, 0xde,
0x4f, 0x68, 0x33, 0xc5, 0x8f, 0x2a, 0x9f, 0xb8,
0xf8, 0x3b, 0xb0, 0x16, 0x9b, 0x17, 0x2b, 0xe4,
0xb6, 0xe0, 0x59, 0x28, 0x87, 0x74, 0x1a, 0x36 },
.expected_ss = (u8[32]){ 0x02, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x89, 0xe1, 0x0d, 0x57, 0x01, 0xb4, 0x33, 0x7d,
0x2d, 0x03, 0x21, 0x81, 0x53, 0x8b, 0x10, 0x64,
0xbd, 0x40, 0x84, 0x40, 0x1c, 0xec, 0xa1, 0xfd,
0x12, 0x66, 0x3a, 0x19, 0x59, 0x38, 0x80, 0x00 },
.expected_ss = (u8[32]){ 0x09, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x2b, 0x55, 0xd3, 0xaa, 0x4a, 0x8f, 0x80, 0xc8,
0xc0, 0xb2, 0xae, 0x5f, 0x93, 0x3e, 0x85, 0xaf,
0x49, 0xbe, 0xac, 0x36, 0xc2, 0xfa, 0x73, 0x94,
0xba, 0xb7, 0x6c, 0x89, 0x33, 0xf8, 0xf8, 0x1d },
.expected_ss = (u8[32]){ 0x10, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x63, 0xe5, 0xb1, 0xfe, 0x96, 0x01, 0xfe, 0x84,
0x38, 0x5d, 0x88, 0x66, 0xb0, 0x42, 0x12, 0x62,
0xf7, 0x8f, 0xbf, 0xa5, 0xaf, 0xf9, 0x58, 0x5e,
0x62, 0x66, 0x79, 0xb1, 0x85, 0x47, 0xd9, 0x59 },
.expected_ss = (u8[32]){ 0xfe, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0xe4, 0x28, 0xf3, 0xda, 0xc1, 0x78, 0x09, 0xf8,
0x27, 0xa5, 0x22, 0xce, 0x32, 0x35, 0x50, 0x58,
0xd0, 0x73, 0x69, 0x36, 0x4a, 0xa7, 0x89, 0x02,
0xee, 0x10, 0x13, 0x9b, 0x9f, 0x9d, 0xd6, 0x53 },
.expected_ss = (u8[32]){ 0xfc, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0xb3, 0xb5, 0x0e, 0x3e, 0xd3, 0xa4, 0x07, 0xb9,
0x5d, 0xe9, 0x42, 0xef, 0x74, 0x57, 0x5b, 0x5a,
0xb8, 0xa1, 0x0c, 0x09, 0xee, 0x10, 0x35, 0x44,
0xd6, 0x0b, 0xdf, 0xed, 0x81, 0x38, 0xab, 0x2b },
.expected_ss = (u8[32]){ 0xf9, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x21, 0x3f, 0xff, 0xe9, 0x3d, 0x5e, 0xa8, 0xcd,
0x24, 0x2e, 0x46, 0x28, 0x44, 0x02, 0x99, 0x22,
0xc4, 0x3c, 0x77, 0xc9, 0xe3, 0xe4, 0x2f, 0x56,
0x2f, 0x48, 0x5d, 0x24, 0xc5, 0x01, 0xa2, 0x0b },
.expected_ss = (u8[32]){ 0xf3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x3f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x91, 0xb2, 0x32, 0xa1, 0x78, 0xb3, 0xcd, 0x53,
0x09, 0x32, 0x44, 0x1e, 0x61, 0x39, 0x41, 0x8f,
0x72, 0x17, 0x22, 0x92, 0xf1, 0xda, 0x4c, 0x18,
0x34, 0xfc, 0x5e, 0xbf, 0xef, 0xb5, 0x1e, 0x3f },
.expected_ss = (u8[32]){ 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x03 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x04, 0x5c, 0x6e, 0x11, 0xc5, 0xd3, 0x32, 0x55,
0x6c, 0x78, 0x22, 0xfe, 0x94, 0xeb, 0xf8, 0x9b,
0x56, 0xa3, 0x87, 0x8d, 0xc2, 0x7c, 0xa0, 0x79,
0x10, 0x30, 0x58, 0x84, 0x9f, 0xab, 0xcb, 0x4f },
.expected_ss = (u8[32]){ 0xe5, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x1c, 0xa2, 0x19, 0x0b, 0x71, 0x16, 0x35, 0x39,
0x06, 0x3c, 0x35, 0x77, 0x3b, 0xda, 0x0c, 0x9c,
0x92, 0x8e, 0x91, 0x36, 0xf0, 0x62, 0x0a, 0xeb,
0x09, 0x3f, 0x09, 0x91, 0x97, 0xb7, 0xf7, 0x4e },
.expected_ss = (u8[32]){ 0xe3, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0xf7, 0x6e, 0x90, 0x10, 0xac, 0x33, 0xc5, 0x04,
0x3b, 0x2d, 0x3b, 0x76, 0xa8, 0x42, 0x17, 0x10,
0x00, 0xc4, 0x91, 0x62, 0x22, 0xe9, 0xe8, 0x58,
0x97, 0xa0, 0xae, 0xc7, 0xf6, 0x35, 0x0b, 0x3c },
.expected_ss = (u8[32]){ 0xdd, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0xbb, 0x72, 0x68, 0x8d, 0x8f, 0x8a, 0xa7, 0xa3,
0x9c, 0xd6, 0x06, 0x0c, 0xd5, 0xc8, 0x09, 0x3c,
0xde, 0xc6, 0xfe, 0x34, 0x19, 0x37, 0xc3, 0x88,
0x6a, 0x99, 0x34, 0x6c, 0xd0, 0x7f, 0xaa, 0x55 },
.expected_ss = (u8[32]){ 0xdb, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x7f },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x88, 0xfd, 0xde, 0xa1, 0x93, 0x39, 0x1c, 0x6a,
0x59, 0x33, 0xef, 0x9b, 0x71, 0x90, 0x15, 0x49,
0x44, 0x72, 0x05, 0xaa, 0xe9, 0xda, 0x92, 0x8a,
0x6b, 0x91, 0xa3, 0x52, 0xba, 0x10, 0xf4, 0x1f },
.expected_ss = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - edge case for shared secret */
{
.secret = (u8[32]){ 0xa0, 0xa4, 0xf1, 0x30, 0xb9, 0x8a, 0x5b, 0xe4,
0xb1, 0xce, 0xdb, 0x7c, 0xb8, 0x55, 0x84, 0xa3,
0x52, 0x0e, 0x14, 0x2d, 0x47, 0x4d, 0xc9, 0xcc,
0xb9, 0x09, 0xa0, 0x73, 0xa9, 0x76, 0xbf, 0x63 },
.b_public = (u8[32]){ 0x30, 0x3b, 0x39, 0x2f, 0x15, 0x31, 0x16, 0xca,
0xd9, 0xcc, 0x68, 0x2a, 0x00, 0xcc, 0xc4, 0x4c,
0x95, 0xff, 0x0d, 0x3b, 0xbe, 0x56, 0x8b, 0xeb,
0x6c, 0x4e, 0x73, 0x9b, 0xaf, 0xdc, 0x2c, 0x68 },
.expected_ss = (u8[32]){ 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x80, 0x00 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - checking for overflow */
{
.secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
.b_public = (u8[32]){ 0xfd, 0x30, 0x0a, 0xeb, 0x40, 0xe1, 0xfa, 0x58,
0x25, 0x18, 0x41, 0x2b, 0x49, 0xb2, 0x08, 0xa7,
0x84, 0x2b, 0x1e, 0x1f, 0x05, 0x6a, 0x04, 0x01,
0x78, 0xea, 0x41, 0x41, 0x53, 0x4f, 0x65, 0x2d },
.expected_ss = (u8[32]){ 0xb7, 0x34, 0x10, 0x5d, 0xc2, 0x57, 0x58, 0x5d,
0x73, 0xb5, 0x66, 0xcc, 0xb7, 0x6f, 0x06, 0x27,
0x95, 0xcc, 0xbe, 0xc8, 0x91, 0x28, 0xe5, 0x2b,
0x02, 0xf3, 0xe5, 0x96, 0x39, 0xf1, 0x3c, 0x46 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - checking for overflow */
{
.secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
.b_public = (u8[32]){ 0xc8, 0xef, 0x79, 0xb5, 0x14, 0xd7, 0x68, 0x26,
0x77, 0xbc, 0x79, 0x31, 0xe0, 0x6e, 0xe5, 0xc2,
0x7c, 0x9b, 0x39, 0x2b, 0x4a, 0xe9, 0x48, 0x44,
0x73, 0xf5, 0x54, 0xe6, 0x67, 0x8e, 0xcc, 0x2e },
.expected_ss = (u8[32]){ 0x64, 0x7a, 0x46, 0xb6, 0xfc, 0x3f, 0x40, 0xd6,
0x21, 0x41, 0xee, 0x3c, 0xee, 0x70, 0x6b, 0x4d,
0x7a, 0x92, 0x71, 0x59, 0x3a, 0x7b, 0x14, 0x3e,
0x8e, 0x2e, 0x22, 0x79, 0x88, 0x3e, 0x45, 0x50 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - checking for overflow */
{
.secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
.b_public = (u8[32]){ 0x64, 0xae, 0xac, 0x25, 0x04, 0x14, 0x48, 0x61,
0x53, 0x2b, 0x7b, 0xbc, 0xb6, 0xc8, 0x7d, 0x67,
0xdd, 0x4c, 0x1f, 0x07, 0xeb, 0xc2, 0xe0, 0x6e,
0xff, 0xb9, 0x5a, 0xec, 0xc6, 0x17, 0x0b, 0x2c },
.expected_ss = (u8[32]){ 0x4f, 0xf0, 0x3d, 0x5f, 0xb4, 0x3c, 0xd8, 0x65,
0x7a, 0x3c, 0xf3, 0x7c, 0x13, 0x8c, 0xad, 0xce,
0xcc, 0xe5, 0x09, 0xe4, 0xeb, 0xa0, 0x89, 0xd0,
0xef, 0x40, 0xb4, 0xe4, 0xfb, 0x94, 0x61, 0x55 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - checking for overflow */
{
.secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
.b_public = (u8[32]){ 0xbf, 0x68, 0xe3, 0x5e, 0x9b, 0xdb, 0x7e, 0xee,
0x1b, 0x50, 0x57, 0x02, 0x21, 0x86, 0x0f, 0x5d,
0xcd, 0xad, 0x8a, 0xcb, 0xab, 0x03, 0x1b, 0x14,
0x97, 0x4c, 0xc4, 0x90, 0x13, 0xc4, 0x98, 0x31 },
.expected_ss = (u8[32]){ 0x21, 0xce, 0xe5, 0x2e, 0xfd, 0xbc, 0x81, 0x2e,
0x1d, 0x02, 0x1a, 0x4a, 0xf1, 0xe1, 0xd8, 0xbc,
0x4d, 0xb3, 0xc4, 0x00, 0xe4, 0xd2, 0xa2, 0xc5,
0x6a, 0x39, 0x26, 0xdb, 0x4d, 0x99, 0xc6, 0x5b },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - checking for overflow */
{
.secret = (u8[32]){ 0xc8, 0x17, 0x24, 0x70, 0x40, 0x00, 0xb2, 0x6d,
0x31, 0x70, 0x3c, 0xc9, 0x7e, 0x3a, 0x37, 0x8d,
0x56, 0xfa, 0xd8, 0x21, 0x93, 0x61, 0xc8, 0x8c,
0xca, 0x8b, 0xd7, 0xc5, 0x71, 0x9b, 0x12, 0xb2 },
.b_public = (u8[32]){ 0x53, 0x47, 0xc4, 0x91, 0x33, 0x1a, 0x64, 0xb4,
0x3d, 0xdc, 0x68, 0x30, 0x34, 0xe6, 0x77, 0xf5,
0x3d, 0xc3, 0x2b, 0x52, 0xa5, 0x2a, 0x57, 0x7c,
0x15, 0xa8, 0x3b, 0xf2, 0x98, 0xe9, 0x9f, 0x19 },
.expected_ss = (u8[32]){ 0x18, 0xcb, 0x89, 0xe4, 0xe2, 0x0c, 0x0c, 0x2b,
0xd3, 0x24, 0x30, 0x52, 0x45, 0x26, 0x6c, 0x93,
0x27, 0x69, 0x0b, 0xbe, 0x79, 0xac, 0xb8, 0x8f,
0x5b, 0x8f, 0xb3, 0xf7, 0x4e, 0xca, 0x3e, 0x52 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - private key == -1 (mod order) */
{
.secret = (u8[32]){ 0xa0, 0x23, 0xcd, 0xd0, 0x83, 0xef, 0x5b, 0xb8,
0x2f, 0x10, 0xd6, 0x2e, 0x59, 0xe1, 0x5a, 0x68,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x50 },
.b_public = (u8[32]){ 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e,
0xe6, 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57,
0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc, 0x82, 0x8f,
0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75 },
.expected_ss = (u8[32]){ 0x25, 0x8e, 0x04, 0x52, 0x3b, 0x8d, 0x25, 0x3e,
0xe6, 0x57, 0x19, 0xfc, 0x69, 0x06, 0xc6, 0x57,
0x19, 0x2d, 0x80, 0x71, 0x7e, 0xdc, 0x82, 0x8f,
0xa0, 0xaf, 0x21, 0x68, 0x6e, 0x2f, 0xaa, 0x75 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
},
/* wycheproof - private key == 1 (mod order) on twist */
{
.secret = (u8[32]){ 0x58, 0x08, 0x3d, 0xd2, 0x61, 0xad, 0x91, 0xef,
0xf9, 0x52, 0x32, 0x2e, 0xc8, 0x24, 0xc6, 0x82,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0x5f },
.b_public = (u8[32]){ 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f,
0x2d, 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6,
0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83, 0xef, 0x64,
0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35 },
.expected_ss = (u8[32]){ 0x2e, 0xae, 0x5e, 0xc3, 0xdd, 0x49, 0x4e, 0x9f,
0x2d, 0x37, 0xd2, 0x58, 0xf8, 0x73, 0xa8, 0xe6,
0xe9, 0xd0, 0xdb, 0xd1, 0xe3, 0x83, 0xef, 0x64,
0xd9, 0x8b, 0xb9, 0x1b, 0x3e, 0x0b, 0xe0, 0x35 },
.secret_size = 32,
.b_public_size = 32,
.expected_ss_size = 32,
}
};
static const struct kpp_testvec ecdh_tv_template[] = {
{
#ifndef CONFIG_CRYPTO_FIPS
.secret =
#ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */
"\x20\x00" /* len */
"\x01\x00" /* curve_id */
"\x18\x00" /* key_size */
#else
"\x00\x02" /* type */
"\x00\x20" /* len */
"\x00\x01" /* curve_id */
"\x00\x18" /* key_size */
#endif
"\xb5\x05\xb1\x71\x1e\xbf\x8c\xda"
"\x4e\x19\x1e\x62\x1f\x23\x23\x31"
"\x36\x1e\xd3\x84\x2f\xcc\x21\x72",
.b_public =
"\xc3\xba\x67\x4b\x71\xec\xd0\x76"
"\x7a\x99\x75\x64\x36\x13\x9a\x94"
"\x5d\x8b\xdc\x60\x90\x91\xfd\x3f"
"\xb0\x1f\x8a\x0a\x68\xc6\x88\x6e"
"\x83\x87\xdd\x67\x09\xf8\x8d\x96"
"\x07\xd6\xbd\x1c\xe6\x8d\x9d\x67",
.expected_a_public =
"\x1a\x04\xdb\xa5\xe1\xdd\x4e\x79"
"\xa3\xe6\xef\x0e\x5c\x80\x49\x85"
"\xfa\x78\xb4\xef\x49\xbd\x4c\x7c"
"\x22\x90\x21\x02\xf9\x1b\x81\x5d"
"\x0c\x8a\xa8\x98\xd6\x27\x69\x88"
"\x5e\xbc\x94\xd8\x15\x9e\x21\xce",
.expected_ss =
"\xf4\x57\xcc\x4f\x1f\x4e\x31\xcc"
"\xe3\x40\x60\xc8\x06\x93\xc6\x2e"
"\x99\x80\x81\x28\xaf\xc5\x51\x74",
.secret_size = 32,
.b_public_size = 48,
.expected_a_public_size = 48,
.expected_ss_size = 24
}, {
#endif
.secret =
#ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */
"\x28\x00" /* len */
"\x02\x00" /* curve_id */
"\x20\x00" /* key_size */
#else
"\x00\x02" /* type */
"\x00\x28" /* len */
"\x00\x02" /* curve_id */
"\x00\x20" /* key_size */
#endif
"\x24\xd1\x21\xeb\xe5\xcf\x2d\x83"
"\xf6\x62\x1b\x6e\x43\x84\x3a\xa3"
"\x8b\xe0\x86\xc3\x20\x19\xda\x92"
"\x50\x53\x03\xe1\xc0\xea\xb8\x82",
.expected_a_public =
"\x1a\x7f\xeb\x52\x00\xbd\x3c\x31"
"\x7d\xb6\x70\xc1\x86\xa6\xc7\xc4"
"\x3b\xc5\x5f\x6c\x6f\x58\x3c\xf5"
"\xb6\x63\x82\x77\x33\x24\xa1\x5f"
"\x6a\xca\x43\x6f\xf7\x7e\xff\x02"
"\x37\x08\xcc\x40\x5e\x7a\xfd\x6a"
"\x6a\x02\x6e\x41\x87\x68\x38\x77"
"\xfa\xa9\x44\x43\x2d\xef\x09\xdf",
.expected_ss =
"\xea\x17\x6f\x7e\x6e\x57\x26\x38"
"\x8b\xfb\x41\xeb\xba\xc8\x6d\xa5"
"\xa8\x72\xd1\xff\xc9\x47\x3d\xaa"
"\x58\x43\x9f\x34\x0f\x8c\xf3\xc9",
.b_public =
"\xcc\xb4\xda\x74\xb1\x47\x3f\xea"
"\x6c\x70\x9e\x38\x2d\xc7\xaa\xb7"
"\x29\xb2\x47\x03\x19\xab\xdd\x34"
"\xbd\xa8\x2c\x93\xe1\xa4\x74\xd9"
"\x64\x63\xf7\x70\x20\x2f\xa4\xe6"
"\x9f\x4a\x38\xcc\xc0\x2c\x49\x2f"
"\xb1\x32\xbb\xaf\x22\x61\xda\xcb"
"\x6f\xdb\xa9\xaa\xfc\x77\x81\xf3",
.secret_size = 40,
.b_public_size = 64,
.expected_a_public_size = 64,
.expected_ss_size = 32
}, {
.secret =
#ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */
"\x08\x00" /* len */
"\x02\x00" /* curve_id */
"\x00\x00", /* key_size */
#else
"\x00\x02" /* type */
"\x00\x08" /* len */
"\x00\x02" /* curve_id */
"\x00\x00", /* key_size */
#endif
.b_secret =
#ifdef __LITTLE_ENDIAN
"\x02\x00" /* type */
"\x28\x00" /* len */
"\x02\x00" /* curve_id */
"\x20\x00" /* key_size */
#else
"\x00\x02" /* type */
"\x00\x28" /* len */
"\x00\x02" /* curve_id */
"\x00\x20" /* key_size */
#endif
"\x24\xd1\x21\xeb\xe5\xcf\x2d\x83"
"\xf6\x62\x1b\x6e\x43\x84\x3a\xa3"
"\x8b\xe0\x86\xc3\x20\x19\xda\x92"
"\x50\x53\x03\xe1\xc0\xea\xb8\x82",
.b_public =
"\x1a\x7f\xeb\x52\x00\xbd\x3c\x31"
"\x7d\xb6\x70\xc1\x86\xa6\xc7\xc4"
"\x3b\xc5\x5f\x6c\x6f\x58\x3c\xf5"
"\xb6\x63\x82\x77\x33\x24\xa1\x5f"
"\x6a\xca\x43\x6f\xf7\x7e\xff\x02"
"\x37\x08\xcc\x40\x5e\x7a\xfd\x6a"
"\x6a\x02\x6e\x41\x87\x68\x38\x77"
"\xfa\xa9\x44\x43\x2d\xef\x09\xdf",
.secret_size = 8,
.b_secret_size = 40,
.b_public_size = 64,
.expected_a_public_size = 64,
.expected_ss_size = 32,
.genkey = true,
}
};
/*
* MD4 test vectors from RFC1320
*/
static const struct hash_testvec md4_tv_template[] = {
{
.plaintext = "",
.digest = "\x31\xd6\xcf\xe0\xd1\x6a\xe9\x31"
"\xb7\x3c\x59\xd7\xe0\xc0\x89\xc0",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\xbd\xe5\x2c\xb3\x1d\xe3\x3e\x46"
"\x24\x5e\x05\xfb\xdb\xd6\xfb\x24",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xa4\x48\x01\x7a\xaf\x21\xd8\x52"
"\x5f\xc1\x0a\xe8\x7a\xa6\x72\x9d",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\xd9\x13\x0a\x81\x64\x54\x9f\xe8"
"\x18\x87\x48\x06\xe1\xc7\x01\x4b",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xd7\x9e\x1c\x30\x8a\xa5\xbb\xcd"
"\xee\xa8\xed\x63\xdf\x41\x2d\xa9",
.np = 2,
.tap = { 13, 13 },
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\x04\x3f\x85\x82\xf2\x41\xdb\x35"
"\x1c\xe6\x27\xe1\x53\xe7\xf0\xe4",
}, {
.plaintext = "123456789012345678901234567890123456789012345678901234567890123"
"45678901234567890",
.psize = 80,
.digest = "\xe3\x3b\x4d\xdc\x9c\x38\xf2\x19"
"\x9c\x3e\x7b\x16\x4f\xcc\x05\x36",
},
};
static const struct hash_testvec sha3_224_tv_template[] = {
{
.plaintext = "",
.digest = "\x6b\x4e\x03\x42\x36\x67\xdb\xb7"
"\x3b\x6e\x15\x45\x4f\x0e\xb1\xab"
"\xd4\x59\x7f\x9a\x1b\x07\x8e\x3f"
"\x5b\x5a\x6b\xc7",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x9e\x86\xff\x69\x55\x7c\xa9\x5f"
"\x40\x5f\x08\x12\x69\x68\x5b\x38"
"\xe3\xa8\x19\xb3\x09\xee\x94\x2f"
"\x48\x2b\x6a\x8b",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkl"
"jklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x8a\x24\x10\x8b\x15\x4a\xda\x21"
"\xc9\xfd\x55\x74\x49\x44\x79\xba"
"\x5c\x7e\x7a\xb7\x6e\xf2\x64\xea"
"\xd0\xfc\xce\x33",
.np = 2,
.tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\x7d\x0f\x2f\xb7\x65\x3b\xa7\x26"
"\xc3\x88\x20\x71\x15\x06\xe8\x2d"
"\xa3\x92\x44\xab\x3e\xe7\xff\x86"
"\xb6\x79\x10\x72",
},
};
static const struct hash_testvec sha3_256_tv_template[] = {
{
.plaintext = "",
.digest = "\xa7\xff\xc6\xf8\xbf\x1e\xd7\x66"
"\x51\xc1\x47\x56\xa0\x61\xd6\x62"
"\xf5\x80\xff\x4d\xe4\x3b\x49\xfa"
"\x82\xd8\x0a\x4b\x80\xf8\x43\x4a",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x80\x08\x4b\xf2\xfb\xa0\x24\x75"
"\x72\x6f\xeb\x2c\xab\x2d\x82\x15"
"\xea\xb1\x4b\xc6\xbd\xd8\xbf\xb2"
"\xc8\x15\x12\x57\x03\x2e\xcd\x8b",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkl"
"jklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x41\xc0\xdb\xa2\xa9\xd6\x24\x08"
"\x49\x10\x03\x76\xa8\x23\x5e\x2c"
"\x82\xe1\xb9\x99\x8a\x99\x9e\x21"
"\xdb\x32\xdd\x97\x49\x6d\x33\x76",
.np = 2,
.tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\xde\x41\x04\xbd\xda\xda\xd9\x71"
"\xf7\xfa\x80\xf5\xea\x11\x03\xb1"
"\x3b\x6a\xbc\x5f\xb9\x66\x26\xf7"
"\x8a\x97\xbb\xf2\x07\x08\x38\x30",
},
};
static const struct hash_testvec sha3_384_tv_template[] = {
{
.plaintext = "",
.digest = "\x0c\x63\xa7\x5b\x84\x5e\x4f\x7d"
"\x01\x10\x7d\x85\x2e\x4c\x24\x85"
"\xc5\x1a\x50\xaa\xaa\x94\xfc\x61"
"\x99\x5e\x71\xbb\xee\x98\x3a\x2a"
"\xc3\x71\x38\x31\x26\x4a\xdb\x47"
"\xfb\x6b\xd1\xe0\x58\xd5\xf0\x04",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x18\x15\xf7\x74\xf3\x20\x49\x1b"
"\x48\x56\x9e\xfe\xc7\x94\xd2\x49"
"\xee\xb5\x9a\xae\x46\xd2\x2b\xf7"
"\x7d\xaf\xe2\x5c\x5e\xdc\x28\xd7"
"\xea\x44\xf9\x3e\xe1\x23\x4a\xa8"
"\x8f\x61\xc9\x19\x12\xa4\xcc\xd9",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkl"
"jklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x99\x1c\x66\x57\x55\xeb\x3a\x4b"
"\x6b\xbd\xfb\x75\xc7\x8a\x49\x2e"
"\x8c\x56\xa2\x2c\x5c\x4d\x7e\x42"
"\x9b\xfd\xbc\x32\xb9\xd4\xad\x5a"
"\xa0\x4a\x1f\x07\x6e\x62\xfe\xa1"
"\x9e\xef\x51\xac\xd0\x65\x7c\x22",
.np = 2,
.tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\x1b\x19\x4d\x8f\xd5\x36\x87\x71"
"\xcf\xca\x30\x85\x9b\xc1\x25\xc7"
"\x00\xcb\x73\x8a\x8e\xd4\xfe\x2b"
"\x1a\xa2\xdc\x2e\x41\xfd\x52\x51"
"\xd2\x21\xae\x2d\xc7\xae\x8c\x40"
"\xb9\xe6\x56\x48\x03\xcd\x88\x6b",
},
};
static const struct hash_testvec sha3_512_tv_template[] = {
{
.plaintext = "",
.digest = "\xa6\x9f\x73\xcc\xa2\x3a\x9a\xc5"
"\xc8\xb5\x67\xdc\x18\x5a\x75\x6e"
"\x97\xc9\x82\x16\x4f\xe2\x58\x59"
"\xe0\xd1\xdc\xc1\x47\x5c\x80\xa6"
"\x15\xb2\x12\x3a\xf1\xf5\xf9\x4c"
"\x11\xe3\xe9\x40\x2c\x3a\xc5\x58"
"\xf5\x00\x19\x9d\x95\xb6\xd3\xe3"
"\x01\x75\x85\x86\x28\x1d\xcd\x26",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x69\x7f\x2d\x85\x61\x72\xcb\x83"
"\x09\xd6\xb8\xb9\x7d\xac\x4d\xe3"
"\x44\xb5\x49\xd4\xde\xe6\x1e\xdf"
"\xb4\x96\x2d\x86\x98\xb7\xfa\x80"
"\x3f\x4f\x93\xff\x24\x39\x35\x86"
"\xe2\x8b\x5b\x95\x7a\xc3\xd1\xd3"
"\x69\x42\x0c\xe5\x33\x32\x71\x2f"
"\x99\x7b\xd3\x36\xd0\x9a\xb0\x2a",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkl"
"jklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x04\xa3\x71\xe8\x4e\xcf\xb5\xb8"
"\xb7\x7c\xb4\x86\x10\xfc\xa8\x18"
"\x2d\xd4\x57\xce\x6f\x32\x6a\x0f"
"\xd3\xd7\xec\x2f\x1e\x91\x63\x6d"
"\xee\x69\x1f\xbe\x0c\x98\x53\x02"
"\xba\x1b\x0d\x8d\xc7\x8c\x08\x63"
"\x46\xb5\x33\xb4\x9c\x03\x0d\x99"
"\xa2\x7d\xaf\x11\x39\xd6\xe7\x5e",
.np = 2,
.tap = { 28, 28 },
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\x59\xda\x30\xe3\x90\xe4\x3d\xde"
"\xf0\xc6\x42\x17\xd7\xb2\x26\x47"
"\x90\x28\xa6\x84\xe8\x49\x7a\x86"
"\xd6\xb8\x9e\xf8\x07\x59\x21\x03"
"\xad\xd2\xed\x48\xa3\xb9\xa5\xf0"
"\xb3\xae\x02\x2b\xb8\xaf\xc3\x3b"
"\xd6\xb0\x8f\xcb\x76\x8b\xa7\x41"
"\x32\xc2\x8e\x50\x91\x86\x90\xfb",
},
};
/*
* MD5 test vectors from RFC1321
*/
static const struct hash_testvec md5_tv_template[] = {
{
.digest = "\xd4\x1d\x8c\xd9\x8f\x00\xb2\x04"
"\xe9\x80\x09\x98\xec\xf8\x42\x7e",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x0c\xc1\x75\xb9\xc0\xf1\xb6\xa8"
"\x31\xc3\x99\xe2\x69\x77\x26\x61",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\x90\x01\x50\x98\x3c\xd2\x4f\xb0"
"\xd6\x96\x3f\x7d\x28\xe1\x7f\x72",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\xf9\x6b\x69\x7d\x7c\xb7\x93\x8d"
"\x52\x5a\x2f\x31\xaa\xf1\x61\xd0",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xc3\xfc\xd3\xd7\x61\x92\xe4\x00"
"\x7d\xfb\x49\x6c\xca\x67\xe1\x3b",
.np = 2,
.tap = {13, 13}
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\xd1\x74\xab\x98\xd2\x77\xd9\xf5"
"\xa5\x61\x1c\x2c\x9f\x41\x9d\x9f",
}, {
.plaintext = "12345678901234567890123456789012345678901234567890123456789012"
"345678901234567890",
.psize = 80,
.digest = "\x57\xed\xf4\xa2\x2b\xe3\xc9\x55"
"\xac\x49\xda\x2e\x21\x07\xb6\x7a",
}
};
/*
* RIPEMD-128 test vectors from ISO/IEC 10118-3:2004(E)
*/
static const struct hash_testvec rmd128_tv_template[] = {
{
.digest = "\xcd\xf2\x62\x13\xa1\x50\xdc\x3e"
"\xcb\x61\x0f\x18\xf6\xb3\x8b\x46",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x86\xbe\x7a\xfa\x33\x9d\x0f\xc7"
"\xcf\xc7\x85\xe7\x2f\x57\x8d\x33",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xc1\x4a\x12\x19\x9c\x66\xe4\xba"
"\x84\x63\x6b\x0f\x69\x14\x4c\x77",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\x9e\x32\x7b\x3d\x6e\x52\x30\x62"
"\xaf\xc1\x13\x2d\x7d\xf9\xd1\xb8",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xfd\x2a\xa6\x07\xf7\x1d\xc8\xf5"
"\x10\x71\x49\x22\xb3\x71\x83\x4e",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde"
"fghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\xd1\xe9\x59\xeb\x17\x9c\x91\x1f"
"\xae\xa4\x62\x4c\x60\xc5\xc7\x02",
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = "\x3f\x45\xef\x19\x47\x32\xc2\xdb"
"\xb2\xc4\xa2\xc7\x69\x79\x5f\xa3",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighij"
"hijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\xa1\xaa\x06\x89\xd0\xfa\xfa\x2d"
"\xdc\x22\xe8\x8b\x49\x13\x3a\x06",
.np = 2,
.tap = { 28, 28 },
}, {
.plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi"
"jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr"
"lmnopqrsmnopqrstnopqrstu",
.psize = 112,
.digest = "\xd4\xec\xc9\x13\xe1\xdf\x77\x6b"
"\xf4\x8d\xe9\xd5\x5b\x1f\x25\x46",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijk",
.psize = 32,
.digest = "\x13\xfc\x13\xe8\xef\xff\x34\x7d"
"\xe1\x93\xff\x46\xdb\xac\xcf\xd4",
}
};
/*
* RIPEMD-160 test vectors from ISO/IEC 10118-3:2004(E)
*/
static const struct hash_testvec rmd160_tv_template[] = {
{
.digest = "\x9c\x11\x85\xa5\xc5\xe9\xfc\x54\x61\x28"
"\x08\x97\x7e\xe8\xf5\x48\xb2\x25\x8d\x31",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x0b\xdc\x9d\x2d\x25\x6b\x3e\xe9\xda\xae"
"\x34\x7b\xe6\xf4\xdc\x83\x5a\x46\x7f\xfe",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\x8e\xb2\x08\xf7\xe0\x5d\x98\x7a\x9b\x04"
"\x4a\x8e\x98\xc6\xb0\x87\xf1\x5a\x0b\xfc",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\x5d\x06\x89\xef\x49\xd2\xfa\xe5\x72\xb8"
"\x81\xb1\x23\xa8\x5f\xfa\x21\x59\x5f\x36",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xf7\x1c\x27\x10\x9c\x69\x2c\x1b\x56\xbb"
"\xdc\xeb\x5b\x9d\x28\x65\xb3\x70\x8d\xbc",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde"
"fghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\xb0\xe2\x0b\x6e\x31\x16\x64\x02\x86\xed"
"\x3a\x87\xa5\x71\x30\x79\xb2\x1f\x51\x89",
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = "\x9b\x75\x2e\x45\x57\x3d\x4b\x39\xf4\xdb"
"\xd3\x32\x3c\xab\x82\xbf\x63\x32\x6b\xfb",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighij"
"hijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x12\xa0\x53\x38\x4a\x9c\x0c\x88\xe4\x05"
"\xa0\x6c\x27\xdc\xf4\x9a\xda\x62\xeb\x2b",
.np = 2,
.tap = { 28, 28 },
}, {
.plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghi"
"jklmghijklmnhijklmnoijklmnopjklmnopqklmnopqr"
"lmnopqrsmnopqrstnopqrstu",
.psize = 112,
.digest = "\x6f\x3f\xa3\x9b\x6b\x50\x3c\x38\x4f\x91"
"\x9a\x49\xa7\xaa\x5c\x2c\x08\xbd\xfb\x45",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijk",
.psize = 32,
.digest = "\x94\xc2\x64\x11\x54\x04\xe6\x33\x79\x0d"
"\xfc\xc8\x7b\x58\x7d\x36\x77\x06\x7d\x9f",
}
};
/*
* RIPEMD-256 test vectors
*/
static const struct hash_testvec rmd256_tv_template[] = {
{
.digest = "\x02\xba\x4c\x4e\x5f\x8e\xcd\x18"
"\x77\xfc\x52\xd6\x4d\x30\xe3\x7a"
"\x2d\x97\x74\xfb\x1e\x5d\x02\x63"
"\x80\xae\x01\x68\xe3\xc5\x52\x2d",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\xf9\x33\x3e\x45\xd8\x57\xf5\xd9"
"\x0a\x91\xba\xb7\x0a\x1e\xba\x0c"
"\xfb\x1b\xe4\xb0\x78\x3c\x9a\xcf"
"\xcd\x88\x3a\x91\x34\x69\x29\x25",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xaf\xbd\x6e\x22\x8b\x9d\x8c\xbb"
"\xce\xf5\xca\x2d\x03\xe6\xdb\xa1"
"\x0a\xc0\xbc\x7d\xcb\xe4\x68\x0e"
"\x1e\x42\xd2\xe9\x75\x45\x9b\x65",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\x87\xe9\x71\x75\x9a\x1c\xe4\x7a"
"\x51\x4d\x5c\x91\x4c\x39\x2c\x90"
"\x18\xc7\xc4\x6b\xc1\x44\x65\x55"
"\x4a\xfc\xdf\x54\xa5\x07\x0c\x0e",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\x64\x9d\x30\x34\x75\x1e\xa2\x16"
"\x77\x6b\xf9\xa1\x8a\xcc\x81\xbc"
"\x78\x96\x11\x8a\x51\x97\x96\x87"
"\x82\xdd\x1f\xd9\x7d\x8d\x51\x33",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde"
"fghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\x57\x40\xa4\x08\xac\x16\xb7\x20"
"\xb8\x44\x24\xae\x93\x1c\xbb\x1f"
"\xe3\x63\xd1\xd0\xbf\x40\x17\xf1"
"\xa8\x9f\x7e\xa6\xde\x77\xa0\xb8",
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = "\x06\xfd\xcc\x7a\x40\x95\x48\xaa"
"\xf9\x13\x68\xc0\x6a\x62\x75\xb5"
"\x53\xe3\xf0\x99\xbf\x0e\xa4\xed"
"\xfd\x67\x78\xdf\x89\xa8\x90\xdd",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighij"
"hijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x38\x43\x04\x55\x83\xaa\xc6\xc8"
"\xc8\xd9\x12\x85\x73\xe7\xa9\x80"
"\x9a\xfb\x2a\x0f\x34\xcc\xc3\x6e"
"\xa9\xe7\x2f\x16\xf6\x36\x8e\x3f",
.np = 2,
.tap = { 28, 28 },
}
};
/*
* RIPEMD-320 test vectors
*/
static const struct hash_testvec rmd320_tv_template[] = {
{
.digest = "\x22\xd6\x5d\x56\x61\x53\x6c\xdc\x75\xc1"
"\xfd\xf5\xc6\xde\x7b\x41\xb9\xf2\x73\x25"
"\xeb\xc6\x1e\x85\x57\x17\x7d\x70\x5a\x0e"
"\xc8\x80\x15\x1c\x3a\x32\xa0\x08\x99\xb8",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\xce\x78\x85\x06\x38\xf9\x26\x58\xa5\xa5"
"\x85\x09\x75\x79\x92\x6d\xda\x66\x7a\x57"
"\x16\x56\x2c\xfc\xf6\xfb\xe7\x7f\x63\x54"
"\x2f\x99\xb0\x47\x05\xd6\x97\x0d\xff\x5d",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xde\x4c\x01\xb3\x05\x4f\x89\x30\xa7\x9d"
"\x09\xae\x73\x8e\x92\x30\x1e\x5a\x17\x08"
"\x5b\xef\xfd\xc1\xb8\xd1\x16\x71\x3e\x74"
"\xf8\x2f\xa9\x42\xd6\x4c\xdb\xc4\x68\x2d",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\x3a\x8e\x28\x50\x2e\xd4\x5d\x42\x2f\x68"
"\x84\x4f\x9d\xd3\x16\xe7\xb9\x85\x33\xfa"
"\x3f\x2a\x91\xd2\x9f\x84\xd4\x25\xc8\x8d"
"\x6b\x4e\xff\x72\x7d\xf6\x6a\x7c\x01\x97",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xca\xbd\xb1\x81\x0b\x92\x47\x0a\x20\x93"
"\xaa\x6b\xce\x05\x95\x2c\x28\x34\x8c\xf4"
"\x3f\xf6\x08\x41\x97\x51\x66\xbb\x40\xed"
"\x23\x40\x04\xb8\x82\x44\x63\xe6\xb0\x09",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcde"
"fghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\xed\x54\x49\x40\xc8\x6d\x67\xf2\x50\xd2"
"\x32\xc3\x0b\x7b\x3e\x57\x70\xe0\xc6\x0c"
"\x8c\xb9\xa4\xca\xfe\x3b\x11\x38\x8a\xf9"
"\x92\x0e\x1b\x99\x23\x0b\x84\x3c\x86\xa4",
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = "\x55\x78\x88\xaf\x5f\x6d\x8e\xd6\x2a\xb6"
"\x69\x45\xc6\xd2\xa0\xa4\x7e\xcd\x53\x41"
"\xe9\x15\xeb\x8f\xea\x1d\x05\x24\x95\x5f"
"\x82\x5d\xc7\x17\xe4\xa0\x08\xab\x2d\x42",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighij"
"hijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\xd0\x34\xa7\x95\x0c\xf7\x22\x02\x1b\xa4"
"\xb8\x4d\xf7\x69\xa5\xde\x20\x60\xe2\x59"
"\xdf\x4c\x9b\xb4\xa4\x26\x8c\x0e\x93\x5b"
"\xbc\x74\x70\xa9\x69\xc9\xd0\x72\xa1\xac",
.np = 2,
.tap = { 28, 28 },
}
};
static const struct hash_testvec crct10dif_tv_template[] = {
{
.plaintext = "abc",
.psize = 3,
.digest = (u8 *)(u16 []){ 0x443b },
}, {
.plaintext = "1234567890123456789012345678901234567890"
"123456789012345678901234567890123456789",
.psize = 79,
.digest = (u8 *)(u16 []){ 0x4b70 },
.np = 2,
.tap = { 63, 16 },
}, {
.plaintext = "abcdddddddddddddddddddddddddddddddddddddddd"
"ddddddddddddd",
.psize = 56,
.digest = (u8 *)(u16 []){ 0x9ce3 },
.np = 8,
.tap = { 1, 2, 28, 7, 6, 5, 4, 3 },
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"123456789012345678901234567890123456789",
.psize = 319,
.digest = (u8 *)(u16 []){ 0x44c6 },
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890"
"123456789012345678901234567890123456789",
.psize = 319,
.digest = (u8 *)(u16 []){ 0x44c6 },
.np = 4,
.tap = { 1, 255, 57, 6 },
}, {
.plaintext = "\x6e\x05\x79\x10\xa7\x1b\xb2\x49"
"\xe0\x54\xeb\x82\x19\x8d\x24\xbb"
"\x2f\xc6\x5d\xf4\x68\xff\x96\x0a"
"\xa1\x38\xcf\x43\xda\x71\x08\x7c"
"\x13\xaa\x1e\xb5\x4c\xe3\x57\xee"
"\x85\x1c\x90\x27\xbe\x32\xc9\x60"
"\xf7\x6b\x02\x99\x0d\xa4\x3b\xd2"
"\x46\xdd\x74\x0b\x7f\x16\xad\x21"
"\xb8\x4f\xe6\x5a\xf1\x88\x1f\x93"
"\x2a\xc1\x35\xcc\x63\xfa\x6e\x05"
"\x9c\x10\xa7\x3e\xd5\x49\xe0\x77"
"\x0e\x82\x19\xb0\x24\xbb\x52\xe9"
"\x5d\xf4\x8b\x22\x96\x2d\xc4\x38"
"\xcf\x66\xfd\x71\x08\x9f\x13\xaa"
"\x41\xd8\x4c\xe3\x7a\x11\x85\x1c"
"\xb3\x27\xbe\x55\xec\x60\xf7\x8e"
"\x02\x99\x30\xc7\x3b\xd2\x69\x00"
"\x74\x0b\xa2\x16\xad\x44\xdb\x4f"
"\xe6\x7d\x14\x88\x1f\xb6\x2a\xc1"
"\x58\xef\x63\xfa\x91\x05\x9c\x33"
"\xca\x3e\xd5\x6c\x03\x77\x0e\xa5"
"\x19\xb0\x47\xde\x52\xe9\x80\x17"
"\x8b\x22\xb9\x2d\xc4\x5b\xf2\x66"
"\xfd\x94\x08\x9f\x36\xcd\x41\xd8"
"\x6f\x06\x7a\x11\xa8\x1c\xb3\x4a"
"\xe1\x55\xec\x83\x1a\x8e\x25\xbc"
"\x30\xc7\x5e\xf5\x69\x00\x97\x0b"
"\xa2\x39\xd0\x44\xdb\x72\x09\x7d"
"\x14\xab\x1f\xb6\x4d\xe4\x58\xef"
"\x86\x1d\x91\x28\xbf\x33\xca\x61"
"\xf8\x6c\x03\x9a\x0e\xa5\x3c\xd3"
"\x47\xde\x75\x0c\x80\x17\xae\x22"
"\xb9\x50\xe7\x5b\xf2\x89\x20\x94"
"\x2b\xc2\x36\xcd\x64\xfb\x6f\x06"
"\x9d\x11\xa8\x3f\xd6\x4a\xe1\x78"
"\x0f\x83\x1a\xb1\x25\xbc\x53\xea"
"\x5e\xf5\x8c\x00\x97\x2e\xc5\x39"
"\xd0\x67\xfe\x72\x09\xa0\x14\xab"
"\x42\xd9\x4d\xe4\x7b\x12\x86\x1d"
"\xb4\x28\xbf\x56\xed\x61\xf8\x8f"
"\x03\x9a\x31\xc8\x3c\xd3\x6a\x01"
"\x75\x0c\xa3\x17\xae\x45\xdc\x50"
"\xe7\x7e\x15\x89\x20\xb7\x2b\xc2"
"\x59\xf0\x64\xfb\x92\x06\x9d\x34"
"\xcb\x3f\xd6\x6d\x04\x78\x0f\xa6"
"\x1a\xb1\x48\xdf\x53\xea\x81\x18"
"\x8c\x23\xba\x2e\xc5\x5c\xf3\x67"
"\xfe\x95\x09\xa0\x37\xce\x42\xd9"
"\x70\x07\x7b\x12\xa9\x1d\xb4\x4b"
"\xe2\x56\xed\x84\x1b\x8f\x26\xbd"
"\x31\xc8\x5f\xf6\x6a\x01\x98\x0c"
"\xa3\x3a\xd1\x45\xdc\x73\x0a\x7e"
"\x15\xac\x20\xb7\x4e\xe5\x59\xf0"
"\x87\x1e\x92\x29\xc0\x34\xcb\x62"
"\xf9\x6d\x04\x9b\x0f\xa6\x3d\xd4"
"\x48\xdf\x76\x0d\x81\x18\xaf\x23"
"\xba\x51\xe8\x5c\xf3\x8a\x21\x95"
"\x2c\xc3\x37\xce\x65\xfc\x70\x07"
"\x9e\x12\xa9\x40\xd7\x4b\xe2\x79"
"\x10\x84\x1b\xb2\x26\xbd\x54\xeb"
"\x5f\xf6\x8d\x01\x98\x2f\xc6\x3a"
"\xd1\x68\xff\x73\x0a\xa1\x15\xac"
"\x43\xda\x4e\xe5\x7c\x13\x87\x1e"
"\xb5\x29\xc0\x57\xee\x62\xf9\x90"
"\x04\x9b\x32\xc9\x3d\xd4\x6b\x02"
"\x76\x0d\xa4\x18\xaf\x46\xdd\x51"
"\xe8\x7f\x16\x8a\x21\xb8\x2c\xc3"
"\x5a\xf1\x65\xfc\x93\x07\x9e\x35"
"\xcc\x40\xd7\x6e\x05\x79\x10\xa7"
"\x1b\xb2\x49\xe0\x54\xeb\x82\x19"
"\x8d\x24\xbb\x2f\xc6\x5d\xf4\x68"
"\xff\x96\x0a\xa1\x38\xcf\x43\xda"
"\x71\x08\x7c\x13\xaa\x1e\xb5\x4c"
"\xe3\x57\xee\x85\x1c\x90\x27\xbe"
"\x32\xc9\x60\xf7\x6b\x02\x99\x0d"
"\xa4\x3b\xd2\x46\xdd\x74\x0b\x7f"
"\x16\xad\x21\xb8\x4f\xe6\x5a\xf1"
"\x88\x1f\x93\x2a\xc1\x35\xcc\x63"
"\xfa\x6e\x05\x9c\x10\xa7\x3e\xd5"
"\x49\xe0\x77\x0e\x82\x19\xb0\x24"
"\xbb\x52\xe9\x5d\xf4\x8b\x22\x96"
"\x2d\xc4\x38\xcf\x66\xfd\x71\x08"
"\x9f\x13\xaa\x41\xd8\x4c\xe3\x7a"
"\x11\x85\x1c\xb3\x27\xbe\x55\xec"
"\x60\xf7\x8e\x02\x99\x30\xc7\x3b"
"\xd2\x69\x00\x74\x0b\xa2\x16\xad"
"\x44\xdb\x4f\xe6\x7d\x14\x88\x1f"
"\xb6\x2a\xc1\x58\xef\x63\xfa\x91"
"\x05\x9c\x33\xca\x3e\xd5\x6c\x03"
"\x77\x0e\xa5\x19\xb0\x47\xde\x52"
"\xe9\x80\x17\x8b\x22\xb9\x2d\xc4"
"\x5b\xf2\x66\xfd\x94\x08\x9f\x36"
"\xcd\x41\xd8\x6f\x06\x7a\x11\xa8"
"\x1c\xb3\x4a\xe1\x55\xec\x83\x1a"
"\x8e\x25\xbc\x30\xc7\x5e\xf5\x69"
"\x00\x97\x0b\xa2\x39\xd0\x44\xdb"
"\x72\x09\x7d\x14\xab\x1f\xb6\x4d"
"\xe4\x58\xef\x86\x1d\x91\x28\xbf"
"\x33\xca\x61\xf8\x6c\x03\x9a\x0e"
"\xa5\x3c\xd3\x47\xde\x75\x0c\x80"
"\x17\xae\x22\xb9\x50\xe7\x5b\xf2"
"\x89\x20\x94\x2b\xc2\x36\xcd\x64"
"\xfb\x6f\x06\x9d\x11\xa8\x3f\xd6"
"\x4a\xe1\x78\x0f\x83\x1a\xb1\x25"
"\xbc\x53\xea\x5e\xf5\x8c\x00\x97"
"\x2e\xc5\x39\xd0\x67\xfe\x72\x09"
"\xa0\x14\xab\x42\xd9\x4d\xe4\x7b"
"\x12\x86\x1d\xb4\x28\xbf\x56\xed"
"\x61\xf8\x8f\x03\x9a\x31\xc8\x3c"
"\xd3\x6a\x01\x75\x0c\xa3\x17\xae"
"\x45\xdc\x50\xe7\x7e\x15\x89\x20"
"\xb7\x2b\xc2\x59\xf0\x64\xfb\x92"
"\x06\x9d\x34\xcb\x3f\xd6\x6d\x04"
"\x78\x0f\xa6\x1a\xb1\x48\xdf\x53"
"\xea\x81\x18\x8c\x23\xba\x2e\xc5"
"\x5c\xf3\x67\xfe\x95\x09\xa0\x37"
"\xce\x42\xd9\x70\x07\x7b\x12\xa9"
"\x1d\xb4\x4b\xe2\x56\xed\x84\x1b"
"\x8f\x26\xbd\x31\xc8\x5f\xf6\x6a"
"\x01\x98\x0c\xa3\x3a\xd1\x45\xdc"
"\x73\x0a\x7e\x15\xac\x20\xb7\x4e"
"\xe5\x59\xf0\x87\x1e\x92\x29\xc0"
"\x34\xcb\x62\xf9\x6d\x04\x9b\x0f"
"\xa6\x3d\xd4\x48\xdf\x76\x0d\x81"
"\x18\xaf\x23\xba\x51\xe8\x5c\xf3"
"\x8a\x21\x95\x2c\xc3\x37\xce\x65"
"\xfc\x70\x07\x9e\x12\xa9\x40\xd7"
"\x4b\xe2\x79\x10\x84\x1b\xb2\x26"
"\xbd\x54\xeb\x5f\xf6\x8d\x01\x98"
"\x2f\xc6\x3a\xd1\x68\xff\x73\x0a"
"\xa1\x15\xac\x43\xda\x4e\xe5\x7c"
"\x13\x87\x1e\xb5\x29\xc0\x57\xee"
"\x62\xf9\x90\x04\x9b\x32\xc9\x3d"
"\xd4\x6b\x02\x76\x0d\xa4\x18\xaf"
"\x46\xdd\x51\xe8\x7f\x16\x8a\x21"
"\xb8\x2c\xc3\x5a\xf1\x65\xfc\x93"
"\x07\x9e\x35\xcc\x40\xd7\x6e\x05"
"\x79\x10\xa7\x1b\xb2\x49\xe0\x54"
"\xeb\x82\x19\x8d\x24\xbb\x2f\xc6"
"\x5d\xf4\x68\xff\x96\x0a\xa1\x38"
"\xcf\x43\xda\x71\x08\x7c\x13\xaa"
"\x1e\xb5\x4c\xe3\x57\xee\x85\x1c"
"\x90\x27\xbe\x32\xc9\x60\xf7\x6b"
"\x02\x99\x0d\xa4\x3b\xd2\x46\xdd"
"\x74\x0b\x7f\x16\xad\x21\xb8\x4f"
"\xe6\x5a\xf1\x88\x1f\x93\x2a\xc1"
"\x35\xcc\x63\xfa\x6e\x05\x9c\x10"
"\xa7\x3e\xd5\x49\xe0\x77\x0e\x82"
"\x19\xb0\x24\xbb\x52\xe9\x5d\xf4"
"\x8b\x22\x96\x2d\xc4\x38\xcf\x66"
"\xfd\x71\x08\x9f\x13\xaa\x41\xd8"
"\x4c\xe3\x7a\x11\x85\x1c\xb3\x27"
"\xbe\x55\xec\x60\xf7\x8e\x02\x99"
"\x30\xc7\x3b\xd2\x69\x00\x74\x0b"
"\xa2\x16\xad\x44\xdb\x4f\xe6\x7d"
"\x14\x88\x1f\xb6\x2a\xc1\x58\xef"
"\x63\xfa\x91\x05\x9c\x33\xca\x3e"
"\xd5\x6c\x03\x77\x0e\xa5\x19\xb0"
"\x47\xde\x52\xe9\x80\x17\x8b\x22"
"\xb9\x2d\xc4\x5b\xf2\x66\xfd\x94"
"\x08\x9f\x36\xcd\x41\xd8\x6f\x06"
"\x7a\x11\xa8\x1c\xb3\x4a\xe1\x55"
"\xec\x83\x1a\x8e\x25\xbc\x30\xc7"
"\x5e\xf5\x69\x00\x97\x0b\xa2\x39"
"\xd0\x44\xdb\x72\x09\x7d\x14\xab"
"\x1f\xb6\x4d\xe4\x58\xef\x86\x1d"
"\x91\x28\xbf\x33\xca\x61\xf8\x6c"
"\x03\x9a\x0e\xa5\x3c\xd3\x47\xde"
"\x75\x0c\x80\x17\xae\x22\xb9\x50"
"\xe7\x5b\xf2\x89\x20\x94\x2b\xc2"
"\x36\xcd\x64\xfb\x6f\x06\x9d\x11"
"\xa8\x3f\xd6\x4a\xe1\x78\x0f\x83"
"\x1a\xb1\x25\xbc\x53\xea\x5e\xf5"
"\x8c\x00\x97\x2e\xc5\x39\xd0\x67"
"\xfe\x72\x09\xa0\x14\xab\x42\xd9"
"\x4d\xe4\x7b\x12\x86\x1d\xb4\x28"
"\xbf\x56\xed\x61\xf8\x8f\x03\x9a"
"\x31\xc8\x3c\xd3\x6a\x01\x75\x0c"
"\xa3\x17\xae\x45\xdc\x50\xe7\x7e"
"\x15\x89\x20\xb7\x2b\xc2\x59\xf0"
"\x64\xfb\x92\x06\x9d\x34\xcb\x3f"
"\xd6\x6d\x04\x78\x0f\xa6\x1a\xb1"
"\x48\xdf\x53\xea\x81\x18\x8c\x23"
"\xba\x2e\xc5\x5c\xf3\x67\xfe\x95"
"\x09\xa0\x37\xce\x42\xd9\x70\x07"
"\x7b\x12\xa9\x1d\xb4\x4b\xe2\x56"
"\xed\x84\x1b\x8f\x26\xbd\x31\xc8"
"\x5f\xf6\x6a\x01\x98\x0c\xa3\x3a"
"\xd1\x45\xdc\x73\x0a\x7e\x15\xac"
"\x20\xb7\x4e\xe5\x59\xf0\x87\x1e"
"\x92\x29\xc0\x34\xcb\x62\xf9\x6d"
"\x04\x9b\x0f\xa6\x3d\xd4\x48\xdf"
"\x76\x0d\x81\x18\xaf\x23\xba\x51"
"\xe8\x5c\xf3\x8a\x21\x95\x2c\xc3"
"\x37\xce\x65\xfc\x70\x07\x9e\x12"
"\xa9\x40\xd7\x4b\xe2\x79\x10\x84"
"\x1b\xb2\x26\xbd\x54\xeb\x5f\xf6"
"\x8d\x01\x98\x2f\xc6\x3a\xd1\x68"
"\xff\x73\x0a\xa1\x15\xac\x43\xda"
"\x4e\xe5\x7c\x13\x87\x1e\xb5\x29"
"\xc0\x57\xee\x62\xf9\x90\x04\x9b"
"\x32\xc9\x3d\xd4\x6b\x02\x76\x0d"
"\xa4\x18\xaf\x46\xdd\x51\xe8\x7f"
"\x16\x8a\x21\xb8\x2c\xc3\x5a\xf1"
"\x65\xfc\x93\x07\x9e\x35\xcc\x40"
"\xd7\x6e\x05\x79\x10\xa7\x1b\xb2"
"\x49\xe0\x54\xeb\x82\x19\x8d\x24"
"\xbb\x2f\xc6\x5d\xf4\x68\xff\x96"
"\x0a\xa1\x38\xcf\x43\xda\x71\x08"
"\x7c\x13\xaa\x1e\xb5\x4c\xe3\x57"
"\xee\x85\x1c\x90\x27\xbe\x32\xc9"
"\x60\xf7\x6b\x02\x99\x0d\xa4\x3b"
"\xd2\x46\xdd\x74\x0b\x7f\x16\xad"
"\x21\xb8\x4f\xe6\x5a\xf1\x88\x1f"
"\x93\x2a\xc1\x35\xcc\x63\xfa\x6e"
"\x05\x9c\x10\xa7\x3e\xd5\x49\xe0"
"\x77\x0e\x82\x19\xb0\x24\xbb\x52"
"\xe9\x5d\xf4\x8b\x22\x96\x2d\xc4"
"\x38\xcf\x66\xfd\x71\x08\x9f\x13"
"\xaa\x41\xd8\x4c\xe3\x7a\x11\x85"
"\x1c\xb3\x27\xbe\x55\xec\x60\xf7"
"\x8e\x02\x99\x30\xc7\x3b\xd2\x69"
"\x00\x74\x0b\xa2\x16\xad\x44\xdb"
"\x4f\xe6\x7d\x14\x88\x1f\xb6\x2a"
"\xc1\x58\xef\x63\xfa\x91\x05\x9c"
"\x33\xca\x3e\xd5\x6c\x03\x77\x0e"
"\xa5\x19\xb0\x47\xde\x52\xe9\x80"
"\x17\x8b\x22\xb9\x2d\xc4\x5b\xf2"
"\x66\xfd\x94\x08\x9f\x36\xcd\x41"
"\xd8\x6f\x06\x7a\x11\xa8\x1c\xb3"
"\x4a\xe1\x55\xec\x83\x1a\x8e\x25"
"\xbc\x30\xc7\x5e\xf5\x69\x00\x97"
"\x0b\xa2\x39\xd0\x44\xdb\x72\x09"
"\x7d\x14\xab\x1f\xb6\x4d\xe4\x58"
"\xef\x86\x1d\x91\x28\xbf\x33\xca"
"\x61\xf8\x6c\x03\x9a\x0e\xa5\x3c"
"\xd3\x47\xde\x75\x0c\x80\x17\xae"
"\x22\xb9\x50\xe7\x5b\xf2\x89\x20"
"\x94\x2b\xc2\x36\xcd\x64\xfb\x6f"
"\x06\x9d\x11\xa8\x3f\xd6\x4a\xe1"
"\x78\x0f\x83\x1a\xb1\x25\xbc\x53"
"\xea\x5e\xf5\x8c\x00\x97\x2e\xc5"
"\x39\xd0\x67\xfe\x72\x09\xa0\x14"
"\xab\x42\xd9\x4d\xe4\x7b\x12\x86"
"\x1d\xb4\x28\xbf\x56\xed\x61\xf8"
"\x8f\x03\x9a\x31\xc8\x3c\xd3\x6a"
"\x01\x75\x0c\xa3\x17\xae\x45\xdc"
"\x50\xe7\x7e\x15\x89\x20\xb7\x2b"
"\xc2\x59\xf0\x64\xfb\x92\x06\x9d"
"\x34\xcb\x3f\xd6\x6d\x04\x78\x0f"
"\xa6\x1a\xb1\x48\xdf\x53\xea\x81"
"\x18\x8c\x23\xba\x2e\xc5\x5c\xf3"
"\x67\xfe\x95\x09\xa0\x37\xce\x42"
"\xd9\x70\x07\x7b\x12\xa9\x1d\xb4"
"\x4b\xe2\x56\xed\x84\x1b\x8f\x26"
"\xbd\x31\xc8\x5f\xf6\x6a\x01\x98",
.psize = 2048,
.digest = (u8 *)(u16 []){ 0x23ca },
}
};
/* Example vectors below taken from
* http://www.oscca.gov.cn/UpFile/20101222141857786.pdf
*
* The rest taken from
* https://github.com/adamws/oscca-sm3
*/
static const struct hash_testvec sm3_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = (u8 *)(u8 []) {
0x1A, 0xB2, 0x1D, 0x83, 0x55, 0xCF, 0xA1, 0x7F,
0x8e, 0x61, 0x19, 0x48, 0x31, 0xE8, 0x1A, 0x8F,
0x22, 0xBE, 0xC8, 0xC7, 0x28, 0xFE, 0xFB, 0x74,
0x7E, 0xD0, 0x35, 0xEB, 0x50, 0x82, 0xAA, 0x2B }
}, {
.plaintext = "a",
.psize = 1,
.digest = (u8 *)(u8 []) {
0x62, 0x34, 0x76, 0xAC, 0x18, 0xF6, 0x5A, 0x29,
0x09, 0xE4, 0x3C, 0x7F, 0xEC, 0x61, 0xB4, 0x9C,
0x7E, 0x76, 0x4A, 0x91, 0xA1, 0x8C, 0xCB, 0x82,
0xF1, 0x91, 0x7A, 0x29, 0xC8, 0x6C, 0x5E, 0x88 }
}, {
/* A.1. Example 1 */
.plaintext = "abc",
.psize = 3,
.digest = (u8 *)(u8 []) {
0x66, 0xC7, 0xF0, 0xF4, 0x62, 0xEE, 0xED, 0xD9,
0xD1, 0xF2, 0xD4, 0x6B, 0xDC, 0x10, 0xE4, 0xE2,
0x41, 0x67, 0xC4, 0x87, 0x5C, 0xF2, 0xF7, 0xA2,
0x29, 0x7D, 0xA0, 0x2B, 0x8F, 0x4B, 0xA8, 0xE0 }
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = (u8 *)(u8 []) {
0xB8, 0x0F, 0xE9, 0x7A, 0x4D, 0xA2, 0x4A, 0xFC,
0x27, 0x75, 0x64, 0xF6, 0x6A, 0x35, 0x9E, 0xF4,
0x40, 0x46, 0x2A, 0xD2, 0x8D, 0xCC, 0x6D, 0x63,
0xAD, 0xB2, 0x4D, 0x5C, 0x20, 0xA6, 0x15, 0x95 }
}, {
/* A.1. Example 2 */
.plaintext = "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdab"
"cdabcdabcdabcdabcd",
.psize = 64,
.digest = (u8 *)(u8 []) {
0xDE, 0xBE, 0x9F, 0xF9, 0x22, 0x75, 0xB8, 0xA1,
0x38, 0x60, 0x48, 0x89, 0xC1, 0x8E, 0x5A, 0x4D,
0x6F, 0xDB, 0x70, 0xE5, 0x38, 0x7E, 0x57, 0x65,
0x29, 0x3D, 0xCB, 0xA3, 0x9C, 0x0C, 0x57, 0x32 }
}, {
.plaintext = "abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
"abcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcdabcd"
"abcdabcdabcdabcdabcdabcdabcdabcd",
.psize = 256,
.digest = (u8 *)(u8 []) {
0xB9, 0x65, 0x76, 0x4C, 0x8B, 0xEB, 0xB0, 0x91,
0xC7, 0x60, 0x2B, 0x74, 0xAF, 0xD3, 0x4E, 0xEF,
0xB5, 0x31, 0xDC, 0xCB, 0x4E, 0x00, 0x76, 0xD9,
0xB7, 0xCD, 0x81, 0x31, 0x99, 0xB4, 0x59, 0x71 }
}
};
/*
* SHA1 test vectors from from FIPS PUB 180-1
* Long vector from CAVS 5.0
*/
static const struct hash_testvec sha1_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\xda\x39\xa3\xee\x5e\x6b\x4b\x0d\x32\x55"
"\xbf\xef\x95\x60\x18\x90\xaf\xd8\x07\x09",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xa9\x99\x3e\x36\x47\x06\x81\x6a\xba\x3e"
"\x25\x71\x78\x50\xc2\x6c\x9c\xd0\xd8\x9d",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x84\x98\x3e\x44\x1c\x3b\xd2\x6e\xba\xae"
"\x4a\xa1\xf9\x51\x29\xe5\xe5\x46\x70\xf1",
.np = 2,
.tap = { 28, 28 }
}, {
.plaintext = "\xec\x29\x56\x12\x44\xed\xe7\x06"
"\xb6\xeb\x30\xa1\xc3\x71\xd7\x44"
"\x50\xa1\x05\xc3\xf9\x73\x5f\x7f"
"\xa9\xfe\x38\xcf\x67\xf3\x04\xa5"
"\x73\x6a\x10\x6e\x92\xe1\x71\x39"
"\xa6\x81\x3b\x1c\x81\xa4\xf3\xd3"
"\xfb\x95\x46\xab\x42\x96\xfa\x9f"
"\x72\x28\x26\xc0\x66\x86\x9e\xda"
"\xcd\x73\xb2\x54\x80\x35\x18\x58"
"\x13\xe2\x26\x34\xa9\xda\x44\x00"
"\x0d\x95\xa2\x81\xff\x9f\x26\x4e"
"\xcc\xe0\xa9\x31\x22\x21\x62\xd0"
"\x21\xcc\xa2\x8d\xb5\xf3\xc2\xaa"
"\x24\x94\x5a\xb1\xe3\x1c\xb4\x13"
"\xae\x29\x81\x0f\xd7\x94\xca\xd5"
"\xdf\xaf\x29\xec\x43\xcb\x38\xd1"
"\x98\xfe\x4a\xe1\xda\x23\x59\x78"
"\x02\x21\x40\x5b\xd6\x71\x2a\x53"
"\x05\xda\x4b\x1b\x73\x7f\xce\x7c"
"\xd2\x1c\x0e\xb7\x72\x8d\x08\x23"
"\x5a\x90\x11",
.psize = 163,
.digest = "\x97\x01\x11\xc4\xe7\x7b\xcc\x88\xcc\x20"
"\x45\x9c\x02\xb6\x9b\x4a\xa8\xf5\x82\x17",
.np = 4,
.tap = { 63, 64, 31, 5 }
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
.digest = "\xc8\x71\xf6\x9a\x63\xcc\xa9\x84\x84\x82"
"\x64\xe7\x79\x95\x5d\xd7\x19\x41\x7c\x91",
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\xb8\xe3\x54\xed\xc5\xfc\xef\xa4"
"\x55\x73\x4a\x81\x99\xe4\x47\x2a"
"\x30\xd6\xc9\x85",
}
};
/*
* SHA224 test vectors from from FIPS PUB 180-2
*/
static const struct hash_testvec sha224_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\xd1\x4a\x02\x8c\x2a\x3a\x2b\xc9"
"\x47\x61\x02\xbb\x28\x82\x34\xc4"
"\x15\xa2\xb0\x1f\x82\x8e\xa6\x2a"
"\xc5\xb3\xe4\x2f",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\x23\x09\x7D\x22\x34\x05\xD8\x22"
"\x86\x42\xA4\x77\xBD\xA2\x55\xB3"
"\x2A\xAD\xBC\xE4\xBD\xA0\xB3\xF7"
"\xE3\x6C\x9D\xA7",
}, {
.plaintext =
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x75\x38\x8B\x16\x51\x27\x76\xCC"
"\x5D\xBA\x5D\xA1\xFD\x89\x01\x50"
"\xB0\xC6\x45\x5C\xB4\xF5\x8B\x19"
"\x52\x52\x25\x25",
.np = 2,
.tap = { 28, 28 }
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
.digest = "\xc4\xdb\x2b\x3a\x58\xc3\x99\x01"
"\x42\xfd\x10\x92\xaa\x4e\x04\x08"
"\x58\xbb\xbb\xe8\xf8\x14\xa7\x0c"
"\xef\x3b\xcb\x0e",
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\x98\x43\x07\x63\x75\xe0\xa7\x1c"
"\x78\xb1\x8b\xfd\x04\xf5\x2d\x91"
"\x20\x48\xa4\x28\xff\x55\xb1\xd3"
"\xe6\xf9\x4f\xcc",
}
};
/*
* SHA256 test vectors from from NIST
*/
static const struct hash_testvec sha256_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\xe3\xb0\xc4\x42\x98\xfc\x1c\x14"
"\x9a\xfb\xf4\xc8\x99\x6f\xb9\x24"
"\x27\xae\x41\xe4\x64\x9b\x93\x4c"
"\xa4\x95\x99\x1b\x78\x52\xb8\x55",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xba\x78\x16\xbf\x8f\x01\xcf\xea"
"\x41\x41\x40\xde\x5d\xae\x22\x23"
"\xb0\x03\x61\xa3\x96\x17\x7a\x9c"
"\xb4\x10\xff\x61\xf2\x00\x15\xad",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x24\x8d\x6a\x61\xd2\x06\x38\xb8"
"\xe5\xc0\x26\x93\x0c\x3e\x60\x39"
"\xa3\x3c\xe4\x59\x64\xff\x21\x67"
"\xf6\xec\xed\xd4\x19\xdb\x06\xc1",
.np = 2,
.tap = { 28, 28 }
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
.digest = "\xb5\xfe\xad\x56\x7d\xff\xcb\xa4"
"\x2c\x32\x29\x32\x19\xbb\xfb\xfa"
"\xd6\xff\x94\xa3\x72\x91\x85\x66"
"\x3b\xa7\x87\x77\x58\xa3\x40\x3a",
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\xc5\xce\x0c\xca\x01\x4f\x53\x3a"
"\x32\x32\x17\xcc\xd4\x6a\x71\xa9"
"\xf3\xed\x50\x10\x64\x8e\x06\xbe"
"\x9b\x4a\xa6\xbb\x05\x89\x59\x51",
}
};
/*
* SHA384 test vectors from from NIST and kerneli
*/
static const struct hash_testvec sha384_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\x38\xb0\x60\xa7\x51\xac\x96\x38"
"\x4c\xd9\x32\x7e\xb1\xb1\xe3\x6a"
"\x21\xfd\xb7\x11\x14\xbe\x07\x43"
"\x4c\x0c\xc7\xbf\x63\xf6\xe1\xda"
"\x27\x4e\xde\xbf\xe7\x6f\x65\xfb"
"\xd5\x1a\xd2\xf1\x48\x98\xb9\x5b",
}, {
.plaintext= "abc",
.psize = 3,
.digest = "\xcb\x00\x75\x3f\x45\xa3\x5e\x8b"
"\xb5\xa0\x3d\x69\x9a\xc6\x50\x07"
"\x27\x2c\x32\xab\x0e\xde\xd1\x63"
"\x1a\x8b\x60\x5a\x43\xff\x5b\xed"
"\x80\x86\x07\x2b\xa1\xe7\xcc\x23"
"\x58\xba\xec\xa1\x34\xc8\x25\xa7",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x33\x91\xfd\xdd\xfc\x8d\xc7\x39"
"\x37\x07\xa6\x5b\x1b\x47\x09\x39"
"\x7c\xf8\xb1\xd1\x62\xaf\x05\xab"
"\xfe\x8f\x45\x0d\xe5\xf3\x6b\xc6"
"\xb0\x45\x5a\x85\x20\xbc\x4e\x6f"
"\x5f\xe9\x5b\x1f\xe3\xc8\x45\x2b",
}, {
.plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
.psize = 112,
.digest = "\x09\x33\x0c\x33\xf7\x11\x47\xe8"
"\x3d\x19\x2f\xc7\x82\xcd\x1b\x47"
"\x53\x11\x1b\x17\x3b\x3b\x05\xd2"
"\x2f\xa0\x80\x86\xe3\xb0\xf7\x12"
"\xfc\xc7\xc7\x1a\x55\x7e\x2d\xb9"
"\x66\xc3\xe9\xfa\x91\x74\x60\x39",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
"efghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz",
.psize = 104,
.digest = "\x3d\x20\x89\x73\xab\x35\x08\xdb"
"\xbd\x7e\x2c\x28\x62\xba\x29\x0a"
"\xd3\x01\x0e\x49\x78\xc1\x98\xdc"
"\x4d\x8f\xd0\x14\xe5\x82\x82\x3a"
"\x89\xe1\x6f\x9b\x2a\x7b\xbc\x1a"
"\xc9\x38\xe2\xd1\x99\xe8\xbe\xa4",
.np = 4,
.tap = { 26, 26, 26, 26 }
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\x4d\x97\x23\xc8\xea\x7a\x7c\x15"
"\xb8\xff\x97\x9c\xf5\x13\x4f\x31"
"\xde\x67\xf7\x24\x73\xcd\x70\x1c"
"\x03\x4a\xba\x8a\x87\x49\xfe\xdc"
"\x75\x29\x62\x83\xae\x3f\x17\xab"
"\xfd\x10\x4d\x8e\x17\x1c\x1f\xca",
}
};
/*
* SHA512 test vectors from from NIST and kerneli
*/
static const struct hash_testvec sha512_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\xcf\x83\xe1\x35\x7e\xef\xb8\xbd"
"\xf1\x54\x28\x50\xd6\x6d\x80\x07"
"\xd6\x20\xe4\x05\x0b\x57\x15\xdc"
"\x83\xf4\xa9\x21\xd3\x6c\xe9\xce"
"\x47\xd0\xd1\x3c\x5d\x85\xf2\xb0"
"\xff\x83\x18\xd2\x87\x7e\xec\x2f"
"\x63\xb9\x31\xbd\x47\x41\x7a\x81"
"\xa5\x38\x32\x7a\xf9\x27\xda\x3e",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xdd\xaf\x35\xa1\x93\x61\x7a\xba"
"\xcc\x41\x73\x49\xae\x20\x41\x31"
"\x12\xe6\xfa\x4e\x89\xa9\x7e\xa2"
"\x0a\x9e\xee\xe6\x4b\x55\xd3\x9a"
"\x21\x92\x99\x2a\x27\x4f\xc1\xa8"
"\x36\xba\x3c\x23\xa3\xfe\xeb\xbd"
"\x45\x4d\x44\x23\x64\x3c\xe8\x0e"
"\x2a\x9a\xc9\x4f\xa5\x4c\xa4\x9f",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x20\x4a\x8f\xc6\xdd\xa8\x2f\x0a"
"\x0c\xed\x7b\xeb\x8e\x08\xa4\x16"
"\x57\xc1\x6e\xf4\x68\xb2\x28\xa8"
"\x27\x9b\xe3\x31\xa7\x03\xc3\x35"
"\x96\xfd\x15\xc1\x3b\x1b\x07\xf9"
"\xaa\x1d\x3b\xea\x57\x78\x9c\xa0"
"\x31\xad\x85\xc7\xa7\x1d\xd7\x03"
"\x54\xec\x63\x12\x38\xca\x34\x45",
}, {
.plaintext = "abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmn"
"hijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu",
.psize = 112,
.digest = "\x8e\x95\x9b\x75\xda\xe3\x13\xda"
"\x8c\xf4\xf7\x28\x14\xfc\x14\x3f"
"\x8f\x77\x79\xc6\xeb\x9f\x7f\xa1"
"\x72\x99\xae\xad\xb6\x88\x90\x18"
"\x50\x1d\x28\x9e\x49\x00\xf7\xe4"
"\x33\x1b\x99\xde\xc4\xb5\x43\x3a"
"\xc7\xd3\x29\xee\xb6\xdd\x26\x54"
"\x5e\x96\xe5\x5b\x87\x4b\xe9\x09",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyzabcd"
"efghijklmnopqrstuvwxyzabcdefghijklmnopqrstuvwxyz",
.psize = 104,
.digest = "\x93\x0d\x0c\xef\xcb\x30\xff\x11"
"\x33\xb6\x89\x81\x21\xf1\xcf\x3d"
"\x27\x57\x8a\xfc\xaf\xe8\x67\x7c"
"\x52\x57\xcf\x06\x99\x11\xf7\x5d"
"\x8f\x58\x31\xb5\x6e\xbf\xda\x67"
"\xb2\x78\xe6\x6d\xff\x8b\x84\xfe"
"\x2b\x28\x70\xf7\x42\xa5\x80\xd8"
"\xed\xb4\x19\x87\x23\x28\x50\xc9",
.np = 4,
.tap = { 26, 26, 26, 26 }
}, {
.plaintext = "\x08\x9f\x13\xaa\x41\xd8\x4c\xe3"
"\x7a\x11\x85\x1c\xb3\x27\xbe\x55"
"\xec\x60\xf7\x8e\x02\x99\x30\xc7"
"\x3b\xd2\x69\x00\x74\x0b\xa2\x16"
"\xad\x44\xdb\x4f\xe6\x7d\x14\x88"
"\x1f\xb6\x2a\xc1\x58\xef\x63\xfa"
"\x91\x05\x9c\x33\xca\x3e\xd5\x6c"
"\x03\x77\x0e\xa5\x19\xb0\x47\xde"
"\x52\xe9\x80\x17\x8b\x22\xb9\x2d"
"\xc4\x5b\xf2\x66\xfd\x94\x08\x9f"
"\x36\xcd\x41\xd8\x6f\x06\x7a\x11"
"\xa8\x1c\xb3\x4a\xe1\x55\xec\x83"
"\x1a\x8e\x25\xbc\x30\xc7\x5e\xf5"
"\x69\x00\x97\x0b\xa2\x39\xd0\x44"
"\xdb\x72\x09\x7d\x14\xab\x1f\xb6"
"\x4d\xe4\x58\xef\x86\x1d\x91\x28"
"\xbf\x33\xca\x61\xf8\x6c\x03\x9a"
"\x0e\xa5\x3c\xd3\x47\xde\x75\x0c"
"\x80\x17\xae\x22\xb9\x50\xe7\x5b"
"\xf2\x89\x20\x94\x2b\xc2\x36\xcd"
"\x64\xfb\x6f\x06\x9d\x11\xa8\x3f"
"\xd6\x4a\xe1\x78\x0f\x83\x1a\xb1"
"\x25\xbc\x53\xea\x5e\xf5\x8c\x00"
"\x97\x2e\xc5\x39\xd0\x67\xfe\x72"
"\x09\xa0\x14\xab\x42\xd9\x4d\xe4"
"\x7b\x12\x86\x1d\xb4\x28\xbf\x56"
"\xed\x61\xf8\x8f\x03\x9a\x31\xc8"
"\x3c\xd3\x6a\x01\x75\x0c\xa3\x17"
"\xae\x45\xdc\x50\xe7\x7e\x15\x89"
"\x20\xb7\x2b\xc2\x59\xf0\x64\xfb"
"\x92\x06\x9d\x34\xcb\x3f\xd6\x6d"
"\x04\x78\x0f\xa6\x1a\xb1\x48\xdf"
"\x53\xea\x81\x18\x8c\x23\xba\x2e"
"\xc5\x5c\xf3\x67\xfe\x95\x09\xa0"
"\x37\xce\x42\xd9\x70\x07\x7b\x12"
"\xa9\x1d\xb4\x4b\xe2\x56\xed\x84"
"\x1b\x8f\x26\xbd\x31\xc8\x5f\xf6"
"\x6a\x01\x98\x0c\xa3\x3a\xd1\x45"
"\xdc\x73\x0a\x7e\x15\xac\x20\xb7"
"\x4e\xe5\x59\xf0\x87\x1e\x92\x29"
"\xc0\x34\xcb\x62\xf9\x6d\x04\x9b"
"\x0f\xa6\x3d\xd4\x48\xdf\x76\x0d"
"\x81\x18\xaf\x23\xba\x51\xe8\x5c"
"\xf3\x8a\x21\x95\x2c\xc3\x37\xce"
"\x65\xfc\x70\x07\x9e\x12\xa9\x40"
"\xd7\x4b\xe2\x79\x10\x84\x1b\xb2"
"\x26\xbd\x54\xeb\x5f\xf6\x8d\x01"
"\x98\x2f\xc6\x3a\xd1\x68\xff\x73"
"\x0a\xa1\x15\xac\x43\xda\x4e\xe5"
"\x7c\x13\x87\x1e\xb5\x29\xc0\x57"
"\xee\x62\xf9\x90\x04\x9b\x32\xc9"
"\x3d\xd4\x6b\x02\x76\x0d\xa4\x18"
"\xaf\x46\xdd\x51\xe8\x7f\x16\x8a"
"\x21\xb8\x2c\xc3\x5a\xf1\x65\xfc"
"\x93\x07\x9e\x35\xcc\x40\xd7\x6e"
"\x05\x79\x10\xa7\x1b\xb2\x49\xe0"
"\x54\xeb\x82\x19\x8d\x24\xbb\x2f"
"\xc6\x5d\xf4\x68\xff\x96\x0a\xa1"
"\x38\xcf\x43\xda\x71\x08\x7c\x13"
"\xaa\x1e\xb5\x4c\xe3\x57\xee\x85"
"\x1c\x90\x27\xbe\x32\xc9\x60\xf7"
"\x6b\x02\x99\x0d\xa4\x3b\xd2\x46"
"\xdd\x74\x0b\x7f\x16\xad\x21\xb8"
"\x4f\xe6\x5a\xf1\x88\x1f\x93\x2a"
"\xc1\x35\xcc\x63\xfa\x6e\x05\x9c"
"\x10\xa7\x3e\xd5\x49\xe0\x77\x0e"
"\x82\x19\xb0\x24\xbb\x52\xe9\x5d"
"\xf4\x8b\x22\x96\x2d\xc4\x38\xcf"
"\x66\xfd\x71\x08\x9f\x13\xaa\x41"
"\xd8\x4c\xe3\x7a\x11\x85\x1c\xb3"
"\x27\xbe\x55\xec\x60\xf7\x8e\x02"
"\x99\x30\xc7\x3b\xd2\x69\x00\x74"
"\x0b\xa2\x16\xad\x44\xdb\x4f\xe6"
"\x7d\x14\x88\x1f\xb6\x2a\xc1\x58"
"\xef\x63\xfa\x91\x05\x9c\x33\xca"
"\x3e\xd5\x6c\x03\x77\x0e\xa5\x19"
"\xb0\x47\xde\x52\xe9\x80\x17\x8b"
"\x22\xb9\x2d\xc4\x5b\xf2\x66\xfd"
"\x94\x08\x9f\x36\xcd\x41\xd8\x6f"
"\x06\x7a\x11\xa8\x1c\xb3\x4a\xe1"
"\x55\xec\x83\x1a\x8e\x25\xbc\x30"
"\xc7\x5e\xf5\x69\x00\x97\x0b\xa2"
"\x39\xd0\x44\xdb\x72\x09\x7d\x14"
"\xab\x1f\xb6\x4d\xe4\x58\xef\x86"
"\x1d\x91\x28\xbf\x33\xca\x61\xf8"
"\x6c\x03\x9a\x0e\xa5\x3c\xd3\x47"
"\xde\x75\x0c\x80\x17\xae\x22\xb9"
"\x50\xe7\x5b\xf2\x89\x20\x94\x2b"
"\xc2\x36\xcd\x64\xfb\x6f\x06\x9d"
"\x11\xa8\x3f\xd6\x4a\xe1\x78\x0f"
"\x83\x1a\xb1\x25\xbc\x53\xea\x5e"
"\xf5\x8c\x00\x97\x2e\xc5\x39\xd0"
"\x67\xfe\x72\x09\xa0\x14\xab\x42"
"\xd9\x4d\xe4\x7b\x12\x86\x1d\xb4"
"\x28\xbf\x56\xed\x61\xf8\x8f\x03"
"\x9a\x31\xc8\x3c\xd3\x6a\x01\x75"
"\x0c\xa3\x17\xae\x45\xdc\x50\xe7"
"\x7e\x15\x89\x20\xb7\x2b\xc2\x59"
"\xf0\x64\xfb\x92\x06\x9d\x34\xcb"
"\x3f\xd6\x6d\x04\x78\x0f\xa6\x1a"
"\xb1\x48\xdf\x53\xea\x81\x18\x8c"
"\x23\xba\x2e\xc5\x5c\xf3\x67\xfe"
"\x95\x09\xa0\x37\xce\x42\xd9\x70"
"\x07\x7b\x12\xa9\x1d\xb4\x4b\xe2"
"\x56\xed\x84\x1b\x8f\x26\xbd\x31"
"\xc8\x5f\xf6\x6a\x01\x98\x0c\xa3"
"\x3a\xd1\x45\xdc\x73\x0a\x7e\x15"
"\xac\x20\xb7\x4e\xe5\x59\xf0\x87"
"\x1e\x92\x29\xc0\x34\xcb\x62\xf9"
"\x6d\x04\x9b\x0f\xa6\x3d\xd4\x48"
"\xdf\x76\x0d\x81\x18\xaf\x23\xba"
"\x51\xe8\x5c\xf3\x8a\x21\x95\x2c"
"\xc3\x37\xce\x65\xfc\x70\x07\x9e"
"\x12\xa9\x40\xd7\x4b\xe2\x79\x10"
"\x84\x1b\xb2\x26\xbd\x54\xeb\x5f"
"\xf6\x8d\x01\x98\x2f\xc6\x3a\xd1"
"\x68\xff\x73\x0a\xa1\x15\xac\x43"
"\xda\x4e\xe5\x7c\x13\x87\x1e\xb5"
"\x29\xc0\x57\xee\x62\xf9\x90\x04"
"\x9b\x32\xc9\x3d\xd4\x6b\x02\x76"
"\x0d\xa4\x18\xaf\x46\xdd\x51\xe8"
"\x7f\x16\x8a\x21\xb8\x2c\xc3\x5a"
"\xf1\x65\xfc\x93\x07\x9e\x35\xcc"
"\x40\xd7\x6e\x05\x79\x10\xa7\x1b"
"\xb2\x49\xe0\x54\xeb\x82\x19\x8d"
"\x24\xbb\x2f\xc6\x5d\xf4\x68\xff"
"\x96\x0a\xa1\x38\xcf\x43\xda\x71"
"\x08\x7c\x13\xaa\x1e\xb5\x4c",
.psize = 1023,
.digest = "\x76\xc9\xd4\x91\x7a\x5f\x0f\xaa"
"\x13\x39\xf3\x01\x7a\xfa\xe5\x41"
"\x5f\x0b\xf8\xeb\x32\xfc\xbf\xb0"
"\xfa\x8c\xcd\x17\x83\xe2\xfa\xeb"
"\x1c\x19\xde\xe2\x75\xdc\x34\x64"
"\x5f\x35\x9c\x61\x2f\x10\xf9\xec"
"\x59\xca\x9d\xcc\x25\x0c\x43\xba"
"\x85\xa8\xf8\xfe\xb5\x24\xb2\xee",
}
};
/*
* WHIRLPOOL test vectors from Whirlpool package
* by Vincent Rijmen and Paulo S. L. M. Barreto as part of the NESSIE
* submission
*/
static const struct hash_testvec wp512_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\x19\xFA\x61\xD7\x55\x22\xA4\x66"
"\x9B\x44\xE3\x9C\x1D\x2E\x17\x26"
"\xC5\x30\x23\x21\x30\xD4\x07\xF8"
"\x9A\xFE\xE0\x96\x49\x97\xF7\xA7"
"\x3E\x83\xBE\x69\x8B\x28\x8F\xEB"
"\xCF\x88\xE3\xE0\x3C\x4F\x07\x57"
"\xEA\x89\x64\xE5\x9B\x63\xD9\x37"
"\x08\xB1\x38\xCC\x42\xA6\x6E\xB3",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F"
"\x11\xA6\x72\x06\x53\x1F\xB7\xD7"
"\xF0\xDF\xF5\x94\x13\x14\x5E\x69"
"\x73\xC4\x50\x01\xD0\x08\x7B\x42"
"\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6"
"\x3A\x42\x39\x1A\x39\x14\x5A\x59"
"\x1A\x92\x20\x0D\x56\x01\x95\xE5"
"\x3B\x47\x85\x84\xFD\xAE\x23\x1A",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\x4E\x24\x48\xA4\xC6\xF4\x86\xBB"
"\x16\xB6\x56\x2C\x73\xB4\x02\x0B"
"\xF3\x04\x3E\x3A\x73\x1B\xCE\x72"
"\x1A\xE1\xB3\x03\xD9\x7E\x6D\x4C"
"\x71\x81\xEE\xBD\xB6\xC5\x7E\x27"
"\x7D\x0E\x34\x95\x71\x14\xCB\xD6"
"\xC7\x97\xFC\x9D\x95\xD8\xB5\x82"
"\xD2\x25\x29\x20\x76\xD4\xEE\xF5",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\x37\x8C\x84\xA4\x12\x6E\x2D\xC6"
"\xE5\x6D\xCC\x74\x58\x37\x7A\xAC"
"\x83\x8D\x00\x03\x22\x30\xF5\x3C"
"\xE1\xF5\x70\x0C\x0F\xFB\x4D\x3B"
"\x84\x21\x55\x76\x59\xEF\x55\xC1"
"\x06\xB4\xB5\x2A\xC5\xA4\xAA\xA6"
"\x92\xED\x92\x00\x52\x83\x8F\x33"
"\x62\xE8\x6D\xBD\x37\xA8\x90\x3E",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xF1\xD7\x54\x66\x26\x36\xFF\xE9"
"\x2C\x82\xEB\xB9\x21\x2A\x48\x4A"
"\x8D\x38\x63\x1E\xAD\x42\x38\xF5"
"\x44\x2E\xE1\x3B\x80\x54\xE4\x1B"
"\x08\xBF\x2A\x92\x51\xC3\x0B\x6A"
"\x0B\x8A\xAE\x86\x17\x7A\xB4\xA6"
"\xF6\x8F\x67\x3E\x72\x07\x86\x5D"
"\x5D\x98\x19\xA3\xDB\xA4\xEB\x3B",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\xDC\x37\xE0\x08\xCF\x9E\xE6\x9B"
"\xF1\x1F\x00\xED\x9A\xBA\x26\x90"
"\x1D\xD7\xC2\x8C\xDE\xC0\x66\xCC"
"\x6A\xF4\x2E\x40\xF8\x2F\x3A\x1E"
"\x08\xEB\xA2\x66\x29\x12\x9D\x8F"
"\xB7\xCB\x57\x21\x1B\x92\x81\xA6"
"\x55\x17\xCC\x87\x9D\x7B\x96\x21"
"\x42\xC6\x5F\x5A\x7A\xF0\x14\x67",
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = "\x46\x6E\xF1\x8B\xAB\xB0\x15\x4D"
"\x25\xB9\xD3\x8A\x64\x14\xF5\xC0"
"\x87\x84\x37\x2B\xCC\xB2\x04\xD6"
"\x54\x9C\x4A\xFA\xDB\x60\x14\x29"
"\x4D\x5B\xD8\xDF\x2A\x6C\x44\xE5"
"\x38\xCD\x04\x7B\x26\x81\xA5\x1A"
"\x2C\x60\x48\x1E\x88\xC5\xA2\x0B"
"\x2C\x2A\x80\xCF\x3A\x9A\x08\x3B",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijk",
.psize = 32,
.digest = "\x2A\x98\x7E\xA4\x0F\x91\x70\x61"
"\xF5\xD6\xF0\xA0\xE4\x64\x4F\x48"
"\x8A\x7A\x5A\x52\xDE\xEE\x65\x62"
"\x07\xC5\x62\xF9\x88\xE9\x5C\x69"
"\x16\xBD\xC8\x03\x1B\xC5\xBE\x1B"
"\x7B\x94\x76\x39\xFE\x05\x0B\x56"
"\x93\x9B\xAA\xA0\xAD\xFF\x9A\xE6"
"\x74\x5B\x7B\x18\x1C\x3B\xE3\xFD",
},
};
static const struct hash_testvec wp384_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\x19\xFA\x61\xD7\x55\x22\xA4\x66"
"\x9B\x44\xE3\x9C\x1D\x2E\x17\x26"
"\xC5\x30\x23\x21\x30\xD4\x07\xF8"
"\x9A\xFE\xE0\x96\x49\x97\xF7\xA7"
"\x3E\x83\xBE\x69\x8B\x28\x8F\xEB"
"\xCF\x88\xE3\xE0\x3C\x4F\x07\x57",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F"
"\x11\xA6\x72\x06\x53\x1F\xB7\xD7"
"\xF0\xDF\xF5\x94\x13\x14\x5E\x69"
"\x73\xC4\x50\x01\xD0\x08\x7B\x42"
"\xD1\x1B\xC6\x45\x41\x3A\xEF\xF6"
"\x3A\x42\x39\x1A\x39\x14\x5A\x59",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\x4E\x24\x48\xA4\xC6\xF4\x86\xBB"
"\x16\xB6\x56\x2C\x73\xB4\x02\x0B"
"\xF3\x04\x3E\x3A\x73\x1B\xCE\x72"
"\x1A\xE1\xB3\x03\xD9\x7E\x6D\x4C"
"\x71\x81\xEE\xBD\xB6\xC5\x7E\x27"
"\x7D\x0E\x34\x95\x71\x14\xCB\xD6",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\x37\x8C\x84\xA4\x12\x6E\x2D\xC6"
"\xE5\x6D\xCC\x74\x58\x37\x7A\xAC"
"\x83\x8D\x00\x03\x22\x30\xF5\x3C"
"\xE1\xF5\x70\x0C\x0F\xFB\x4D\x3B"
"\x84\x21\x55\x76\x59\xEF\x55\xC1"
"\x06\xB4\xB5\x2A\xC5\xA4\xAA\xA6",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xF1\xD7\x54\x66\x26\x36\xFF\xE9"
"\x2C\x82\xEB\xB9\x21\x2A\x48\x4A"
"\x8D\x38\x63\x1E\xAD\x42\x38\xF5"
"\x44\x2E\xE1\x3B\x80\x54\xE4\x1B"
"\x08\xBF\x2A\x92\x51\xC3\x0B\x6A"
"\x0B\x8A\xAE\x86\x17\x7A\xB4\xA6",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\xDC\x37\xE0\x08\xCF\x9E\xE6\x9B"
"\xF1\x1F\x00\xED\x9A\xBA\x26\x90"
"\x1D\xD7\xC2\x8C\xDE\xC0\x66\xCC"
"\x6A\xF4\x2E\x40\xF8\x2F\x3A\x1E"
"\x08\xEB\xA2\x66\x29\x12\x9D\x8F"
"\xB7\xCB\x57\x21\x1B\x92\x81\xA6",
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = "\x46\x6E\xF1\x8B\xAB\xB0\x15\x4D"
"\x25\xB9\xD3\x8A\x64\x14\xF5\xC0"
"\x87\x84\x37\x2B\xCC\xB2\x04\xD6"
"\x54\x9C\x4A\xFA\xDB\x60\x14\x29"
"\x4D\x5B\xD8\xDF\x2A\x6C\x44\xE5"
"\x38\xCD\x04\x7B\x26\x81\xA5\x1A",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijk",
.psize = 32,
.digest = "\x2A\x98\x7E\xA4\x0F\x91\x70\x61"
"\xF5\xD6\xF0\xA0\xE4\x64\x4F\x48"
"\x8A\x7A\x5A\x52\xDE\xEE\x65\x62"
"\x07\xC5\x62\xF9\x88\xE9\x5C\x69"
"\x16\xBD\xC8\x03\x1B\xC5\xBE\x1B"
"\x7B\x94\x76\x39\xFE\x05\x0B\x56",
},
};
static const struct hash_testvec wp256_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\x19\xFA\x61\xD7\x55\x22\xA4\x66"
"\x9B\x44\xE3\x9C\x1D\x2E\x17\x26"
"\xC5\x30\x23\x21\x30\xD4\x07\xF8"
"\x9A\xFE\xE0\x96\x49\x97\xF7\xA7",
}, {
.plaintext = "a",
.psize = 1,
.digest = "\x8A\xCA\x26\x02\x79\x2A\xEC\x6F"
"\x11\xA6\x72\x06\x53\x1F\xB7\xD7"
"\xF0\xDF\xF5\x94\x13\x14\x5E\x69"
"\x73\xC4\x50\x01\xD0\x08\x7B\x42",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\x4E\x24\x48\xA4\xC6\xF4\x86\xBB"
"\x16\xB6\x56\x2C\x73\xB4\x02\x0B"
"\xF3\x04\x3E\x3A\x73\x1B\xCE\x72"
"\x1A\xE1\xB3\x03\xD9\x7E\x6D\x4C",
}, {
.plaintext = "message digest",
.psize = 14,
.digest = "\x37\x8C\x84\xA4\x12\x6E\x2D\xC6"
"\xE5\x6D\xCC\x74\x58\x37\x7A\xAC"
"\x83\x8D\x00\x03\x22\x30\xF5\x3C"
"\xE1\xF5\x70\x0C\x0F\xFB\x4D\x3B",
}, {
.plaintext = "abcdefghijklmnopqrstuvwxyz",
.psize = 26,
.digest = "\xF1\xD7\x54\x66\x26\x36\xFF\xE9"
"\x2C\x82\xEB\xB9\x21\x2A\x48\x4A"
"\x8D\x38\x63\x1E\xAD\x42\x38\xF5"
"\x44\x2E\xE1\x3B\x80\x54\xE4\x1B",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"abcdefghijklmnopqrstuvwxyz0123456789",
.psize = 62,
.digest = "\xDC\x37\xE0\x08\xCF\x9E\xE6\x9B"
"\xF1\x1F\x00\xED\x9A\xBA\x26\x90"
"\x1D\xD7\xC2\x8C\xDE\xC0\x66\xCC"
"\x6A\xF4\x2E\x40\xF8\x2F\x3A\x1E",
}, {
.plaintext = "1234567890123456789012345678901234567890"
"1234567890123456789012345678901234567890",
.psize = 80,
.digest = "\x46\x6E\xF1\x8B\xAB\xB0\x15\x4D"
"\x25\xB9\xD3\x8A\x64\x14\xF5\xC0"
"\x87\x84\x37\x2B\xCC\xB2\x04\xD6"
"\x54\x9C\x4A\xFA\xDB\x60\x14\x29",
}, {
.plaintext = "abcdbcdecdefdefgefghfghighijhijk",
.psize = 32,
.digest = "\x2A\x98\x7E\xA4\x0F\x91\x70\x61"
"\xF5\xD6\xF0\xA0\xE4\x64\x4F\x48"
"\x8A\x7A\x5A\x52\xDE\xEE\x65\x62"
"\x07\xC5\x62\xF9\x88\xE9\x5C\x69",
},
};
/*
* TIGER test vectors from Tiger website
*/
static const struct hash_testvec tgr192_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\x24\xf0\x13\x0c\x63\xac\x93\x32"
"\x16\x16\x6e\x76\xb1\xbb\x92\x5f"
"\xf3\x73\xde\x2d\x49\x58\x4e\x7a",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xf2\x58\xc1\xe8\x84\x14\xab\x2a"
"\x52\x7a\xb5\x41\xff\xc5\xb8\xbf"
"\x93\x5f\x7b\x95\x1c\x13\x29\x51",
}, {
.plaintext = "Tiger",
.psize = 5,
.digest = "\x9f\x00\xf5\x99\x07\x23\x00\xdd"
"\x27\x6a\xbb\x38\xc8\xeb\x6d\xec"
"\x37\x79\x0c\x11\x6f\x9d\x2b\xdf",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
.digest = "\x87\xfb\x2a\x90\x83\x85\x1c\xf7"
"\x47\x0d\x2c\xf8\x10\xe6\xdf\x9e"
"\xb5\x86\x44\x50\x34\xa5\xa3\x86",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789",
.psize = 64,
.digest = "\x46\x7d\xb8\x08\x63\xeb\xce\x48"
"\x8d\xf1\xcd\x12\x61\x65\x5d\xe9"
"\x57\x89\x65\x65\x97\x5f\x91\x97",
}, {
.plaintext = "Tiger - A Fast New Hash Function, "
"by Ross Anderson and Eli Biham, "
"proceedings of Fast Software Encryption 3, "
"Cambridge, 1996.",
.psize = 125,
.digest = "\x3d\x9a\xeb\x03\xd1\xbd\x1a\x63"
"\x57\xb2\x77\x4d\xfd\x6d\x5b\x24"
"\xdd\x68\x15\x1d\x50\x39\x74\xfc",
},
};
static const struct hash_testvec tgr160_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\x24\xf0\x13\x0c\x63\xac\x93\x32"
"\x16\x16\x6e\x76\xb1\xbb\x92\x5f"
"\xf3\x73\xde\x2d",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xf2\x58\xc1\xe8\x84\x14\xab\x2a"
"\x52\x7a\xb5\x41\xff\xc5\xb8\xbf"
"\x93\x5f\x7b\x95",
}, {
.plaintext = "Tiger",
.psize = 5,
.digest = "\x9f\x00\xf5\x99\x07\x23\x00\xdd"
"\x27\x6a\xbb\x38\xc8\xeb\x6d\xec"
"\x37\x79\x0c\x11",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
.digest = "\x87\xfb\x2a\x90\x83\x85\x1c\xf7"
"\x47\x0d\x2c\xf8\x10\xe6\xdf\x9e"
"\xb5\x86\x44\x50",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789",
.psize = 64,
.digest = "\x46\x7d\xb8\x08\x63\xeb\xce\x48"
"\x8d\xf1\xcd\x12\x61\x65\x5d\xe9"
"\x57\x89\x65\x65",
}, {
.plaintext = "Tiger - A Fast New Hash Function, "
"by Ross Anderson and Eli Biham, "
"proceedings of Fast Software Encryption 3, "
"Cambridge, 1996.",
.psize = 125,
.digest = "\x3d\x9a\xeb\x03\xd1\xbd\x1a\x63"
"\x57\xb2\x77\x4d\xfd\x6d\x5b\x24"
"\xdd\x68\x15\x1d",
},
};
static const struct hash_testvec tgr128_tv_template[] = {
{
.plaintext = "",
.psize = 0,
.digest = "\x24\xf0\x13\x0c\x63\xac\x93\x32"
"\x16\x16\x6e\x76\xb1\xbb\x92\x5f",
}, {
.plaintext = "abc",
.psize = 3,
.digest = "\xf2\x58\xc1\xe8\x84\x14\xab\x2a"
"\x52\x7a\xb5\x41\xff\xc5\xb8\xbf",
}, {
.plaintext = "Tiger",
.psize = 5,
.digest = "\x9f\x00\xf5\x99\x07\x23\x00\xdd"
"\x27\x6a\xbb\x38\xc8\xeb\x6d\xec",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+-",
.psize = 64,
.digest = "\x87\xfb\x2a\x90\x83\x85\x1c\xf7"
"\x47\x0d\x2c\xf8\x10\xe6\xdf\x9e",
}, {
.plaintext = "ABCDEFGHIJKLMNOPQRSTUVWXYZ=abcdefghijklmnopqrstuvwxyz+0123456789",
.psize = 64,
.digest = "\x46\x7d\xb8\x08\x63\xeb\xce\x48"
"\x8d\xf1\xcd\x12\x61\x65\x5d\xe9",
}, {
.plaintext = "Tiger - A Fast New Hash Function, "
"by Ross Anderson and Eli Biham, "
"proceedings of Fast Software Encryption 3, "
"Cambridge, 1996.",
.psize = 125,
.digest = "\x3d\x9a\xeb\x03\xd1\xbd\x1a\x63"
"\x57\xb2\x77\x4d\xfd\x6d\x5b\x24",
},
};
static const struct hash_testvec ghash_tv_template[] =
{
{
.key = "\xdf\xa6\xbf\x4d\xed\x81\xdb\x03"
"\xff\xca\xff\x95\xf8\x30\xf0\x61",
.ksize = 16,
.plaintext = "\x95\x2b\x2a\x56\xa5\x60\x04a\xc0"
"\xb3\x2b\x66\x56\xa0\x5b\x40\xb6",
.psize = 16,
.digest = "\xda\x53\xeb\x0a\xd2\xc5\x5b\xb6"
"\x4f\xc4\x80\x2c\xc3\xfe\xda\x60",
}, {
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
.ksize = 16,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\x3e\x1f\x5c\x4d\x65\xf0\xef\xce"
"\x0d\x61\x06\x27\x66\x51\xd5\xe2",
.np = 2,
.tap = {14, 14}
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 16,
.plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
.psize = 50,
.digest = "\xfb\x49\x8a\x36\xe1\x96\xe1\x96"
"\xe1\x96\xe1\x96\xe1\x96\xe1\x96",
}, {
.key = "\xda\x53\xeb\x0a\xd2\xc5\x5b\xb6"
"\x4f\xc4\x80\x2c\xc3\xfe\xda\x60",
.ksize = 16,
.plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
.psize = 50,
.digest = "\x2b\x5c\x0c\x7f\x52\xd1\x60\xc2"
"\x49\xed\x6e\x32\x7a\xa9\xbe\x08",
}, {
.key = "\x95\x2b\x2a\x56\xa5\x60\x04a\xc0"
"\xb3\x2b\x66\x56\xa0\x5b\x40\xb6",
.ksize = 16,
.plaintext = "Test With Truncation",
.psize = 20,
.digest = "\xf8\x94\x87\x2a\x4b\x63\x99\x28"
"\x23\xf7\x93\xf7\x19\xf5\x96\xd9",
}, {
.key = "\x0a\x1b\x2c\x3d\x4e\x5f\x64\x71"
"\x82\x93\xa4\xb5\xc6\xd7\xe8\xf9",
.ksize = 16,
.plaintext = "\x56\x6f\x72\x20\x6c\x61\x75\x74"
"\x65\x72\x20\x4c\x61\x75\x73\x63"
"\x68\x65\x6e\x20\x75\x6e\x64\x20"
"\x53\x74\x61\x75\x6e\x65\x6e\x20"
"\x73\x65\x69\x20\x73\x74\x69\x6c"
"\x6c\x2c\x0a\x64\x75\x20\x6d\x65"
"\x69\x6e\x20\x74\x69\x65\x66\x74"
"\x69\x65\x66\x65\x73\x20\x4c\x65"
"\x62\x65\x6e\x3b\x0a\x64\x61\x73"
"\x73\x20\x64\x75\x20\x77\x65\x69"
"\xc3\x9f\x74\x20\x77\x61\x73\x20"
"\x64\x65\x72\x20\x57\x69\x6e\x64"
"\x20\x64\x69\x72\x20\x77\x69\x6c"
"\x6c\x2c\x0a\x65\x68\x20\x6e\x6f"
"\x63\x68\x20\x64\x69\x65\x20\x42"
"\x69\x72\x6b\x65\x6e\x20\x62\x65"
"\x62\x65\x6e\x2e\x0a\x0a\x55\x6e"
"\x64\x20\x77\x65\x6e\x6e\x20\x64"
"\x69\x72\x20\x65\x69\x6e\x6d\x61"
"\x6c\x20\x64\x61\x73\x20\x53\x63"
"\x68\x77\x65\x69\x67\x65\x6e\x20"
"\x73\x70\x72\x61\x63\x68\x2c\x0a"
"\x6c\x61\x73\x73\x20\x64\x65\x69"
"\x6e\x65\x20\x53\x69\x6e\x6e\x65"
"\x20\x62\x65\x73\x69\x65\x67\x65"
"\x6e\x2e\x0a\x4a\x65\x64\x65\x6d"
"\x20\x48\x61\x75\x63\x68\x65\x20"
"\x67\x69\x62\x74\x20\x64\x69\x63"
"\x68\x2c\x20\x67\x69\x62\x20\x6e"
"\x61\x63\x68\x2c\x0a\x65\x72\x20"
"\x77\x69\x72\x64\x20\x64\x69\x63"
"\x68\x20\x6c\x69\x65\x62\x65\x6e"
"\x20\x75\x6e\x64\x20\x77\x69\x65"
"\x67\x65\x6e\x2e\x0a\x0a\x55\x6e"
"\x64\x20\x64\x61\x6e\x6e\x20\x6d"
"\x65\x69\x6e\x65\x20\x53\x65\x65"
"\x6c\x65\x20\x73\x65\x69\x74\x20"
"\x77\x65\x69\x74\x2c\x20\x73\x65"
"\x69\x20\x77\x65\x69\x74\x2c\x0a"
"\x64\x61\x73\x73\x20\x64\x69\x72"
"\x20\x64\x61\x73\x20\x4c\x65\x62"
"\x65\x6e\x20\x67\x65\x6c\x69\x6e"
"\x67\x65\x2c\x0a\x62\x72\x65\x69"
"\x74\x65\x20\x64\x69\x63\x68\x20"
"\x77\x69\x65\x20\x65\x69\x6e\x20"
"\x46\x65\x69\x65\x72\x6b\x6c\x65"
"\x69\x64\x0a\xc3\xbc\x62\x65\x72"
"\x20\x64\x69\x65\x20\x73\x69\x6e"
"\x6e\x65\x6e\x64\x65\x6e\x20\x44"
"\x69\x6e\x67\x65\x2e\x2e\x2e\x0a",
.psize = 400,
.digest = "\xad\xb1\xc1\xe9\x56\x70\x31\x1d"
"\xbb\x5b\xdf\x5e\x70\x72\x1a\x57",
},
};
/*
* HMAC-MD5 test vectors from RFC2202
* (These need to be fixed to not use strlen).
*/
static const struct hash_testvec hmac_md5_tv_template[] =
{
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
.ksize = 16,
.plaintext = "Hi There",
.psize = 8,
.digest = "\x92\x94\x72\x7a\x36\x38\xbb\x1c"
"\x13\xf4\x8e\xf8\x15\x8b\xfc\x9d",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\x75\x0c\x78\x3e\x6a\xb0\xb5\x03"
"\xea\xa8\x6e\x31\x0a\x5d\xb7\x38",
.np = 2,
.tap = {14, 14}
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 16,
.plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
.psize = 50,
.digest = "\x56\xbe\x34\x52\x1d\x14\x4c\x88"
"\xdb\xb8\xc7\x33\xf0\xe8\xb3\xf6",
}, {
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19",
.ksize = 25,
.plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
.psize = 50,
.digest = "\x69\x7e\xaf\x0a\xca\x3a\x3a\xea"
"\x3a\x75\x16\x47\x46\xff\xaa\x79",
}, {
.key = "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c",
.ksize = 16,
.plaintext = "Test With Truncation",
.psize = 20,
.digest = "\x56\x46\x1e\xf2\x34\x2e\xdc\x00"
"\xf9\xba\xb9\x95\x69\x0e\xfd\x4c",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
.psize = 54,
.digest = "\x6b\x1a\xb7\xfe\x4b\xd7\xbf\x8f"
"\x0b\x62\xe6\xce\x61\xb9\xd0\xcd",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key and Larger Than One "
"Block-Size Data",
.psize = 73,
.digest = "\x6f\x63\x0f\xad\x67\xcd\xa0\xee"
"\x1f\xb1\xf5\x62\xdb\x3a\xa5\x3e",
},
};
/*
* HMAC-RIPEMD128 test vectors from RFC2286
*/
static const struct hash_testvec hmac_rmd128_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
.ksize = 16,
.plaintext = "Hi There",
.psize = 8,
.digest = "\xfb\xf6\x1f\x94\x92\xaa\x4b\xbf"
"\x81\xc1\x72\xe8\x4e\x07\x34\xdb",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\x87\x5f\x82\x88\x62\xb6\xb3\x34"
"\xb4\x27\xc5\x5f\x9f\x7f\xf0\x9b",
.np = 2,
.tap = { 14, 14 },
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 16,
.plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
.psize = 50,
.digest = "\x09\xf0\xb2\x84\x6d\x2f\x54\x3d"
"\xa3\x63\xcb\xec\x8d\x62\xa3\x8d",
}, {
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19",
.ksize = 25,
.plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
.psize = 50,
.digest = "\xbd\xbb\xd7\xcf\x03\xe4\x4b\x5a"
"\xa6\x0a\xf8\x15\xbe\x4d\x22\x94",
}, {
.key = "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c",
.ksize = 16,
.plaintext = "Test With Truncation",
.psize = 20,
.digest = "\xe7\x98\x08\xf2\x4b\x25\xfd\x03"
"\x1c\x15\x5f\x0d\x55\x1d\x9a\x3a",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
.psize = 54,
.digest = "\xdc\x73\x29\x28\xde\x98\x10\x4a"
"\x1f\x59\xd3\x73\xc1\x50\xac\xbb",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key and Larger Than One "
"Block-Size Data",
.psize = 73,
.digest = "\x5c\x6b\xec\x96\x79\x3e\x16\xd4"
"\x06\x90\xc2\x37\x63\x5f\x30\xc5",
},
};
/*
* HMAC-RIPEMD160 test vectors from RFC2286
*/
static const struct hash_testvec hmac_rmd160_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\x24\xcb\x4b\xd6\x7d\x20\xfc\x1a\x5d\x2e"
"\xd7\x73\x2d\xcc\x39\x37\x7f\x0a\x56\x68",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\xdd\xa6\xc0\x21\x3a\x48\x5a\x9e\x24\xf4"
"\x74\x20\x64\xa7\xf0\x33\xb4\x3c\x40\x69",
.np = 2,
.tap = { 14, 14 },
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 20,
.plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
.psize = 50,
.digest = "\xb0\xb1\x05\x36\x0d\xe7\x59\x96\x0a\xb4"
"\xf3\x52\x98\xe1\x16\xe2\x95\xd8\xe7\xc1",
}, {
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19",
.ksize = 25,
.plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
.psize = 50,
.digest = "\xd5\xca\x86\x2f\x4d\x21\xd5\xe6\x10\xe1"
"\x8b\x4c\xf1\xbe\xb9\x7a\x43\x65\xec\xf4",
}, {
.key = "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c",
.ksize = 20,
.plaintext = "Test With Truncation",
.psize = 20,
.digest = "\x76\x19\x69\x39\x78\xf9\x1d\x90\x53\x9a"
"\xe7\x86\x50\x0f\xf3\xd8\xe0\x51\x8e\x39",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
.psize = 54,
.digest = "\x64\x66\xca\x07\xac\x5e\xac\x29\xe1\xbd"
"\x52\x3e\x5a\xda\x76\x05\xb7\x91\xfd\x8b",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key and Larger Than One "
"Block-Size Data",
.psize = 73,
.digest = "\x69\xea\x60\x79\x8d\x71\x61\x6c\xce\x5f"
"\xd0\x87\x1e\x23\x75\x4c\xd7\x5d\x5a\x0a",
},
};
/*
* HMAC-SHA1 test vectors from RFC2202
*/
static const struct hash_testvec hmac_sha1_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\xb6\x17\x31\x86\x55\x05\x72\x64"
"\xe2\x8b\xc0\xb6\xfb\x37\x8c\x8e\xf1"
"\x46\xbe",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\xef\xfc\xdf\x6a\xe5\xeb\x2f\xa2\xd2\x74"
"\x16\xd5\xf1\x84\xdf\x9c\x25\x9a\x7c\x79",
.np = 2,
.tap = { 14, 14 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 20,
.plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
.psize = 50,
.digest = "\x12\x5d\x73\x42\xb9\xac\x11\xcd\x91\xa3"
"\x9a\xf4\x8a\xa1\x7b\x4f\x63\xf1\x75\xd3",
}, {
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18\x19",
.ksize = 25,
.plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
.psize = 50,
.digest = "\x4c\x90\x07\xf4\x02\x62\x50\xc6\xbc\x84"
"\x14\xf9\xbf\x50\xc8\x6c\x2d\x72\x35\xda",
}, {
.key = "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c",
.ksize = 20,
.plaintext = "Test With Truncation",
.psize = 20,
.digest = "\x4c\x1a\x03\x42\x4b\x55\xe0\x7f\xe7\xf2"
"\x7b\xe1\xd5\x8b\xb9\x32\x4a\x9a\x5a\x04",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
.psize = 54,
.digest = "\xaa\x4a\xe5\xe1\x52\x72\xd0\x0e\x95\x70"
"\x56\x37\xce\x8a\x3b\x55\xed\x40\x21\x12",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key and Larger Than One "
"Block-Size Data",
.psize = 73,
.digest = "\xe8\xe9\x9d\x0f\x45\x23\x7d\x78\x6d\x6b"
"\xba\xa7\x96\x5c\x78\x08\xbb\xff\x1a\x91",
},
};
/*
* SHA224 HMAC test vectors from RFC4231
*/
static const struct hash_testvec hmac_sha224_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b",
.ksize = 20,
/* ("Hi There") */
.plaintext = "\x48\x69\x20\x54\x68\x65\x72\x65",
.psize = 8,
.digest = "\x89\x6f\xb1\x12\x8a\xbb\xdf\x19"
"\x68\x32\x10\x7c\xd4\x9d\xf3\x3f"
"\x47\xb4\xb1\x16\x99\x12\xba\x4f"
"\x53\x68\x4b\x22",
}, {
.key = "Jefe",
.ksize = 4,
/* ("what do ya want for nothing?") */
.plaintext = "\x77\x68\x61\x74\x20\x64\x6f\x20"
"\x79\x61\x20\x77\x61\x6e\x74\x20"
"\x66\x6f\x72\x20\x6e\x6f\x74\x68"
"\x69\x6e\x67\x3f",
.psize = 28,
.digest = "\xa3\x0e\x01\x09\x8b\xc6\xdb\xbf"
"\x45\x69\x0f\x3a\x7e\x9e\x6d\x0f"
"\x8b\xbe\xa2\xa3\x9e\x61\x48\x00"
"\x8f\xd0\x5e\x44",
.np = 4,
.tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
/* ("Test Using Larger Than Block-Size Key - Hash Key First") */
.plaintext = "\x54\x65\x73\x74\x20\x55\x73\x69"
"\x6e\x67\x20\x4c\x61\x72\x67\x65"
"\x72\x20\x54\x68\x61\x6e\x20\x42"
"\x6c\x6f\x63\x6b\x2d\x53\x69\x7a"
"\x65\x20\x4b\x65\x79\x20\x2d\x20"
"\x48\x61\x73\x68\x20\x4b\x65\x79"
"\x20\x46\x69\x72\x73\x74",
.psize = 54,
.digest = "\x95\xe9\xa0\xdb\x96\x20\x95\xad"
"\xae\xbe\x9b\x2d\x6f\x0d\xbc\xe2"
"\xd4\x99\xf1\x12\xf2\xd2\xb7\x27"
"\x3f\xa6\x87\x0e",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
/* ("This is a test using a larger than block-size key and a")
(" larger than block-size data. The key needs to be")
(" hashed before being used by the HMAC algorithm.") */
.plaintext = "\x54\x68\x69\x73\x20\x69\x73\x20"
"\x61\x20\x74\x65\x73\x74\x20\x75"
"\x73\x69\x6e\x67\x20\x61\x20\x6c"
"\x61\x72\x67\x65\x72\x20\x74\x68"
"\x61\x6e\x20\x62\x6c\x6f\x63\x6b"
"\x2d\x73\x69\x7a\x65\x20\x6b\x65"
"\x79\x20\x61\x6e\x64\x20\x61\x20"
"\x6c\x61\x72\x67\x65\x72\x20\x74"
"\x68\x61\x6e\x20\x62\x6c\x6f\x63"
"\x6b\x2d\x73\x69\x7a\x65\x20\x64"
"\x61\x74\x61\x2e\x20\x54\x68\x65"
"\x20\x6b\x65\x79\x20\x6e\x65\x65"
"\x64\x73\x20\x74\x6f\x20\x62\x65"
"\x20\x68\x61\x73\x68\x65\x64\x20"
"\x62\x65\x66\x6f\x72\x65\x20\x62"
"\x65\x69\x6e\x67\x20\x75\x73\x65"
"\x64\x20\x62\x79\x20\x74\x68\x65"
"\x20\x48\x4d\x41\x43\x20\x61\x6c"
"\x67\x6f\x72\x69\x74\x68\x6d\x2e",
.psize = 152,
.digest = "\x3a\x85\x41\x66\xac\x5d\x9f\x02"
"\x3f\x54\xd5\x17\xd0\xb3\x9d\xbd"
"\x94\x67\x70\xdb\x9c\x2b\x95\xc9"
"\xf6\xf5\x65\xd1",
},
};
/*
* HMAC-SHA256 test vectors from
* draft-ietf-ipsec-ciph-sha-256-01.txt
*/
static const struct hash_testvec hmac_sha256_tv_template[] = {
{
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20",
.ksize = 32,
.plaintext = "abc",
.psize = 3,
.digest = "\xa2\x1b\x1f\x5d\x4c\xf4\xf7\x3a"
"\x4d\xd9\x39\x75\x0f\x7a\x06\x6a"
"\x7f\x98\xcc\x13\x1c\xb1\x6a\x66"
"\x92\x75\x90\x21\xcf\xab\x81\x81",
}, {
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20",
.ksize = 32,
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
.psize = 56,
.digest = "\x10\x4f\xdc\x12\x57\x32\x8f\x08"
"\x18\x4b\xa7\x31\x31\xc5\x3c\xae"
"\xe6\x98\xe3\x61\x19\x42\x11\x49"
"\xea\x8c\x71\x24\x56\x69\x7d\x30",
}, {
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20",
.ksize = 32,
.plaintext = "abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq"
"abcdbcdecdefdefgefghfghighijhijkijkljklmklmnlmnomnopnopq",
.psize = 112,
.digest = "\x47\x03\x05\xfc\x7e\x40\xfe\x34"
"\xd3\xee\xb3\xe7\x73\xd9\x5a\xab"
"\x73\xac\xf0\xfd\x06\x04\x47\xa5"
"\xeb\x45\x95\xbf\x33\xa9\xd1\xa3",
}, {
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b",
.ksize = 32,
.plaintext = "Hi There",
.psize = 8,
.digest = "\x19\x8a\x60\x7e\xb4\x4b\xfb\xc6"
"\x99\x03\xa0\xf1\xcf\x2b\xbd\xc5"
"\xba\x0a\xa3\xf3\xd9\xae\x3c\x1c"
"\x7a\x3b\x16\x96\xa0\xb6\x8c\xf7",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\x5b\xdc\xc1\x46\xbf\x60\x75\x4e"
"\x6a\x04\x24\x26\x08\x95\x75\xc7"
"\x5a\x00\x3f\x08\x9d\x27\x39\x83"
"\x9d\xec\x58\xb9\x64\xec\x38\x43",
.np = 2,
.tap = { 14, 14 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa",
.ksize = 32,
.plaintext = "\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd"
"\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd\xdd",
.psize = 50,
.digest = "\xcd\xcb\x12\x20\xd1\xec\xcc\xea"
"\x91\xe5\x3a\xba\x30\x92\xf9\x62"
"\xe5\x49\xfe\x6c\xe9\xed\x7f\xdc"
"\x43\x19\x1f\xbd\xe4\x5c\x30\xb0",
}, {
.key = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25",
.ksize = 37,
.plaintext = "\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd"
"\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd\xcd",
.psize = 50,
.digest = "\xd4\x63\x3c\x17\xf6\xfb\x8d\x74"
"\x4c\x66\xde\xe0\xf8\xf0\x74\x55"
"\x6e\xc4\xaf\x55\xef\x07\x99\x85"
"\x41\x46\x8e\xb4\x9b\xd2\xe9\x17",
}, {
.key = "\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c\x0c"
"\x0c\x0c\x0c\x0c\x0c\x0c",
.ksize = 32,
.plaintext = "Test With Truncation",
.psize = 20,
.digest = "\x75\x46\xaf\x01\x84\x1f\xc0\x9b"
"\x1a\xb9\xc3\x74\x9a\x5f\x1c\x17"
"\xd4\xf5\x89\x66\x8a\x58\x7b\x27"
"\x00\xa9\xc9\x7c\x11\x93\xcf\x42",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key - Hash Key First",
.psize = 54,
.digest = "\x69\x53\x02\x5e\xd9\x6f\x0c\x09"
"\xf8\x0a\x96\xf7\x8e\x65\x38\xdb"
"\xe2\xe7\xb8\x20\xe3\xdd\x97\x0e"
"\x7d\xdd\x39\x09\x1b\x32\x35\x2f",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa",
.ksize = 80,
.plaintext = "Test Using Larger Than Block-Size Key and Larger Than "
"One Block-Size Data",
.psize = 73,
.digest = "\x63\x55\xac\x22\xe8\x90\xd0\xa3"
"\xc8\x48\x1a\x5c\xa4\x82\x5b\xc8"
"\x84\xd3\xe7\xa1\xff\x98\xa2\xfc"
"\x2a\xc7\xd8\xe0\x64\xc3\xb2\xe6",
},
};
static const struct hash_testvec aes_cmac128_tv_template[] = {
{ /* From NIST Special Publication 800-38B, AES-128 */
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.plaintext = zeroed_string,
.digest = "\xbb\x1d\x69\x29\xe9\x59\x37\x28"
"\x7f\xa3\x7d\x12\x9b\x75\x67\x46",
.psize = 0,
.ksize = 16,
}, {
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
.digest = "\x07\x0a\x16\xb4\x6b\x4d\x41\x44"
"\xf7\x9b\xdd\x9d\xd0\x4a\x28\x7c",
.psize = 16,
.ksize = 16,
}, {
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11",
.digest = "\xdf\xa6\x67\x47\xde\x9a\xe6\x30"
"\x30\xca\x32\x61\x14\x97\xc8\x27",
.psize = 40,
.ksize = 16,
}, {
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.digest = "\x51\xf0\xbe\xbf\x7e\x3b\x9d\x92"
"\xfc\x49\x74\x17\x79\x36\x3c\xfe",
.psize = 64,
.ksize = 16,
}, { /* From NIST Special Publication 800-38B, AES-256 */
.key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.plaintext = zeroed_string,
.digest = "\x02\x89\x62\xf6\x1b\x7b\xf8\x9e"
"\xfc\x6b\x55\x1f\x46\x67\xd9\x83",
.psize = 0,
.ksize = 32,
}, {
.key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.digest = "\xe1\x99\x21\x90\x54\x9f\x6e\xd5"
"\x69\x6a\x2c\x05\x6c\x31\x54\x10",
.psize = 64,
.ksize = 32,
}
};
static const struct hash_testvec aes_cbcmac_tv_template[] = {
{
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a",
.digest = "\x3a\xd7\x7b\xb4\x0d\x7a\x36\x60"
"\xa8\x9e\xca\xf3\x24\x66\xef\x97",
.psize = 16,
.ksize = 16,
}, {
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30",
.digest = "\x9d\x0d\xd0\x63\xfb\xcb\x24\x43"
"\xf8\xf2\x76\x03\xac\x39\xb0\x9d",
.psize = 33,
.ksize = 16,
.np = 2,
.tap = { 7, 26 },
}, {
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37",
.digest = "\xc0\x71\x73\xb8\xa0\x2c\x11\x7c"
"\xaf\xdc\xb2\xf8\x89\x32\xa3\x3a",
.psize = 63,
.ksize = 16,
}, {
.key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10"
"\x1c",
.digest = "\x6a\x4e\xdb\x21\x47\x51\xdf\x4f"
"\xa8\x4d\x4c\x10\x3b\x72\x7d\xd6",
.psize = 65,
.ksize = 32,
}
};
static const struct hash_testvec des3_ede_cmac64_tv_template[] = {
/*
* From NIST Special Publication 800-38B, Three Key TDEA
* Corrected test vectors from:
* http://csrc.nist.gov/publications/nistpubs/800-38B/Updated_CMAC_Examples.pdf
*/
{
.key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62"
"\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
"\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5",
.plaintext = zeroed_string,
.digest = "\xb7\xa6\x88\xe1\x22\xff\xaf\x95",
.psize = 0,
.ksize = 24,
}, {
.key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62"
"\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
"\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96",
.digest = "\x8e\x8f\x29\x31\x36\x28\x37\x97",
.psize = 8,
.ksize = 24,
}, {
.key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62"
"\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
"\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57",
.digest = "\x74\x3d\xdb\xe0\xce\x2d\xc2\xed",
.psize = 20,
.ksize = 24,
}, {
.key = "\x8a\xa8\x3b\xf8\xcb\xda\x10\x62"
"\x0b\xc1\xbf\x19\xfb\xb6\xcd\x58"
"\xbc\x31\x3d\x4a\x37\x1c\xa8\xb5",
.plaintext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51",
.digest = "\x33\xe6\xb1\x09\x24\x00\xea\xe5",
.psize = 32,
.ksize = 24,
}
};
static const struct hash_testvec aes_xcbc128_tv_template[] = {
{
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.plaintext = zeroed_string,
.digest = "\x75\xf0\x25\x1d\x52\x8a\xc0\x1c"
"\x45\x73\xdf\xd5\x84\xd7\x9f\x29",
.psize = 0,
.ksize = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.plaintext = "\x00\x01\x02",
.digest = "\x5b\x37\x65\x80\xae\x2f\x19\xaf"
"\xe7\x21\x9c\xee\xf1\x72\x75\x6f",
.psize = 3,
.ksize = 16,
} , {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.plaintext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.digest = "\xd2\xa2\x46\xfa\x34\x9b\x68\xa7"
"\x99\x98\xa4\x39\x4f\xf7\xa2\x63",
.psize = 16,
.ksize = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.plaintext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13",
.digest = "\x47\xf5\x1b\x45\x64\x96\x62\x15"
"\xb8\x98\x5c\x63\x05\x5e\xd3\x08",
.tap = { 10, 10 },
.psize = 20,
.np = 2,
.ksize = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.plaintext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.digest = "\xf5\x4f\x0e\xc8\xd2\xb9\xf3\xd3"
"\x68\x07\x73\x4b\xd5\x28\x3f\xd4",
.psize = 32,
.ksize = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.plaintext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21",
.digest = "\xbe\xcb\xb3\xbc\xcd\xb5\x18\xa3"
"\x06\x77\xd5\x48\x1f\xb6\xb4\xd8",
.tap = { 17, 17 },
.psize = 34,
.np = 2,
.ksize = 16,
}
};
static const char vmac64_string1[144] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\x01', '\x01', '\x01', '\x01', '\x02', '\x03', '\x02', '\x02',
'\x02', '\x04', '\x01', '\x07', '\x04', '\x01', '\x04', '\x03',
};
static const char vmac64_string2[144] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'a', 'b', 'c',
};
static const char vmac64_string3[144] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'a', 'b', 'c', 'a', 'b', 'c', 'a', 'b',
'c', 'a', 'b', 'c', 'a', 'b', 'c', 'a',
'b', 'c', 'a', 'b', 'c', 'a', 'b', 'c',
'a', 'b', 'c', 'a', 'b', 'c', 'a', 'b',
'c', 'a', 'b', 'c', 'a', 'b', 'c', 'a',
'b', 'c', 'a', 'b', 'c', 'a', 'b', 'c',
};
static const char vmac64_string4[33] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'b', 'c', 'e', 'f', 'i', 'j', 'l', 'm',
'o', 'p', 'r', 's', 't', 'u', 'w', 'x',
'z',
};
static const char vmac64_string5[143] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'r', 'm', 'b', 't', 'c', 'o', 'l', 'k',
']', '%', '9', '2', '7', '!', 'A',
};
static const char vmac64_string6[145] = {
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'\0', '\0', '\0', '\0', '\0', '\0', '\0', '\0',
'p', 't', '*', '7', 'l', 'i', '!', '#',
'w', '0', 'z', '/', '4', 'A', 'n',
};
static const struct hash_testvec vmac64_aes_tv_template[] = {
{ /* draft-krovetz-vmac-01 test vector 1 */
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = "\0\0\0\0\0\0\0\0bcdefghi",
.psize = 16,
.digest = "\x25\x76\xbe\x1c\x56\xd8\xb8\x1b",
}, { /* draft-krovetz-vmac-01 test vector 2 */
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = "\0\0\0\0\0\0\0\0bcdefghiabc",
.psize = 19,
.digest = "\x2d\x37\x6c\xf5\xb1\x81\x3c\xe5",
}, { /* draft-krovetz-vmac-01 test vector 3 */
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = "\0\0\0\0\0\0\0\0bcdefghi"
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc",
.psize = 64,
.digest = "\xe8\x42\x1f\x61\xd5\x73\xd2\x98",
}, { /* draft-krovetz-vmac-01 test vector 4 */
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = "\0\0\0\0\0\0\0\0bcdefghi"
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabcabc"
"abcabcabcabcabcabcabcabcabcabcabcabcabcabcabc",
.psize = 316,
.digest = "\x44\x92\xdf\x6c\x5c\xac\x1b\xbe",
.tap = { 1, 100, 200, 15 },
.np = 4,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ksize = 16,
.plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.psize = 16,
.digest = "\x54\x7b\xa4\x77\x35\x80\x58\x07",
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ksize = 16,
.plaintext = vmac64_string1,
.psize = sizeof(vmac64_string1),
.digest = "\xa1\x8c\x68\xae\xd3\x3c\xf5\xce",
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ksize = 16,
.plaintext = vmac64_string2,
.psize = sizeof(vmac64_string2),
.digest = "\x2d\x14\xbd\x81\x73\xb0\x27\xc9",
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ksize = 16,
.plaintext = vmac64_string3,
.psize = sizeof(vmac64_string3),
.digest = "\x19\x0b\x47\x98\x8c\x95\x1a\x8d",
}, {
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.psize = 16,
.digest = "\x84\x8f\x55\x9e\x26\xa1\x89\x3b",
}, {
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = vmac64_string1,
.psize = sizeof(vmac64_string1),
.digest = "\xc2\x74\x8d\xf6\xb0\xab\x5e\xab",
}, {
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = vmac64_string2,
.psize = sizeof(vmac64_string2),
.digest = "\xdf\x09\x7b\x3d\x42\x68\x15\x11",
}, {
.key = "abcdefghijklmnop",
.ksize = 16,
.plaintext = vmac64_string3,
.psize = sizeof(vmac64_string3),
.digest = "\xd4\xfa\x8f\xed\xe1\x8f\x32\x8b",
}, {
.key = "a09b5cd!f#07K\x00\x00\x00",
.ksize = 16,
.plaintext = vmac64_string4,
.psize = sizeof(vmac64_string4),
.digest = "\x5f\xa1\x4e\x42\xea\x0f\xa5\xab",
}, {
.key = "a09b5cd!f#07K\x00\x00\x00",
.ksize = 16,
.plaintext = vmac64_string5,
.psize = sizeof(vmac64_string5),
.digest = "\x60\x67\xe8\x1d\xbc\x98\x31\x25",
}, {
.key = "a09b5cd!f#07K\x00\x00\x00",
.ksize = 16,
.plaintext = vmac64_string6,
.psize = sizeof(vmac64_string6),
.digest = "\x41\xeb\x65\x95\x47\x9b\xae\xc4",
},
};
/*
* SHA384 HMAC test vectors from RFC4231
*/
static const struct hash_testvec hmac_sha384_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\xaf\xd0\x39\x44\xd8\x48\x95\x62"
"\x6b\x08\x25\xf4\xab\x46\x90\x7f"
"\x15\xf9\xda\xdb\xe4\x10\x1e\xc6"
"\x82\xaa\x03\x4c\x7c\xeb\xc5\x9c"
"\xfa\xea\x9e\xa9\x07\x6e\xde\x7f"
"\x4a\xf1\x52\xe8\xb2\xfa\x9c\xb6",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\xaf\x45\xd2\xe3\x76\x48\x40\x31"
"\x61\x7f\x78\xd2\xb5\x8a\x6b\x1b"
"\x9c\x7e\xf4\x64\xf5\xa0\x1b\x47"
"\xe4\x2e\xc3\x73\x63\x22\x44\x5e"
"\x8e\x22\x40\xca\x5e\x69\xe2\xc7"
"\x8b\x32\x39\xec\xfa\xb2\x16\x49",
.np = 4,
.tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext = "Test Using Larger Than Block-Siz"
"e Key - Hash Key First",
.psize = 54,
.digest = "\x4e\xce\x08\x44\x85\x81\x3e\x90"
"\x88\xd2\xc6\x3a\x04\x1b\xc5\xb4"
"\x4f\x9e\xf1\x01\x2a\x2b\x58\x8f"
"\x3c\xd1\x1f\x05\x03\x3a\xc4\xc6"
"\x0c\x2e\xf6\xab\x40\x30\xfe\x82"
"\x96\x24\x8d\xf1\x63\xf4\x49\x52",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext = "This is a test u"
"sing a larger th"
"an block-size ke"
"y and a larger t"
"han block-size d"
"ata. The key nee"
"ds to be hashed "
"before being use"
"d by the HMAC al"
"gorithm.",
.psize = 152,
.digest = "\x66\x17\x17\x8e\x94\x1f\x02\x0d"
"\x35\x1e\x2f\x25\x4e\x8f\xd3\x2c"
"\x60\x24\x20\xfe\xb0\xb8\xfb\x9a"
"\xdc\xce\xbb\x82\x46\x1e\x99\xc5"
"\xa6\x78\xcc\x31\xe7\x99\x17\x6d"
"\x38\x60\xe6\x11\x0c\x46\x52\x3e",
},
};
/*
* SHA512 HMAC test vectors from RFC4231
*/
static const struct hash_testvec hmac_sha512_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\x87\xaa\x7c\xde\xa5\xef\x61\x9d"
"\x4f\xf0\xb4\x24\x1a\x1d\x6c\xb0"
"\x23\x79\xf4\xe2\xce\x4e\xc2\x78"
"\x7a\xd0\xb3\x05\x45\xe1\x7c\xde"
"\xda\xa8\x33\xb7\xd6\xb8\xa7\x02"
"\x03\x8b\x27\x4e\xae\xa3\xf4\xe4"
"\xbe\x9d\x91\x4e\xeb\x61\xf1\x70"
"\x2e\x69\x6c\x20\x3a\x12\x68\x54",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\x16\x4b\x7a\x7b\xfc\xf8\x19\xe2"
"\xe3\x95\xfb\xe7\x3b\x56\xe0\xa3"
"\x87\xbd\x64\x22\x2e\x83\x1f\xd6"
"\x10\x27\x0c\xd7\xea\x25\x05\x54"
"\x97\x58\xbf\x75\xc0\x5a\x99\x4a"
"\x6d\x03\x4f\x65\xf8\xf0\xe6\xfd"
"\xca\xea\xb1\xa3\x4d\x4a\x6b\x4b"
"\x63\x6e\x07\x0a\x38\xbc\xe7\x37",
.np = 4,
.tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext = "Test Using Large"
"r Than Block-Siz"
"e Key - Hash Key"
" First",
.psize = 54,
.digest = "\x80\xb2\x42\x63\xc7\xc1\xa3\xeb"
"\xb7\x14\x93\xc1\xdd\x7b\xe8\xb4"
"\x9b\x46\xd1\xf4\x1b\x4a\xee\xc1"
"\x12\x1b\x01\x37\x83\xf8\xf3\x52"
"\x6b\x56\xd0\x37\xe0\x5f\x25\x98"
"\xbd\x0f\xd2\x21\x5d\x6a\x1e\x52"
"\x95\xe6\x4f\x73\xf6\x3f\x0a\xec"
"\x8b\x91\x5a\x98\x5d\x78\x65\x98",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext =
"This is a test u"
"sing a larger th"
"an block-size ke"
"y and a larger t"
"han block-size d"
"ata. The key nee"
"ds to be hashed "
"before being use"
"d by the HMAC al"
"gorithm.",
.psize = 152,
.digest = "\xe3\x7b\x6a\x77\x5d\xc8\x7d\xba"
"\xa4\xdf\xa9\xf9\x6e\x5e\x3f\xfd"
"\xde\xbd\x71\xf8\x86\x72\x89\x86"
"\x5d\xf5\xa3\x2d\x20\xcd\xc9\x44"
"\xb6\x02\x2c\xac\x3c\x49\x82\xb1"
"\x0d\x5e\xeb\x55\xc3\xe4\xde\x15"
"\x13\x46\x76\xfb\x6d\xe0\x44\x60"
"\x65\xc9\x74\x40\xfa\x8c\x6a\x58",
},
};
static const struct hash_testvec hmac_sha3_224_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\x3b\x16\x54\x6b\xbc\x7b\xe2\x70"
"\x6a\x03\x1d\xca\xfd\x56\x37\x3d"
"\x98\x84\x36\x76\x41\xd8\xc5\x9a"
"\xf3\xc8\x60\xf7",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\x7f\xdb\x8d\xd8\x8b\xd2\xf6\x0d"
"\x1b\x79\x86\x34\xad\x38\x68\x11"
"\xc2\xcf\xc8\x5b\xfa\xf5\xd5\x2b"
"\xba\xce\x5e\x66",
.np = 4,
.tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext = "Test Using Large"
"r Than Block-Siz"
"e Key - Hash Key"
" First",
.psize = 54,
.digest = "\xb4\xa1\xf0\x4c\x00\x28\x7a\x9b"
"\x7f\x60\x75\xb3\x13\xd2\x79\xb8"
"\x33\xbc\x8f\x75\x12\x43\x52\xd0"
"\x5f\xb9\x99\x5f",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext =
"This is a test u"
"sing a larger th"
"an block-size ke"
"y and a larger t"
"han block-size d"
"ata. The key nee"
"ds to be hashed "
"before being use"
"d by the HMAC al"
"gorithm.",
.psize = 152,
.digest = "\x05\xd8\xcd\x6d\x00\xfa\xea\x8d"
"\x1e\xb6\x8a\xde\x28\x73\x0b\xbd"
"\x3c\xba\xb6\x92\x9f\x0a\x08\x6b"
"\x29\xcd\x62\xa0",
},
};
static const struct hash_testvec hmac_sha3_256_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\xba\x85\x19\x23\x10\xdf\xfa\x96"
"\xe2\xa3\xa4\x0e\x69\x77\x43\x51"
"\x14\x0b\xb7\x18\x5e\x12\x02\xcd"
"\xcc\x91\x75\x89\xf9\x5e\x16\xbb",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\xc7\xd4\x07\x2e\x78\x88\x77\xae"
"\x35\x96\xbb\xb0\xda\x73\xb8\x87"
"\xc9\x17\x1f\x93\x09\x5b\x29\x4a"
"\xe8\x57\xfb\xe2\x64\x5e\x1b\xa5",
.np = 4,
.tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext = "Test Using Large"
"r Than Block-Siz"
"e Key - Hash Key"
" First",
.psize = 54,
.digest = "\xed\x73\xa3\x74\xb9\x6c\x00\x52"
"\x35\xf9\x48\x03\x2f\x09\x67\x4a"
"\x58\xc0\xce\x55\x5c\xfc\x1f\x22"
"\x3b\x02\x35\x65\x60\x31\x2c\x3b",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext =
"This is a test u"
"sing a larger th"
"an block-size ke"
"y and a larger t"
"han block-size d"
"ata. The key nee"
"ds to be hashed "
"before being use"
"d by the HMAC al"
"gorithm.",
.psize = 152,
.digest = "\x65\xc5\xb0\x6d\x4c\x3d\xe3\x2a"
"\x7a\xef\x87\x63\x26\x1e\x49\xad"
"\xb6\xe2\x29\x3e\xc8\xe7\xc6\x1e"
"\x8d\xe6\x17\x01\xfc\x63\xe1\x23",
},
};
static const struct hash_testvec hmac_sha3_384_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\x68\xd2\xdc\xf7\xfd\x4d\xdd\x0a"
"\x22\x40\xc8\xa4\x37\x30\x5f\x61"
"\xfb\x73\x34\xcf\xb5\xd0\x22\x6e"
"\x1b\xc2\x7d\xc1\x0a\x2e\x72\x3a"
"\x20\xd3\x70\xb4\x77\x43\x13\x0e"
"\x26\xac\x7e\x3d\x53\x28\x86\xbd",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\xf1\x10\x1f\x8c\xbf\x97\x66\xfd"
"\x67\x64\xd2\xed\x61\x90\x3f\x21"
"\xca\x9b\x18\xf5\x7c\xf3\xe1\xa2"
"\x3c\xa1\x35\x08\xa9\x32\x43\xce"
"\x48\xc0\x45\xdc\x00\x7f\x26\xa2"
"\x1b\x3f\x5e\x0e\x9d\xf4\xc2\x0a",
.np = 4,
.tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext = "Test Using Large"
"r Than Block-Siz"
"e Key - Hash Key"
" First",
.psize = 54,
.digest = "\x0f\xc1\x95\x13\xbf\x6b\xd8\x78"
"\x03\x70\x16\x70\x6a\x0e\x57\xbc"
"\x52\x81\x39\x83\x6b\x9a\x42\xc3"
"\xd4\x19\xe4\x98\xe0\xe1\xfb\x96"
"\x16\xfd\x66\x91\x38\xd3\x3a\x11"
"\x05\xe0\x7c\x72\xb6\x95\x3b\xcc",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext =
"This is a test u"
"sing a larger th"
"an block-size ke"
"y and a larger t"
"han block-size d"
"ata. The key nee"
"ds to be hashed "
"before being use"
"d by the HMAC al"
"gorithm.",
.psize = 152,
.digest = "\x02\x6f\xdf\x6b\x50\x74\x1e\x37"
"\x38\x99\xc9\xf7\xd5\x40\x6d\x4e"
"\xb0\x9f\xc6\x66\x56\x36\xfc\x1a"
"\x53\x00\x29\xdd\xf5\xcf\x3c\xa5"
"\xa9\x00\xed\xce\x01\xf5\xf6\x1e"
"\x2f\x40\x8c\xdf\x2f\xd3\xe7\xe8",
},
};
static const struct hash_testvec hmac_sha3_512_tv_template[] = {
{
.key = "\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b\x0b\x0b\x0b\x0b"
"\x0b\x0b\x0b\x0b",
.ksize = 20,
.plaintext = "Hi There",
.psize = 8,
.digest = "\xeb\x3f\xbd\x4b\x2e\xaa\xb8\xf5"
"\xc5\x04\xbd\x3a\x41\x46\x5a\xac"
"\xec\x15\x77\x0a\x7c\xab\xac\x53"
"\x1e\x48\x2f\x86\x0b\x5e\xc7\xba"
"\x47\xcc\xb2\xc6\xf2\xaf\xce\x8f"
"\x88\xd2\x2b\x6d\xc6\x13\x80\xf2"
"\x3a\x66\x8f\xd3\x88\x8b\xb8\x05"
"\x37\xc0\xa0\xb8\x64\x07\x68\x9e",
}, {
.key = "Jefe",
.ksize = 4,
.plaintext = "what do ya want for nothing?",
.psize = 28,
.digest = "\x5a\x4b\xfe\xab\x61\x66\x42\x7c"
"\x7a\x36\x47\xb7\x47\x29\x2b\x83"
"\x84\x53\x7c\xdb\x89\xaf\xb3\xbf"
"\x56\x65\xe4\xc5\xe7\x09\x35\x0b"
"\x28\x7b\xae\xc9\x21\xfd\x7c\xa0"
"\xee\x7a\x0c\x31\xd0\x22\xa9\x5e"
"\x1f\xc9\x2b\xa9\xd7\x7d\xf8\x83"
"\x96\x02\x75\xbe\xb4\xe6\x20\x24",
.np = 4,
.tap = { 7, 7, 7, 7 }
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext = "Test Using Large"
"r Than Block-Siz"
"e Key - Hash Key"
" First",
.psize = 54,
.digest = "\x00\xf7\x51\xa9\xe5\x06\x95\xb0"
"\x90\xed\x69\x11\xa4\xb6\x55\x24"
"\x95\x1c\xdc\x15\xa7\x3a\x5d\x58"
"\xbb\x55\x21\x5e\xa2\xcd\x83\x9a"
"\xc7\x9d\x2b\x44\xa3\x9b\xaf\xab"
"\x27\xe8\x3f\xde\x9e\x11\xf6\x34"
"\x0b\x11\xd9\x91\xb1\xb9\x1b\xf2"
"\xee\xe7\xfc\x87\x24\x26\xc3\xa4",
}, {
.key = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa",
.ksize = 131,
.plaintext =
"This is a test u"
"sing a larger th"
"an block-size ke"
"y and a larger t"
"han block-size d"
"ata. The key nee"
"ds to be hashed "
"before being use"
"d by the HMAC al"
"gorithm.",
.psize = 152,
.digest = "\x38\xa4\x56\xa0\x04\xbd\x10\xd3"
"\x2c\x9a\xb8\x33\x66\x84\x11\x28"
"\x62\xc3\xdb\x61\xad\xcc\xa3\x18"
"\x29\x35\x5e\xaf\x46\xfd\x5c\x73"
"\xd0\x6a\x1f\x0d\x13\xfe\xc9\xa6"
"\x52\xfb\x38\x11\xb5\x77\xb1\xb1"
"\xd1\xb9\x78\x9f\x97\xae\x5b\x83"
"\xc6\xf4\x4d\xfc\xf1\xd6\x7e\xba",
},
};
/*
* Poly1305 test vectors from RFC7539 A.3.
*/
static const struct hash_testvec poly1305_tv_template[] = {
{ /* Test Vector #1 */
.plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.psize = 96,
.digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
}, { /* Test Vector #2 */
.plaintext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x36\xe5\xf6\xb5\xc5\xe0\x60\x70"
"\xf0\xef\xca\x96\x22\x7a\x86\x3e"
"\x41\x6e\x79\x20\x73\x75\x62\x6d"
"\x69\x73\x73\x69\x6f\x6e\x20\x74"
"\x6f\x20\x74\x68\x65\x20\x49\x45"
"\x54\x46\x20\x69\x6e\x74\x65\x6e"
"\x64\x65\x64\x20\x62\x79\x20\x74"
"\x68\x65\x20\x43\x6f\x6e\x74\x72"
"\x69\x62\x75\x74\x6f\x72\x20\x66"
"\x6f\x72\x20\x70\x75\x62\x6c\x69"
"\x63\x61\x74\x69\x6f\x6e\x20\x61"
"\x73\x20\x61\x6c\x6c\x20\x6f\x72"
"\x20\x70\x61\x72\x74\x20\x6f\x66"
"\x20\x61\x6e\x20\x49\x45\x54\x46"
"\x20\x49\x6e\x74\x65\x72\x6e\x65"
"\x74\x2d\x44\x72\x61\x66\x74\x20"
"\x6f\x72\x20\x52\x46\x43\x20\x61"
"\x6e\x64\x20\x61\x6e\x79\x20\x73"
"\x74\x61\x74\x65\x6d\x65\x6e\x74"
"\x20\x6d\x61\x64\x65\x20\x77\x69"
"\x74\x68\x69\x6e\x20\x74\x68\x65"
"\x20\x63\x6f\x6e\x74\x65\x78\x74"
"\x20\x6f\x66\x20\x61\x6e\x20\x49"
"\x45\x54\x46\x20\x61\x63\x74\x69"
"\x76\x69\x74\x79\x20\x69\x73\x20"
"\x63\x6f\x6e\x73\x69\x64\x65\x72"
"\x65\x64\x20\x61\x6e\x20\x22\x49"
"\x45\x54\x46\x20\x43\x6f\x6e\x74"
"\x72\x69\x62\x75\x74\x69\x6f\x6e"
"\x22\x2e\x20\x53\x75\x63\x68\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x63\x6c\x75"
"\x64\x65\x20\x6f\x72\x61\x6c\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x20\x49\x45"
"\x54\x46\x20\x73\x65\x73\x73\x69"
"\x6f\x6e\x73\x2c\x20\x61\x73\x20"
"\x77\x65\x6c\x6c\x20\x61\x73\x20"
"\x77\x72\x69\x74\x74\x65\x6e\x20"
"\x61\x6e\x64\x20\x65\x6c\x65\x63"
"\x74\x72\x6f\x6e\x69\x63\x20\x63"
"\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
"\x74\x69\x6f\x6e\x73\x20\x6d\x61"
"\x64\x65\x20\x61\x74\x20\x61\x6e"
"\x79\x20\x74\x69\x6d\x65\x20\x6f"
"\x72\x20\x70\x6c\x61\x63\x65\x2c"
"\x20\x77\x68\x69\x63\x68\x20\x61"
"\x72\x65\x20\x61\x64\x64\x72\x65"
"\x73\x73\x65\x64\x20\x74\x6f",
.psize = 407,
.digest = "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70"
"\xf0\xef\xca\x96\x22\x7a\x86\x3e",
}, { /* Test Vector #3 */
.plaintext = "\x36\xe5\xf6\xb5\xc5\xe0\x60\x70"
"\xf0\xef\xca\x96\x22\x7a\x86\x3e"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x41\x6e\x79\x20\x73\x75\x62\x6d"
"\x69\x73\x73\x69\x6f\x6e\x20\x74"
"\x6f\x20\x74\x68\x65\x20\x49\x45"
"\x54\x46\x20\x69\x6e\x74\x65\x6e"
"\x64\x65\x64\x20\x62\x79\x20\x74"
"\x68\x65\x20\x43\x6f\x6e\x74\x72"
"\x69\x62\x75\x74\x6f\x72\x20\x66"
"\x6f\x72\x20\x70\x75\x62\x6c\x69"
"\x63\x61\x74\x69\x6f\x6e\x20\x61"
"\x73\x20\x61\x6c\x6c\x20\x6f\x72"
"\x20\x70\x61\x72\x74\x20\x6f\x66"
"\x20\x61\x6e\x20\x49\x45\x54\x46"
"\x20\x49\x6e\x74\x65\x72\x6e\x65"
"\x74\x2d\x44\x72\x61\x66\x74\x20"
"\x6f\x72\x20\x52\x46\x43\x20\x61"
"\x6e\x64\x20\x61\x6e\x79\x20\x73"
"\x74\x61\x74\x65\x6d\x65\x6e\x74"
"\x20\x6d\x61\x64\x65\x20\x77\x69"
"\x74\x68\x69\x6e\x20\x74\x68\x65"
"\x20\x63\x6f\x6e\x74\x65\x78\x74"
"\x20\x6f\x66\x20\x61\x6e\x20\x49"
"\x45\x54\x46\x20\x61\x63\x74\x69"
"\x76\x69\x74\x79\x20\x69\x73\x20"
"\x63\x6f\x6e\x73\x69\x64\x65\x72"
"\x65\x64\x20\x61\x6e\x20\x22\x49"
"\x45\x54\x46\x20\x43\x6f\x6e\x74"
"\x72\x69\x62\x75\x74\x69\x6f\x6e"
"\x22\x2e\x20\x53\x75\x63\x68\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x63\x6c\x75"
"\x64\x65\x20\x6f\x72\x61\x6c\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x20\x49\x45"
"\x54\x46\x20\x73\x65\x73\x73\x69"
"\x6f\x6e\x73\x2c\x20\x61\x73\x20"
"\x77\x65\x6c\x6c\x20\x61\x73\x20"
"\x77\x72\x69\x74\x74\x65\x6e\x20"
"\x61\x6e\x64\x20\x65\x6c\x65\x63"
"\x74\x72\x6f\x6e\x69\x63\x20\x63"
"\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
"\x74\x69\x6f\x6e\x73\x20\x6d\x61"
"\x64\x65\x20\x61\x74\x20\x61\x6e"
"\x79\x20\x74\x69\x6d\x65\x20\x6f"
"\x72\x20\x70\x6c\x61\x63\x65\x2c"
"\x20\x77\x68\x69\x63\x68\x20\x61"
"\x72\x65\x20\x61\x64\x64\x72\x65"
"\x73\x73\x65\x64\x20\x74\x6f",
.psize = 407,
.digest = "\xf3\x47\x7e\x7c\xd9\x54\x17\xaf"
"\x89\xa6\xb8\x79\x4c\x31\x0c\xf0",
}, { /* Test Vector #4 */
.plaintext = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0"
"\x27\x54\x77\x61\x73\x20\x62\x72"
"\x69\x6c\x6c\x69\x67\x2c\x20\x61"
"\x6e\x64\x20\x74\x68\x65\x20\x73"
"\x6c\x69\x74\x68\x79\x20\x74\x6f"
"\x76\x65\x73\x0a\x44\x69\x64\x20"
"\x67\x79\x72\x65\x20\x61\x6e\x64"
"\x20\x67\x69\x6d\x62\x6c\x65\x20"
"\x69\x6e\x20\x74\x68\x65\x20\x77"
"\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
"\x20\x6d\x69\x6d\x73\x79\x20\x77"
"\x65\x72\x65\x20\x74\x68\x65\x20"
"\x62\x6f\x72\x6f\x67\x6f\x76\x65"
"\x73\x2c\x0a\x41\x6e\x64\x20\x74"
"\x68\x65\x20\x6d\x6f\x6d\x65\x20"
"\x72\x61\x74\x68\x73\x20\x6f\x75"
"\x74\x67\x72\x61\x62\x65\x2e",
.psize = 159,
.digest = "\x45\x41\x66\x9a\x7e\xaa\xee\x61"
"\xe7\x08\xdc\x7c\xbc\xc5\xeb\x62",
}, { /* Test Vector #5 */
.plaintext = "\x02\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
.psize = 48,
.digest = "\x03\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
}, { /* Test Vector #6 */
.plaintext = "\x02\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\x02\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.psize = 48,
.digest = "\x03\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
}, { /* Test Vector #7 */
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xf0\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\x11\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.psize = 80,
.digest = "\x05\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
}, { /* Test Vector #8 */
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xfb\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.psize = 80,
.digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
}, { /* Test Vector #9 */
.plaintext = "\x02\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xfd\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
.psize = 48,
.digest = "\xfa\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
}, { /* Test Vector #10 */
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
"\x04\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xe3\x35\x94\xd7\x50\x5e\x43\xb9"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x33\x94\xd7\x50\x5e\x43\x79\xcd"
"\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.psize = 96,
.digest = "\x14\x00\x00\x00\x00\x00\x00\x00"
"\x55\x00\x00\x00\x00\x00\x00\x00",
}, { /* Test Vector #11 */
.plaintext = "\x01\x00\x00\x00\x00\x00\x00\x00"
"\x04\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\xe3\x35\x94\xd7\x50\x5e\x43\xb9"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x33\x94\xd7\x50\x5e\x43\x79\xcd"
"\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.psize = 80,
.digest = "\x13\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: x86/poly1305 - fix overflow during partial reduction commit 678cce4019d746da6c680c48ba9e6d417803e127 upstream. The x86_64 implementation of Poly1305 produces the wrong result on some inputs because poly1305_4block_avx2() incorrectly assumes that when partially reducing the accumulator, the bits carried from limb 'd4' to limb 'h0' fit in a 32-bit integer. This is true for poly1305-generic which processes only one block at a time. However, it's not true for the AVX2 implementation, which processes 4 blocks at a time and therefore can produce intermediate limbs about 4x larger. Fix it by making the relevant calculations use 64-bit arithmetic rather than 32-bit. Note that most of the carries already used 64-bit arithmetic, but the d4 -> h0 carry was different for some reason. To be safe I also made the same change to the corresponding SSE2 code, though that only operates on 1 or 2 blocks at a time. I don't think it's really needed for poly1305_block_sse2(), but it doesn't hurt because it's already x86_64 code. It *might* be needed for poly1305_2block_sse2(), but overflows aren't easy to reproduce there. This bug was originally detected by my patches that improve testmgr to fuzz algorithms against their generic implementation. But also add a test vector which reproduces it directly (in the AVX2 case). Fixes: b1ccc8f4b631 ("crypto: poly1305 - Add a four block AVX2 variant for x86_64") Fixes: c70f4abef07a ("crypto: poly1305 - Add a SSE2 SIMD variant for x86_64") Cc: <stable@vger.kernel.org> # v4.3+ Cc: Martin Willi <martin@strongswan.org> Cc: Jason A. Donenfeld <Jason@zx2c4.com> Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Martin Willi <martin@strongswan.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> Signed-off-by: Greg Kroah-Hartman <gregkh@linuxfoundation.org>
2019-03-31 14:04:11 -06:00
}, { /* Regression test for overflow in AVX2 implementation */
.plaintext = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff",
.psize = 300,
.digest = "\xfb\x5e\x96\xd8\x61\xd5\xc7\xc8"
"\x78\xe5\x87\xcc\x2d\x5a\x22\xe1",
}
};
/* NHPoly1305 test vectors from https://github.com/google/adiantum */
static const struct hash_testvec nhpoly1305_tv_template[] = {
{
.key = "\xd2\x5d\x4c\xdd\x8d\x2b\x7f\x7a"
"\xd9\xbe\x71\xec\xd1\x83\x52\xe3"
"\xe1\xad\xd7\x5c\x0a\x75\x9d\xec"
"\x1d\x13\x7e\x5d\x71\x07\xc9\xe4"
"\x57\x2d\x44\x68\xcf\xd8\xd6\xc5"
"\x39\x69\x7d\x32\x75\x51\x4f\x7e"
"\xb2\x4c\xc6\x90\x51\x6e\xd9\xd6"
"\xa5\x8b\x2d\xf1\x94\xf9\xf7\x5e"
"\x2c\x84\x7b\x41\x0f\x88\x50\x89"
"\x30\xd9\xa1\x38\x46\x6c\xc0\x4f"
"\xe8\xdf\xdc\x66\xab\x24\x43\x41"
"\x91\x55\x29\x65\x86\x28\x5e\x45"
"\xd5\x2d\xb7\x80\x08\x9a\xc3\xd4"
"\x9a\x77\x0a\xd4\xef\x3e\xe6\x3f"
"\x6f\x2f\x9b\x3a\x7d\x12\x1e\x80"
"\x6c\x44\xa2\x25\xe1\xf6\x60\xe9"
"\x0d\xaf\xc5\x3c\xa5\x79\xae\x64"
"\xbc\xa0\x39\xa3\x4d\x10\xe5\x4d"
"\xd5\xe7\x89\x7a\x13\xee\x06\x78"
"\xdc\xa4\xdc\x14\x27\xe6\x49\x38"
"\xd0\xe0\x45\x25\x36\xc5\xf4\x79"
"\x2e\x9a\x98\x04\xe4\x2b\x46\x52"
"\x7c\x33\xca\xe2\x56\x51\x50\xe2"
"\xa5\x9a\xae\x18\x6a\x13\xf8\xd2"
"\x21\x31\x66\x02\xe2\xda\x8d\x7e"
"\x41\x19\xb2\x61\xee\x48\x8f\xf1"
"\x65\x24\x2e\x1e\x68\xce\x05\xd9"
"\x2a\xcf\xa5\x3a\x57\xdd\x35\x91"
"\x93\x01\xca\x95\xfc\x2b\x36\x04"
"\xe6\x96\x97\x28\xf6\x31\xfe\xa3"
"\x9d\xf6\x6a\x1e\x80\x8d\xdc\xec"
"\xaf\x66\x11\x13\x02\x88\xd5\x27"
"\x33\xb4\x1a\xcd\xa3\xf6\xde\x31"
"\x8e\xc0\x0e\x6c\xd8\x5a\x97\x5e"
"\xdd\xfd\x60\x69\x38\x46\x3f\x90"
"\x5e\x97\xd3\x32\x76\xc7\x82\x49"
"\xfe\xba\x06\x5f\x2f\xa2\xfd\xff"
"\x80\x05\x40\xe4\x33\x03\xfb\x10"
"\xc0\xde\x65\x8c\xc9\x8d\x3a\x9d"
"\xb5\x7b\x36\x4b\xb5\x0c\xcf\x00"
"\x9c\x87\xe4\x49\xad\x90\xda\x4a"
"\xdd\xbd\xff\xe2\x32\x57\xd6\x78"
"\x36\x39\x6c\xd3\x5b\x9b\x88\x59"
"\x2d\xf0\x46\xe4\x13\x0e\x2b\x35"
"\x0d\x0f\x73\x8a\x4f\x26\x84\x75"
"\x88\x3c\xc5\x58\x66\x18\x1a\xb4"
"\x64\x51\x34\x27\x1b\xa4\x11\xc9"
"\x6d\x91\x8a\xfa\x32\x60\x9d\xd7"
"\x87\xe5\xaa\x43\x72\xf8\xda\xd1"
"\x48\x44\x13\x61\xdc\x8c\x76\x17"
"\x0c\x85\x4e\xf3\xdd\xa2\x42\xd2"
"\x74\xc1\x30\x1b\xeb\x35\x31\x29"
"\x5b\xd7\x4c\x94\x46\x35\xa1\x23"
"\x50\xf2\xa2\x8e\x7e\x4f\x23\x4f"
"\x51\xff\xe2\xc9\xa3\x7d\x56\x8b"
"\x41\xf2\xd0\xc5\x57\x7e\x59\xac"
"\xbb\x65\xf3\xfe\xf7\x17\xef\x63"
"\x7c\x6f\x23\xdd\x22\x8e\xed\x84"
"\x0e\x3b\x09\xb3\xf3\xf4\x8f\xcd"
"\x37\xa8\xe1\xa7\x30\xdb\xb1\xa2"
"\x9c\xa2\xdf\x34\x17\x3e\x68\x44"
"\xd0\xde\x03\x50\xd1\x48\x6b\x20"
"\xe2\x63\x45\xa5\xea\x87\xc2\x42"
"\x95\x03\x49\x05\xed\xe0\x90\x29"
"\x1a\xb8\xcf\x9b\x43\xcf\x29\x7a"
"\x63\x17\x41\x9f\xe0\xc9\x10\xfd"
"\x2c\x56\x8c\x08\x55\xb4\xa9\x27"
"\x0f\x23\xb1\x05\x6a\x12\x46\xc7"
"\xe1\xfe\x28\x93\x93\xd7\x2f\xdc"
"\x98\x30\xdb\x75\x8a\xbe\x97\x7a"
"\x02\xfb\x8c\xba\xbe\x25\x09\xbe"
"\xce\xcb\xa2\xef\x79\x4d\x0e\x9d"
"\x1b\x9d\xb6\x39\x34\x38\xfa\x07"
"\xec\xe8\xfc\x32\x85\x1d\xf7\x85"
"\x63\xc3\x3c\xc0\x02\x75\xd7\x3f"
"\xb2\x68\x60\x66\x65\x81\xc6\xb1"
"\x42\x65\x4b\x4b\x28\xd7\xc7\xaa"
"\x9b\xd2\xdc\x1b\x01\xe0\x26\x39"
"\x01\xc1\x52\x14\xd1\x3f\xb7\xe6"
"\x61\x41\xc7\x93\xd2\xa2\x67\xc6"
"\xf7\x11\xb5\xf5\xea\xdd\x19\xfb"
"\x4d\x21\x12\xd6\x7d\xf1\x10\xb0"
"\x89\x07\xc7\x5a\x52\x73\x70\x2f"
"\x32\xef\x65\x2b\x12\xb2\xf0\xf5"
"\x20\xe0\x90\x59\x7e\x64\xf1\x4c"
"\x41\xb3\xa5\x91\x08\xe6\x5e\x5f"
"\x05\x56\x76\xb4\xb0\xcd\x70\x53"
"\x10\x48\x9c\xff\xc2\x69\x55\x24"
"\x87\xef\x84\xea\xfb\xa7\xbf\xa0"
"\x91\x04\xad\x4f\x8b\x57\x54\x4b"
"\xb6\xe9\xd1\xac\x37\x2f\x1d\x2e"
"\xab\xa5\xa4\xe8\xff\xfb\xd9\x39"
"\x2f\xb7\xac\xd1\xfe\x0b\x9a\x80"
"\x0f\xb6\xf4\x36\x39\x90\x51\xe3"
"\x0a\x2f\xb6\x45\x76\x89\xcd\x61"
"\xfe\x48\x5f\x75\x1d\x13\x00\x62"
"\x80\x24\x47\xe7\xbc\x37\xd7\xe3"
"\x15\xe8\x68\x22\xaf\x80\x6f\x4b"
"\xa8\x9f\x01\x10\x48\x14\xc3\x02"
"\x52\xd2\xc7\x75\x9b\x52\x6d\x30"
"\xac\x13\x85\xc8\xf7\xa3\x58\x4b"
"\x49\xf7\x1c\x45\x55\x8c\x39\x9a"
"\x99\x6d\x97\x27\x27\xe6\xab\xdd"
"\x2c\x42\x1b\x35\xdd\x9d\x73\xbb"
"\x6c\xf3\x64\xf1\xfb\xb9\xf7\xe6"
"\x4a\x3c\xc0\x92\xc0\x2e\xb7\x1a"
"\xbe\xab\xb3\x5a\xe5\xea\xb1\x48"
"\x58\x13\x53\x90\xfd\xc3\x8e\x54"
"\xf9\x18\x16\x73\xe8\xcb\x6d\x39"
"\x0e\xd7\xe0\xfe\xb6\x9f\x43\x97"
"\xe8\xd0\x85\x56\x83\x3e\x98\x68"
"\x7f\xbd\x95\xa8\x9a\x61\x21\x8f"
"\x06\x98\x34\xa6\xc8\xd6\x1d\xf3"
"\x3d\x43\xa4\x9a\x8c\xe5\xd3\x5a"
"\x32\xa2\x04\x22\xa4\x19\x1a\x46"
"\x42\x7e\x4d\xe5\xe0\xe6\x0e\xca"
"\xd5\x58\x9d\x2c\xaf\xda\x33\x5c"
"\xb0\x79\x9e\xc9\xfc\xca\xf0\x2f"
"\xa8\xb2\x77\xeb\x7a\xa2\xdd\x37"
"\x35\x83\x07\xd6\x02\x1a\xb6\x6c"
"\x24\xe2\x59\x08\x0e\xfd\x3e\x46"
"\xec\x40\x93\xf4\x00\x26\x4f\x2a"
"\xff\x47\x2f\xeb\x02\x92\x26\x5b"
"\x53\x17\xc2\x8d\x2a\xc7\xa3\x1b"
"\xcd\xbc\xa7\xe8\xd1\x76\xe3\x80"
"\x21\xca\x5d\x3b\xe4\x9c\x8f\xa9"
"\x5b\x7f\x29\x7f\x7c\xd8\xed\x6d"
"\x8c\xb2\x86\x85\xe7\x77\xf2\x85"
"\xab\x38\xa9\x9d\xc1\x4e\xc5\x64"
"\x33\x73\x8b\x59\x03\xad\x05\xdf"
"\x25\x98\x31\xde\xef\x13\xf1\x9b"
"\x3c\x91\x9d\x7b\xb1\xfa\xe6\xbf"
"\x5b\xed\xa5\x55\xe6\xea\x6c\x74"
"\xf4\xb9\xe4\x45\x64\x72\x81\xc2"
"\x4c\x28\xd4\xcd\xac\xe2\xde\xf9"
"\xeb\x5c\xeb\x61\x60\x5a\xe5\x28",
.ksize = 1088,
.plaintext = "",
.psize = 0,
.digest = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
}, {
.key = "\x29\x21\x43\xcb\xcb\x13\x07\xde"
"\xbf\x48\xdf\x8a\x7f\xa2\x84\xde"
"\x72\x23\x9d\xf5\xf0\x07\xf2\x4c"
"\x20\x3a\x93\xb9\xcd\x5d\xfe\xcb"
"\x99\x2c\x2b\x58\xc6\x50\x5f\x94"
"\x56\xc3\x7c\x0d\x02\x3f\xb8\x5e"
"\x7b\xc0\x6c\x51\x34\x76\xc0\x0e"
"\xc6\x22\xc8\x9e\x92\xa0\x21\xc9"
"\x85\x5c\x7c\xf8\xe2\x64\x47\xc9"
"\xe4\xa2\x57\x93\xf8\xa2\x69\xcd"
"\x62\x98\x99\xf4\xd7\x7b\x14\xb1"
"\xd8\x05\xff\x04\x15\xc9\xe1\x6e"
"\x9b\xe6\x50\x6b\x0b\x3f\x22\x1f"
"\x08\xde\x0c\x5b\x08\x7e\xc6\x2f"
"\x6c\xed\xd6\xb2\x15\xa4\xb3\xf9"
"\xa7\x46\x38\x2a\xea\x69\xa5\xde"
"\x02\xc3\x96\x89\x4d\x55\x3b\xed"
"\x3d\x3a\x85\x77\xbf\x97\x45\x5c"
"\x9e\x02\x69\xe2\x1b\x68\xbe\x96"
"\xfb\x64\x6f\x0f\xf6\x06\x40\x67"
"\xfa\x04\xe3\x55\xfa\xbe\xa4\x60"
"\xef\x21\x66\x97\xe6\x9d\x5c\x1f"
"\x62\x37\xaa\x31\xde\xe4\x9c\x28"
"\x95\xe0\x22\x86\xf4\x4d\xf3\x07"
"\xfd\x5f\x3a\x54\x2c\x51\x80\x71"
"\xba\x78\x69\x5b\x65\xab\x1f\x81"
"\xed\x3b\xff\x34\xa3\xfb\xbc\x73"
"\x66\x7d\x13\x7f\xdf\x6e\xe2\xe2"
"\xeb\x4f\x6c\xda\x7d\x33\x57\xd0"
"\xd3\x7c\x95\x4f\x33\x58\x21\xc7"
"\xc0\xe5\x6f\x42\x26\xc6\x1f\x5e"
"\x85\x1b\x98\x9a\xa2\x1e\x55\x77"
"\x23\xdf\x81\x5e\x79\x55\x05\xfc"
"\xfb\xda\xee\xba\x5a\xba\xf7\x77"
"\x7f\x0e\xd3\xe1\x37\xfe\x8d\x2b"
"\xd5\x3f\xfb\xd0\xc0\x3c\x0b\x3f"
"\xcf\x3c\x14\xcf\xfb\x46\x72\x4c"
"\x1f\x39\xe2\xda\x03\x71\x6d\x23"
"\xef\x93\xcd\x39\xd9\x37\x80\x4d"
"\x65\x61\xd1\x2c\x03\xa9\x47\x72"
"\x4d\x1e\x0e\x16\x33\x0f\x21\x17"
"\xec\x92\xea\x6f\x37\x22\xa4\xd8"
"\x03\x33\x9e\xd8\x03\x69\x9a\xe8"
"\xb2\x57\xaf\x78\x99\x05\x12\xab"
"\x48\x90\x80\xf0\x12\x9b\x20\x64"
"\x7a\x1d\x47\x5f\xba\x3c\xf9\xc3"
"\x0a\x0d\x8d\xa1\xf9\x1b\x82\x13"
"\x3e\x0d\xec\x0a\x83\xc0\x65\xe1"
"\xe9\x95\xff\x97\xd6\xf2\xe4\xd5"
"\x86\xc0\x1f\x29\x27\x63\xd7\xde"
"\xb7\x0a\x07\x99\x04\x2d\xa3\x89"
"\xa2\x43\xcf\xf3\xe1\x43\xac\x4a"
"\x06\x97\xd0\x05\x4f\x87\xfa\xf9"
"\x9b\xbf\x52\x70\xbd\xbc\x6c\xf3"
"\x03\x13\x60\x41\x28\x09\xec\xcc"
"\xb1\x1a\xec\xd6\xfb\x6f\x2a\x89"
"\x5d\x0b\x53\x9c\x59\xc1\x84\x21"
"\x33\x51\x47\x19\x31\x9c\xd4\x0a"
"\x4d\x04\xec\x50\x90\x61\xbd\xbc"
"\x7e\xc8\xd9\x6c\x98\x1d\x45\x41"
"\x17\x5e\x97\x1c\xc5\xa8\xe8\xea"
"\x46\x58\x53\xf7\x17\xd5\xad\x11"
"\xc8\x54\xf5\x7a\x33\x90\xf5\x19"
"\xba\x36\xb4\xfc\x52\xa5\x72\x3d"
"\x14\xbb\x55\xa7\xe9\xe3\x12\xf7"
"\x1c\x30\xa2\x82\x03\xbf\x53\x91"
"\x2e\x60\x41\x9f\x5b\x69\x39\xf6"
"\x4d\xc8\xf8\x46\x7a\x7f\xa4\x98"
"\x36\xff\x06\xcb\xca\xe7\x33\xf2"
"\xc0\x4a\xf4\x3c\x14\x44\x5f\x6b"
"\x75\xef\x02\x36\x75\x08\x14\xfd"
"\x10\x8e\xa5\x58\xd0\x30\x46\x49"
"\xaf\x3a\xf8\x40\x3d\x35\xdb\x84"
"\x11\x2e\x97\x6a\xb7\x87\x7f\xad"
"\xf1\xfa\xa5\x63\x60\xd8\x5e\xbf"
"\x41\x78\x49\xcf\x77\xbb\x56\xbb"
"\x7d\x01\x67\x05\x22\xc8\x8f\x41"
"\xba\x81\xd2\xca\x2c\x38\xac\x76"
"\x06\xc1\x1a\xc2\xce\xac\x90\x67"
"\x57\x3e\x20\x12\x5b\xd9\x97\x58"
"\x65\x05\xb7\x04\x61\x7e\xd8\x3a"
"\xbf\x55\x3b\x13\xe9\x34\x5a\x37"
"\x36\xcb\x94\x45\xc5\x32\xb3\xa0"
"\x0c\x3e\x49\xc5\xd3\xed\xa7\xf0"
"\x1c\x69\xcc\xea\xcc\x83\xc9\x16"
"\x95\x72\x4b\xf4\x89\xd5\xb9\x10"
"\xf6\x2d\x60\x15\xea\x3c\x06\x66"
"\x9f\x82\xad\x17\xce\xd2\xa4\x48"
"\x7c\x65\xd9\xf8\x02\x4d\x9b\x4c"
"\x89\x06\x3a\x34\x85\x48\x89\x86"
"\xf9\x24\xa9\x54\x72\xdb\x44\x95"
"\xc7\x44\x1c\x19\x11\x4c\x04\xdc"
"\x13\xb9\x67\xc8\xc3\x3a\x6a\x50"
"\xfa\xd1\xfb\xe1\x88\xb6\xf1\xa3"
"\xc5\x3b\xdc\x38\x45\x16\x26\x02"
"\x3b\xb8\x8f\x8b\x58\x7d\x23\x04"
"\x50\x6b\x81\x9f\xae\x66\xac\x6f"
"\xcf\x2a\x9d\xf1\xfd\x1d\x57\x07"
"\xbe\x58\xeb\x77\x0c\xe3\xc2\x19"
"\x14\x74\x1b\x51\x1c\x4f\x41\xf3"
"\x32\x89\xb3\xe7\xde\x62\xf6\x5f"
"\xc7\x6a\x4a\x2a\x5b\x0f\x5f\x87"
"\x9c\x08\xb9\x02\x88\xc8\x29\xb7"
"\x94\x52\xfa\x52\xfe\xaa\x50\x10"
"\xba\x48\x75\x5e\x11\x1b\xe6\x39"
"\xd7\x82\x2c\x87\xf1\x1e\xa4\x38"
"\x72\x3e\x51\xe7\xd8\x3e\x5b\x7b"
"\x31\x16\x89\xba\xd6\xad\x18\x5e"
"\xba\xf8\x12\xb3\xf4\x6c\x47\x30"
"\xc0\x38\x58\xb3\x10\x8d\x58\x5d"
"\xb4\xfb\x19\x7e\x41\xc3\x66\xb8"
"\xd6\x72\x84\xe1\x1a\xc2\x71\x4c"
"\x0d\x4a\x21\x7a\xab\xa2\xc0\x36"
"\x15\xc5\xe9\x46\xd7\x29\x17\x76"
"\x5e\x47\x36\x7f\x72\x05\xa7\xcc"
"\x36\x63\xf9\x47\x7d\xe6\x07\x3c"
"\x8b\x79\x1d\x96\x61\x8d\x90\x65"
"\x7c\xf5\xeb\x4e\x6e\x09\x59\x6d"
"\x62\x50\x1b\x0f\xe0\xdc\x78\xf2"
"\x5b\x83\x1a\xa1\x11\x75\xfd\x18"
"\xd7\xe2\x8d\x65\x14\x21\xce\xbe"
"\xb5\x87\xe3\x0a\xda\x24\x0a\x64"
"\xa9\x9f\x03\x8d\x46\x5d\x24\x1a"
"\x8a\x0c\x42\x01\xca\xb1\x5f\x7c"
"\xa5\xac\x32\x4a\xb8\x07\x91\x18"
"\x6f\xb0\x71\x3c\xc9\xb1\xa8\xf8"
"\x5f\x69\xa5\xa1\xca\x9e\x7a\xaa"
"\xac\xe9\xc7\x47\x41\x75\x25\xc3"
"\x73\xe2\x0b\xdd\x6d\x52\x71\xbe"
"\xc5\xdc\xb4\xe7\x01\x26\x53\x77"
"\x86\x90\x85\x68\x6b\x7b\x03\x53"
"\xda\x52\x52\x51\x68\xc8\xf3\xec"
"\x6c\xd5\x03\x7a\xa3\x0e\xb4\x02"
"\x5f\x1a\xab\xee\xca\x67\x29\x7b"
"\xbd\x96\x59\xb3\x8b\x32\x7a\x92"
"\x9f\xd8\x25\x2b\xdf\xc0\x4c\xda",
.ksize = 1088,
.plaintext = "\xbc\xda\x81\xa8\x78\x79\x1c\xbf"
"\x77\x53\xba\x4c\x30\x5b\xb8\x33",
.psize = 16,
.digest = "\x04\xbf\x7f\x6a\xce\x72\xea\x6a"
"\x79\xdb\xb0\xc9\x60\xf6\x12\xcc",
.np = 6,
.tap = { 4, 4, 1, 1, 1, 5 },
}, {
.key = "\x65\x4d\xe3\xf8\xd2\x4c\xac\x28"
"\x68\xf5\xb3\x81\x71\x4b\xa1\xfa"
"\x04\x0e\xd3\x81\x36\xbe\x0c\x81"
"\x5e\xaf\xbc\x3a\xa4\xc0\x8e\x8b"
"\x55\x63\xd3\x52\x97\x88\xd6\x19"
"\xbc\x96\xdf\x49\xff\x04\x63\xf5"
"\x0c\x11\x13\xaa\x9e\x1f\x5a\xf7"
"\xdd\xbd\x37\x80\xc3\xd0\xbe\xa7"
"\x05\xc8\x3c\x98\x1e\x05\x3c\x84"
"\x39\x61\xc4\xed\xed\x71\x1b\xc4"
"\x74\x45\x2c\xa1\x56\x70\x97\xfd"
"\x44\x18\x07\x7d\xca\x60\x1f\x73"
"\x3b\x6d\x21\xcb\x61\x87\x70\x25"
"\x46\x21\xf1\x1f\x21\x91\x31\x2d"
"\x5d\xcc\xb7\xd1\x84\x3e\x3d\xdb"
"\x03\x53\x2a\x82\xa6\x9a\x95\xbc"
"\x1a\x1e\x0a\x5e\x07\x43\xab\x43"
"\xaf\x92\x82\x06\x91\x04\x09\xf4"
"\x17\x0a\x9a\x2c\x54\xdb\xb8\xf4"
"\xd0\xf0\x10\x66\x24\x8d\xcd\xda"
"\xfe\x0e\x45\x9d\x6f\xc4\x4e\xf4"
"\x96\xaf\x13\xdc\xa9\xd4\x8c\xc4"
"\xc8\x57\x39\x3c\xc2\xd3\x0a\x76"
"\x4a\x1f\x75\x83\x44\xc7\xd1\x39"
"\xd8\xb5\x41\xba\x73\x87\xfa\x96"
"\xc7\x18\x53\xfb\x9b\xda\xa0\x97"
"\x1d\xee\x60\x85\x9e\x14\xc3\xce"
"\xc4\x05\x29\x3b\x95\x30\xa3\xd1"
"\x9f\x82\x6a\x04\xf5\xa7\x75\x57"
"\x82\x04\xfe\x71\x51\x71\xb1\x49"
"\x50\xf8\xe0\x96\xf1\xfa\xa8\x88"
"\x3f\xa0\x86\x20\xd4\x60\x79\x59"
"\x17\x2d\xd1\x09\xf4\xec\x05\x57"
"\xcf\x62\x7e\x0e\x7e\x60\x78\xe6"
"\x08\x60\x29\xd8\xd5\x08\x1a\x24"
"\xc4\x6c\x24\xe7\x92\x08\x3d\x8a"
"\x98\x7a\xcf\x99\x0a\x65\x0e\xdc"
"\x8c\x8a\xbe\x92\x82\x91\xcc\x62"
"\x30\xb6\xf4\x3f\xc6\x8a\x7f\x12"
"\x4a\x8a\x49\xfa\x3f\x5c\xd4\x5a"
"\xa6\x82\xa3\xe6\xaa\x34\x76\xb2"
"\xab\x0a\x30\xef\x6c\x77\x58\x3f"
"\x05\x6b\xcc\x5c\xae\xdc\xd7\xb9"
"\x51\x7e\x8d\x32\x5b\x24\x25\xbe"
"\x2b\x24\x01\xcf\x80\xda\x16\xd8"
"\x90\x72\x2c\xad\x34\x8d\x0c\x74"
"\x02\xcb\xfd\xcf\x6e\xef\x97\xb5"
"\x4c\xf2\x68\xca\xde\x43\x9e\x8a"
"\xc5\x5f\x31\x7f\x14\x71\x38\xec"
"\xbd\x98\xe5\x71\xc4\xb5\xdb\xef"
"\x59\xd2\xca\xc0\xc1\x86\x75\x01"
"\xd4\x15\x0d\x6f\xa4\xf7\x7b\x37"
"\x47\xda\x18\x93\x63\xda\xbe\x9e"
"\x07\xfb\xb2\x83\xd5\xc4\x34\x55"
"\xee\x73\xa1\x42\x96\xf9\x66\x41"
"\xa4\xcc\xd2\x93\x6e\xe1\x0a\xbb"
"\xd2\xdd\x18\x23\xe6\x6b\x98\x0b"
"\x8a\x83\x59\x2c\xc3\xa6\x59\x5b"
"\x01\x22\x59\xf7\xdc\xb0\x87\x7e"
"\xdb\x7d\xf4\x71\x41\xab\xbd\xee"
"\x79\xbe\x3c\x01\x76\x0b\x2d\x0a"
"\x42\xc9\x77\x8c\xbb\x54\x95\x60"
"\x43\x2e\xe0\x17\x52\xbd\x90\xc9"
"\xc2\x2c\xdd\x90\x24\x22\x76\x40"
"\x5c\xb9\x41\xc9\xa1\xd5\xbd\xe3"
"\x44\xe0\xa4\xab\xcc\xb8\xe2\x32"
"\x02\x15\x04\x1f\x8c\xec\x5d\x14"
"\xac\x18\xaa\xef\x6e\x33\x19\x6e"
"\xde\xfe\x19\xdb\xeb\x61\xca\x18"
"\xad\xd8\x3d\xbf\x09\x11\xc7\xa5"
"\x86\x0b\x0f\xe5\x3e\xde\xe8\xd9"
"\x0a\x69\x9e\x4c\x20\xff\xf9\xc5"
"\xfa\xf8\xf3\x7f\xa5\x01\x4b\x5e"
"\x0f\xf0\x3b\x68\xf0\x46\x8c\x2a"
"\x7a\xc1\x8f\xa0\xfe\x6a\x5b\x44"
"\x70\x5c\xcc\x92\x2c\x6f\x0f\xbd"
"\x25\x3e\xb7\x8e\x73\x58\xda\xc9"
"\xa5\xaa\x9e\xf3\x9b\xfd\x37\x3e"
"\xe2\x88\xa4\x7b\xc8\x5c\xa8\x93"
"\x0e\xe7\x9a\x9c\x2e\x95\x18\x9f"
"\xc8\x45\x0c\x88\x9e\x53\x4f\x3a"
"\x76\xc1\x35\xfa\x17\xd8\xac\xa0"
"\x0c\x2d\x47\x2e\x4f\x69\x9b\xf7"
"\xd0\xb6\x96\x0c\x19\xb3\x08\x01"
"\x65\x7a\x1f\xc7\x31\x86\xdb\xc8"
"\xc1\x99\x8f\xf8\x08\x4a\x9d\x23"
"\x22\xa8\xcf\x27\x01\x01\x88\x93"
"\x9c\x86\x45\xbd\xe0\x51\xca\x52"
"\x84\xba\xfe\x03\xf7\xda\xc5\xce"
"\x3e\x77\x75\x86\xaf\x84\xc8\x05"
"\x44\x01\x0f\x02\xf3\x58\xb0\x06"
"\x5a\xd7\x12\x30\x8d\xdf\x1f\x1f"
"\x0a\xe6\xd2\xea\xf6\x3a\x7a\x99"
"\x63\xe8\xd2\xc1\x4a\x45\x8b\x40"
"\x4d\x0a\xa9\x76\x92\xb3\xda\x87"
"\x36\x33\xf0\x78\xc3\x2f\x5f\x02"
"\x1a\x6a\x2c\x32\xcd\x76\xbf\xbd"
"\x5a\x26\x20\x28\x8c\x8c\xbc\x52"
"\x3d\x0a\xc9\xcb\xab\xa4\x21\xb0"
"\x54\x40\x81\x44\xc7\xd6\x1c\x11"
"\x44\xc6\x02\x92\x14\x5a\xbf\x1a"
"\x09\x8a\x18\xad\xcd\x64\x3d\x53"
"\x4a\xb6\xa5\x1b\x57\x0e\xef\xe0"
"\x8c\x44\x5f\x7d\xbd\x6c\xfd\x60"
"\xae\x02\x24\xb6\x99\xdd\x8c\xaf"
"\x59\x39\x75\x3c\xd1\x54\x7b\x86"
"\xcc\x99\xd9\x28\x0c\xb0\x94\x62"
"\xf9\x51\xd1\x19\x96\x2d\x66\xf5"
"\x55\xcf\x9e\x59\xe2\x6b\x2c\x08"
"\xc0\x54\x48\x24\x45\xc3\x8c\x73"
"\xea\x27\x6e\x66\x7d\x1d\x0e\x6e"
"\x13\xe8\x56\x65\x3a\xb0\x81\x5c"
"\xf0\xe8\xd8\x00\x6b\xcd\x8f\xad"
"\xdd\x53\xf3\xa4\x6c\x43\xd6\x31"
"\xaf\xd2\x76\x1e\x91\x12\xdb\x3c"
"\x8c\xc2\x81\xf0\x49\xdb\xe2\x6b"
"\x76\x62\x0a\x04\xe4\xaa\x8a\x7c"
"\x08\x0b\x5d\xd0\xee\x1d\xfb\xc4"
"\x02\x75\x42\xd6\xba\xa7\x22\xa8"
"\x47\x29\xb7\x85\x6d\x93\x3a\xdb"
"\x00\x53\x0b\xa2\xeb\xf8\xfe\x01"
"\x6f\x8a\x31\xd6\x17\x05\x6f\x67"
"\x88\x95\x32\xfe\x4f\xa6\x4b\xf8"
"\x03\xe4\xcd\x9a\x18\xe8\x4e\x2d"
"\xf7\x97\x9a\x0c\x7d\x9f\x7e\x44"
"\x69\x51\xe0\x32\x6b\x62\x86\x8f"
"\xa6\x8e\x0b\x21\x96\xe5\xaf\x77"
"\xc0\x83\xdf\xa5\x0e\xd0\xa1\x04"
"\xaf\xc1\x10\xcb\x5a\x40\xe4\xe3"
"\x38\x7e\x07\xe8\x4d\xfa\xed\xc5"
"\xf0\x37\xdf\xbb\x8a\xcf\x3d\xdc"
"\x61\xd2\xc6\x2b\xff\x07\xc9\x2f"
"\x0c\x2d\x5c\x07\xa8\x35\x6a\xfc"
"\xae\x09\x03\x45\x74\x51\x4d\xc4"
"\xb8\x23\x87\x4a\x99\x27\x20\x87"
"\x62\x44\x0a\x4a\xce\x78\x47\x22",
.ksize = 1088,
.plaintext = "\x8e\xb0\x4c\xde\x9c\x4a\x04\x5a"
"\xf6\xa9\x7f\x45\x25\xa5\x7b\x3a"
"\xbc\x4d\x73\x39\x81\xb5\xbd\x3d"
"\x21\x6f\xd7\x37\x50\x3c\x7b\x28"
"\xd1\x03\x3a\x17\xed\x7b\x7c\x2a"
"\x16\xbc\xdf\x19\x89\x52\x71\x31"
"\xb6\xc0\xfd\xb5\xd3\xba\x96\x99"
"\xb6\x34\x0b\xd0\x99\x93\xfc\x1a"
"\x01\x3c\x85\xc6\x9b\x78\x5c\x8b"
"\xfe\xae\xd2\xbf\xb2\x6f\xf9\xed"
"\xc8\x25\x17\xfe\x10\x3b\x7d\xda"
"\xf4\x8d\x35\x4b\x7c\x7b\x82\xe7"
"\xc2\xb3\xee\x60\x4a\x03\x86\xc9"
"\x4e\xb5\xc4\xbe\xd2\xbd\x66\xf1"
"\x13\xf1\x09\xab\x5d\xca\x63\x1f"
"\xfc\xfb\x57\x2a\xfc\xca\x66\xd8"
"\x77\x84\x38\x23\x1d\xac\xd3\xb3"
"\x7a\xad\x4c\x70\xfa\x9c\xc9\x61"
"\xa6\x1b\xba\x33\x4b\x4e\x33\xec"
"\xa0\xa1\x64\x39\x40\x05\x1c\xc2"
"\x3f\x49\x9d\xae\xf2\xc5\xf2\xc5"
"\xfe\xe8\xf4\xc2\xf9\x96\x2d\x28"
"\x92\x30\x44\xbc\xd2\x7f\xe1\x6e"
"\x62\x02\x8f\x3d\x1c\x80\xda\x0e"
"\x6a\x90\x7e\x75\xff\xec\x3e\xc4"
"\xcd\x16\x34\x3b\x05\x6d\x4d\x20"
"\x1c\x7b\xf5\x57\x4f\xfa\x3d\xac"
"\xd0\x13\x55\xe8\xb3\xe1\x1b\x78"
"\x30\xe6\x9f\x84\xd4\x69\xd1\x08"
"\x12\x77\xa7\x4a\xbd\xc0\xf2\xd2"
"\x78\xdd\xa3\x81\x12\xcb\x6c\x14"
"\x90\x61\xe2\x84\xc6\x2b\x16\xcc"
"\x40\x99\x50\x88\x01\x09\x64\x4f"
"\x0a\x80\xbe\x61\xae\x46\xc9\x0a"
"\x5d\xe0\xfb\x72\x7a\x1a\xdd\x61"
"\x63\x20\x05\xa0\x4a\xf0\x60\x69"
"\x7f\x92\xbc\xbf\x4e\x39\x4d\xdd"
"\x74\xd1\xb7\xc0\x5a\x34\xb7\xae"
"\x76\x65\x2e\xbc\x36\xb9\x04\x95"
"\x42\xe9\x6f\xca\x78\xb3\x72\x07"
"\xa3\xba\x02\x94\x67\x4c\xb1\xd7"
"\xe9\x30\x0d\xf0\x3b\xb8\x10\x6d"
"\xea\x2b\x21\xbf\x74\x59\x82\x97"
"\x85\xaa\xf1\xd7\x54\x39\xeb\x05"
"\xbd\xf3\x40\xa0\x97\xe6\x74\xfe"
"\xb4\x82\x5b\xb1\x36\xcb\xe8\x0d"
"\xce\x14\xd9\xdf\xf1\x94\x22\xcd"
"\xd6\x00\xba\x04\x4c\x05\x0c\xc0"
"\xd1\x5a\xeb\x52\xd5\xa8\x8e\xc8"
"\x97\xa1\xaa\xc1\xea\xc1\xbe\x7c"
"\x36\xb3\x36\xa0\xc6\x76\x66\xc5"
"\xe2\xaf\xd6\x5c\xe2\xdb\x2c\xb3"
"\x6c\xb9\x99\x7f\xff\x9f\x03\x24"
"\xe1\x51\x44\x66\xd8\x0c\x5d\x7f"
"\x5c\x85\x22\x2a\xcf\x6d\x79\x28"
"\xab\x98\x01\x72\xfe\x80\x87\x5f"
"\x46\xba\xef\x81\x24\xee\xbf\xb0"
"\x24\x74\xa3\x65\x97\x12\xc4\xaf"
"\x8b\xa0\x39\xda\x8a\x7e\x74\x6e"
"\x1b\x42\xb4\x44\x37\xfc\x59\xfd"
"\x86\xed\xfb\x8c\x66\x33\xda\x63"
"\x75\xeb\xe1\xa4\x85\x4f\x50\x8f"
"\x83\x66\x0d\xd3\x37\xfa\xe6\x9c"
"\x4f\x30\x87\x35\x18\xe3\x0b\xb7"
"\x6e\x64\x54\xcd\x70\xb3\xde\x54"
"\xb7\x1d\xe6\x4c\x4d\x55\x12\x12"
"\xaf\x5f\x7f\x5e\xee\x9d\xe8\x8e"
"\x32\x9d\x4e\x75\xeb\xc6\xdd\xaa"
"\x48\x82\xa4\x3f\x3c\xd7\xd3\xa8"
"\x63\x9e\x64\xfe\xe3\x97\x00\x62"
"\xe5\x40\x5d\xc3\xad\x72\xe1\x28"
"\x18\x50\xb7\x75\xef\xcd\x23\xbf"
"\x3f\xc0\x51\x36\xf8\x41\xc3\x08"
"\xcb\xf1\x8d\x38\x34\xbd\x48\x45"
"\x75\xed\xbc\x65\x7b\xb5\x0c\x9b"
"\xd7\x67\x7d\x27\xb4\xc4\x80\xd7"
"\xa9\xb9\xc7\x4a\x97\xaa\xda\xc8"
"\x3c\x74\xcf\x36\x8f\xe4\x41\xe3"
"\xd4\xd3\x26\xa7\xf3\x23\x9d\x8f"
"\x6c\x20\x05\x32\x3e\xe0\xc3\xc8"
"\x56\x3f\xa7\x09\xb7\xfb\xc7\xf7"
"\xbe\x2a\xdd\x0f\x06\x7b\x0d\xdd"
"\xb0\xb4\x86\x17\xfd\xb9\x04\xe5"
"\xc0\x64\x5d\xad\x2a\x36\x38\xdb"
"\x24\xaf\x5b\xff\xca\xf9\x41\xe8"
"\xf9\x2f\x1e\x5e\xf9\xf5\xd5\xf2"
"\xb2\x88\xca\xc9\xa1\x31\xe2\xe8"
"\x10\x95\x65\xbf\xf1\x11\x61\x7a"
"\x30\x1a\x54\x90\xea\xd2\x30\xf6"
"\xa5\xad\x60\xf9\x4d\x84\x21\x1b"
"\xe4\x42\x22\xc8\x12\x4b\xb0\x58"
"\x3e\x9c\x2d\x32\x95\x0a\x8e\xb0"
"\x0a\x7e\x77\x2f\xe8\x97\x31\x6a"
"\xf5\x59\xb4\x26\xe6\x37\x12\xc9"
"\xcb\xa0\x58\x33\x6f\xd5\x55\x55"
"\x3c\xa1\x33\xb1\x0b\x7e\x2e\xb4"
"\x43\x2a\x84\x39\xf0\x9c\xf4\x69"
"\x4f\x1e\x79\xa6\x15\x1b\x87\xbb"
"\xdb\x9b\xe0\xf1\x0b\xba\xe3\x6e"
"\xcc\x2f\x49\x19\x22\x29\xfc\x71"
"\xbb\x77\x38\x18\x61\xaf\x85\x76"
"\xeb\xd1\x09\xcc\x86\x04\x20\x9a"
"\x66\x53\x2f\x44\x8b\xc6\xa3\xd2"
"\x5f\xc7\x79\x82\x66\xa8\x6e\x75"
"\x7d\x94\xd1\x86\x75\x0f\xa5\x4f"
"\x3c\x7a\x33\xce\xd1\x6e\x9d\x7b"
"\x1f\x91\x37\xb8\x37\x80\xfb\xe0"
"\x52\x26\xd0\x9a\xd4\x48\x02\x41"
"\x05\xe3\x5a\x94\xf1\x65\x61\x19"
"\xb8\x88\x4e\x2b\xea\xba\x8b\x58"
"\x8b\x42\x01\x00\xa8\xfe\x00\x5c"
"\xfe\x1c\xee\x31\x15\x69\xfa\xb3"
"\x9b\x5f\x22\x8e\x0d\x2c\xe3\xa5"
"\x21\xb9\x99\x8a\x8e\x94\x5a\xef"
"\x13\x3e\x99\x96\x79\x6e\xd5\x42"
"\x36\x03\xa9\xe2\xca\x65\x4e\x8a"
"\x8a\x30\xd2\x7d\x74\xe7\xf0\xaa"
"\x23\x26\xdd\xcb\x82\x39\xfc\x9d"
"\x51\x76\x21\x80\xa2\xbe\x93\x03"
"\x47\xb0\xc1\xb6\xdc\x63\xfd\x9f"
"\xca\x9d\xa5\xca\x27\x85\xe2\xd8"
"\x15\x5b\x7e\x14\x7a\xc4\x89\xcc"
"\x74\x14\x4b\x46\xd2\xce\xac\x39"
"\x6b\x6a\x5a\xa4\x0e\xe3\x7b\x15"
"\x94\x4b\x0f\x74\xcb\x0c\x7f\xa9"
"\xbe\x09\x39\xa3\xdd\x56\x5c\xc7"
"\x99\x56\x65\x39\xf4\x0b\x7d\x87"
"\xec\xaa\xe3\x4d\x22\x65\x39\x4e",
.psize = 1024,
.digest = "\x64\x3a\xbc\xc3\x3f\x74\x40\x51"
"\x6e\x56\x01\x1a\x51\xec\x36\xde",
.np = 8,
.tap = { 64, 203, 267, 28, 263, 62, 54, 83 },
}, {
.key = "\x1b\x82\x2e\x1b\x17\x23\xb9\x6d"
"\xdc\x9c\xda\x99\x07\xe3\x5f\xd8"
"\xd2\xf8\x43\x80\x8d\x86\x7d\x80"
"\x1a\xd0\xcc\x13\xb9\x11\x05\x3f"
"\x7e\xcf\x7e\x80\x0e\xd8\x25\x48"
"\x8b\xaa\x63\x83\x92\xd0\x72\xf5"
"\x4f\x67\x7e\x50\x18\x25\xa4\xd1"
"\xe0\x7e\x1e\xba\xd8\xa7\x6e\xdb"
"\x1a\xcc\x0d\xfe\x9f\x6d\x22\x35"
"\xe1\xe6\xe0\xa8\x7b\x9c\xb1\x66"
"\xa3\xf8\xff\x4d\x90\x84\x28\xbc"
"\xdc\x19\xc7\x91\x49\xfc\xf6\x33"
"\xc9\x6e\x65\x7f\x28\x6f\x68\x2e"
"\xdf\x1a\x75\xe9\xc2\x0c\x96\xb9"
"\x31\x22\xc4\x07\xc6\x0a\x2f\xfd"
"\x36\x06\x5f\x5c\xc5\xb1\x3a\xf4"
"\x5e\x48\xa4\x45\x2b\x88\xa7\xee"
"\xa9\x8b\x52\xcc\x99\xd9\x2f\xb8"
"\xa4\x58\x0a\x13\xeb\x71\x5a\xfa"
"\xe5\x5e\xbe\xf2\x64\xad\x75\xbc"
"\x0b\x5b\x34\x13\x3b\x23\x13\x9a"
"\x69\x30\x1e\x9a\xb8\x03\xb8\x8b"
"\x3e\x46\x18\x6d\x38\xd9\xb3\xd8"
"\xbf\xf1\xd0\x28\xe6\x51\x57\x80"
"\x5e\x99\xfb\xd0\xce\x1e\x83\xf7"
"\xe9\x07\x5a\x63\xa9\xef\xce\xa5"
"\xfb\x3f\x37\x17\xfc\x0b\x37\x0e"
"\xbb\x4b\x21\x62\xb7\x83\x0e\xa9"
"\x9e\xb0\xc4\xad\x47\xbe\x35\xe7"
"\x51\xb2\xf2\xac\x2b\x65\x7b\x48"
"\xe3\x3f\x5f\xb6\x09\x04\x0c\x58"
"\xce\x99\xa9\x15\x2f\x4e\xc1\xf2"
"\x24\x48\xc0\xd8\x6c\xd3\x76\x17"
"\x83\x5d\xe6\xe3\xfd\x01\x8e\xf7"
"\x42\xa5\x04\x29\x30\xdf\xf9\x00"
"\x4a\xdc\x71\x22\x1a\x33\x15\xb6"
"\xd7\x72\xfb\x9a\xb8\xeb\x2b\x38"
"\xea\xa8\x61\xa8\x90\x11\x9d\x73"
"\x2e\x6c\xce\x81\x54\x5a\x9f\xcd"
"\xcf\xd5\xbd\x26\x5d\x66\xdb\xfb"
"\xdc\x1e\x7c\x10\xfe\x58\x82\x10"
"\x16\x24\x01\xce\x67\x55\x51\xd1"
"\xdd\x6b\x44\xa3\x20\x8e\xa9\xa6"
"\x06\xa8\x29\x77\x6e\x00\x38\x5b"
"\xde\x4d\x58\xd8\x1f\x34\xdf\xf9"
"\x2c\xac\x3e\xad\xfb\x92\x0d\x72"
"\x39\xa4\xac\x44\x10\xc0\x43\xc4"
"\xa4\x77\x3b\xfc\xc4\x0d\x37\xd3"
"\x05\x84\xda\x53\x71\xf8\x80\xd3"
"\x34\x44\xdb\x09\xb4\x2b\x8e\xe3"
"\x00\x75\x50\x9e\x43\x22\x00\x0b"
"\x7c\x70\xab\xd4\x41\xf1\x93\xcd"
"\x25\x2d\x84\x74\xb5\xf2\x92\xcd"
"\x0a\x28\xea\x9a\x49\x02\x96\xcb"
"\x85\x9e\x2f\x33\x03\x86\x1d\xdc"
"\x1d\x31\xd5\xfc\x9d\xaa\xc5\xe9"
"\x9a\xc4\x57\xf5\x35\xed\xf4\x4b"
"\x3d\x34\xc2\x29\x13\x86\x36\x42"
"\x5d\xbf\x90\x86\x13\x77\xe5\xc3"
"\x62\xb4\xfe\x0b\x70\x39\x35\x65"
"\x02\xea\xf6\xce\x57\x0c\xbb\x74"
"\x29\xe3\xfd\x60\x90\xfd\x10\x38"
"\xd5\x4e\x86\xbd\x37\x70\xf0\x97"
"\xa6\xab\x3b\x83\x64\x52\xca\x66"
"\x2f\xf9\xa4\xca\x3a\x55\x6b\xb0"
"\xe8\x3a\x34\xdb\x9e\x48\x50\x2f"
"\x3b\xef\xfd\x08\x2d\x5f\xc1\x37"
"\x5d\xbe\x73\xe4\xd8\xe9\xac\xca"
"\x8a\xaa\x48\x7c\x5c\xf4\xa6\x96"
"\x5f\xfa\x70\xa6\xb7\x8b\x50\xcb"
"\xa6\xf5\xa9\xbd\x7b\x75\x4c\x22"
"\x0b\x19\x40\x2e\xc9\x39\x39\x32"
"\x83\x03\xa8\xa4\x98\xe6\x8e\x16"
"\xb9\xde\x08\xc5\xfc\xbf\xad\x39"
"\xa8\xc7\x93\x6c\x6f\x23\xaf\xc1"
"\xab\xe1\xdf\xbb\x39\xae\x93\x29"
"\x0e\x7d\x80\x8d\x3e\x65\xf3\xfd"
"\x96\x06\x65\x90\xa1\x28\x64\x4b"
"\x69\xf9\xa8\x84\x27\x50\xfc\x87"
"\xf7\xbf\x55\x8e\x56\x13\x58\x7b"
"\x85\xb4\x6a\x72\x0f\x40\xf1\x4f"
"\x83\x81\x1f\x76\xde\x15\x64\x7a"
"\x7a\x80\xe4\xc7\x5e\x63\x01\x91"
"\xd7\x6b\xea\x0b\x9b\xa2\x99\x3b"
"\x6c\x88\xd8\xfd\x59\x3c\x8d\x22"
"\x86\x56\xbe\xab\xa1\x37\x08\x01"
"\x50\x85\x69\x29\xee\x9f\xdf\x21"
"\x3e\x20\x20\xf5\xb0\xbb\x6b\xd0"
"\x9c\x41\x38\xec\x54\x6f\x2d\xbd"
"\x0f\xe1\xbd\xf1\x2b\x6e\x60\x56"
"\x29\xe5\x7a\x70\x1c\xe2\xfc\x97"
"\x82\x68\x67\xd9\x3d\x1f\xfb\xd8"
"\x07\x9f\xbf\x96\x74\xba\x6a\x0e"
"\x10\x48\x20\xd8\x13\x1e\xb5\x44"
"\xf2\xcc\xb1\x8b\xfb\xbb\xec\xd7"
"\x37\x70\x1f\x7c\x55\xd2\x4b\xb9"
"\xfd\x70\x5e\xa3\x91\x73\x63\x52"
"\x13\x47\x5a\x06\xfb\x01\x67\xa5"
"\xc0\xd0\x49\x19\x56\x66\x9a\x77"
"\x64\xaf\x8c\x25\x91\x52\x87\x0e"
"\x18\xf3\x5f\x97\xfd\x71\x13\xf8"
"\x05\xa5\x39\xcc\x65\xd3\xcc\x63"
"\x5b\xdb\x5f\x7e\x5f\x6e\xad\xc4"
"\xf4\xa0\xc5\xc2\x2b\x4d\x97\x38"
"\x4f\xbc\xfa\x33\x17\xb4\x47\xb9"
"\x43\x24\x15\x8d\xd2\xed\x80\x68"
"\x84\xdb\x04\x80\xca\x5e\x6a\x35"
"\x2c\x2c\xe7\xc5\x03\x5f\x54\xb0"
"\x5e\x4f\x1d\x40\x54\x3d\x78\x9a"
"\xac\xda\x80\x27\x4d\x15\x4c\x1a"
"\x6e\x80\xc9\xc4\x3b\x84\x0e\xd9"
"\x2e\x93\x01\x8c\xc3\xc8\x91\x4b"
"\xb3\xaa\x07\x04\x68\x5b\x93\xa5"
"\xe7\xc4\x9d\xe7\x07\xee\xf5\x3b"
"\x40\x89\xcc\x60\x34\x9d\xb4\x06"
"\x1b\xef\x92\xe6\xc1\x2a\x7d\x0f"
"\x81\xaa\x56\xe3\xd7\xed\xa7\xd4"
"\xa7\x3a\x49\xc4\xad\x81\x5c\x83"
"\x55\x8e\x91\x54\xb7\x7d\x65\xa5"
"\x06\x16\xd5\x9a\x16\xc1\xb0\xa2"
"\x06\xd8\x98\x47\x73\x7e\x73\xa0"
"\xb8\x23\xb1\x52\xbf\x68\x74\x5d"
"\x0b\xcb\xfa\x8c\x46\xe3\x24\xe6"
"\xab\xd4\x69\x8d\x8c\xf2\x8a\x59"
"\xbe\x48\x46\x50\x8c\x9a\xe8\xe3"
"\x31\x55\x0a\x06\xed\x4f\xf8\xb7"
"\x4f\xe3\x85\x17\x30\xbd\xd5\x20"
"\xe7\x5b\xb2\x32\xcf\x6b\x16\x44"
"\xd2\xf5\x7e\xd7\xd1\x2f\xee\x64"
"\x3e\x9d\x10\xef\x27\x35\x43\x64"
"\x67\xfb\x7a\x7b\xe0\x62\x31\x9a"
"\x4d\xdf\xa5\xab\xc0\x20\xbb\x01"
"\xe9\x7b\x54\xf1\xde\xb2\x79\x50"
"\x6c\x4b\x91\xdb\x7f\xbb\x50\xc1"
"\x55\x44\x38\x9a\xe0\x9f\xe8\x29"
"\x6f\x15\xf8\x4e\xa6\xec\xa0\x60",
.ksize = 1088,
.plaintext = "\x15\x68\x9e\x2f\xad\x15\x52\xdf"
"\xf0\x42\x62\x24\x2a\x2d\xea\xbf"
"\xc7\xf3\xb4\x1a\xf5\xed\xb2\x08"
"\x15\x60\x1c\x00\x77\xbf\x0b\x0e"
"\xb7\x2c\xcf\x32\x3a\xc7\x01\x77"
"\xef\xa6\x75\xd0\x29\xc7\x68\x20"
"\xb2\x92\x25\xbf\x12\x34\xe9\xa4"
"\xfd\x32\x7b\x3f\x7c\xbd\xa5\x02"
"\x38\x41\xde\xc9\xc1\x09\xd9\xfc"
"\x6e\x78\x22\x83\x18\xf7\x50\x8d"
"\x8f\x9c\x2d\x02\xa5\x30\xac\xff"
"\xea\x63\x2e\x80\x37\x83\xb0\x58"
"\xda\x2f\xef\x21\x55\xba\x7b\xb1"
"\xb6\xed\xf5\xd2\x4d\xaa\x8c\xa9"
"\xdd\xdb\x0f\xb4\xce\xc1\x9a\xb1"
"\xc1\xdc\xbd\xab\x86\xc2\xdf\x0b"
"\xe1\x2c\xf9\xbe\xf6\xd8\xda\x62"
"\x72\xdd\x98\x09\x52\xc0\xc4\xb6"
"\x7b\x17\x5c\xf5\xd8\x4b\x88\xd6"
"\x6b\xbf\x84\x4a\x3f\xf5\x4d\xd2"
"\x94\xe2\x9c\xff\xc7\x3c\xd9\xc8"
"\x37\x38\xbc\x8c\xf3\xe7\xb7\xd0"
"\x1d\x78\xc4\x39\x07\xc8\x5e\x79"
"\xb6\x5a\x90\x5b\x6e\x97\xc9\xd4"
"\x82\x9c\xf3\x83\x7a\xe7\x97\xfc"
"\x1d\xbb\xef\xdb\xce\xe0\x82\xad"
"\xca\x07\x6c\x54\x62\x6f\x81\xe6"
"\x7a\x5a\x96\x6e\x80\x3a\xa2\x37"
"\x6f\xc6\xa4\x29\xc3\x9e\x19\x94"
"\x9f\xb0\x3e\x38\xfb\x3c\x2b\x7d"
"\xaa\xb8\x74\xda\x54\x23\x51\x12"
"\x4b\x96\x36\x8f\x91\x4f\x19\x37"
"\x83\xc9\xdd\xc7\x1a\x32\x2d\xab"
"\xc7\x89\xe2\x07\x47\x6c\xe8\xa6"
"\x70\x6b\x8e\x0c\xda\x5c\x6a\x59"
"\x27\x33\x0e\xe1\xe1\x20\xe8\xc8"
"\xae\xdc\xd0\xe3\x6d\xa8\xa6\x06"
"\x41\xb4\xd4\xd4\xcf\x91\x3e\x06"
"\xb0\x9a\xf7\xf1\xaa\xa6\x23\x92"
"\x10\x86\xf0\x94\xd1\x7c\x2e\x07"
"\x30\xfb\xc5\xd8\xf3\x12\xa9\xe8"
"\x22\x1c\x97\x1a\xad\x96\xb0\xa1"
"\x72\x6a\x6b\xb4\xfd\xf7\xe8\xfa"
"\xe2\x74\xd8\x65\x8d\x35\x17\x4b"
"\x00\x23\x5c\x8c\x70\xad\x71\xa2"
"\xca\xc5\x6c\x59\xbf\xb4\xc0\x6d"
"\x86\x98\x3e\x19\x5a\x90\x92\xb1"
"\x66\x57\x6a\x91\x68\x7c\xbc\xf3"
"\xf1\xdb\x94\xf8\x48\xf1\x36\xd8"
"\x78\xac\x1c\xa9\xcc\xd6\x27\xba"
"\x91\x54\x22\xf5\xe6\x05\x3f\xcc"
"\xc2\x8f\x2c\x3b\x2b\xc3\x2b\x2b"
"\x3b\xb8\xb6\x29\xb7\x2f\x94\xb6"
"\x7b\xfc\x94\x3e\xd0\x7a\x41\x59"
"\x7b\x1f\x9a\x09\xa6\xed\x4a\x82"
"\x9d\x34\x1c\xbd\x4e\x1c\x3a\x66"
"\x80\x74\x0e\x9a\x4f\x55\x54\x47"
"\x16\xba\x2a\x0a\x03\x35\x99\xa3"
"\x5c\x63\x8d\xa2\x72\x8b\x17\x15"
"\x68\x39\x73\xeb\xec\xf2\xe8\xf5"
"\x95\x32\x27\xd6\xc4\xfe\xb0\x51"
"\xd5\x0c\x50\xc5\xcd\x6d\x16\xb3"
"\xa3\x1e\x95\x69\xad\x78\x95\x06"
"\xb9\x46\xf2\x6d\x24\x5a\x99\x76"
"\x73\x6a\x91\xa6\xac\x12\xe1\x28"
"\x79\xbc\x08\x4e\x97\x00\x98\x63"
"\x07\x1c\x4e\xd1\x68\xf3\xb3\x81"
"\xa8\xa6\x5f\xf1\x01\xc9\xc1\xaf"
"\x3a\x96\xf9\x9d\xb5\x5a\x5f\x8f"
"\x7e\xc1\x7e\x77\x0a\x40\xc8\x8e"
"\xfc\x0e\xed\xe1\x0d\xb0\xe5\x5e"
"\x5e\x6f\xf5\x7f\xab\x33\x7d\xcd"
"\xf0\x09\x4b\xb2\x11\x37\xdc\x65"
"\x97\x32\x62\x71\x3a\x29\x54\xb9"
"\xc7\xa4\xbf\x75\x0f\xf9\x40\xa9"
"\x8d\xd7\x8b\xa7\xe0\x9a\xbe\x15"
"\xc6\xda\xd8\x00\x14\x69\x1a\xaf"
"\x5f\x79\xc3\xf5\xbb\x6c\x2a\x9d"
"\xdd\x3c\x5f\x97\x21\xe1\x3a\x03"
"\x84\x6a\xe9\x76\x11\x1f\xd3\xd5"
"\xf0\x54\x20\x4d\xc2\x91\xc3\xa4"
"\x36\x25\xbe\x1b\x2a\x06\xb7\xf3"
"\xd1\xd0\x55\x29\x81\x4c\x83\xa3"
"\xa6\x84\x1e\x5c\xd1\xd0\x6c\x90"
"\xa4\x11\xf0\xd7\x63\x6a\x48\x05"
"\xbc\x48\x18\x53\xcd\xb0\x8d\xdb"
"\xdc\xfe\x55\x11\x5c\x51\xb3\xab"
"\xab\x63\x3e\x31\x5a\x8b\x93\x63"
"\x34\xa9\xba\x2b\x69\x1a\xc0\xe3"
"\xcb\x41\xbc\xd7\xf5\x7f\x82\x3e"
"\x01\xa3\x3c\x72\xf4\xfe\xdf\xbe"
"\xb1\x67\x17\x2b\x37\x60\x0d\xca"
"\x6f\xc3\x94\x2c\xd2\x92\x6d\x9d"
"\x75\x18\x77\xaa\x29\x38\x96\xed"
"\x0e\x20\x70\x92\xd5\xd0\xb4\x00"
"\xc0\x31\xf2\xc9\x43\x0e\x75\x1d"
"\x4b\x64\xf2\x1f\xf2\x29\x6c\x7b"
"\x7f\xec\x59\x7d\x8c\x0d\xd4\xd3"
"\xac\x53\x4c\xa3\xde\x42\x92\x95"
"\x6d\xa3\x4f\xd0\xe6\x3d\xe7\xec"
"\x7a\x4d\x68\xf1\xfe\x67\x66\x09"
"\x83\x22\xb1\x98\x43\x8c\xab\xb8"
"\x45\xe6\x6d\xdf\x5e\x50\x71\xce"
"\xf5\x4e\x40\x93\x2b\xfa\x86\x0e"
"\xe8\x30\xbd\x82\xcc\x1c\x9c\x5f"
"\xad\xfd\x08\x31\xbe\x52\xe7\xe6"
"\xf2\x06\x01\x62\x25\x15\x99\x74"
"\x33\x51\x52\x57\x3f\x57\x87\x61"
"\xb9\x7f\x29\x3d\xcd\x92\x5e\xa6"
"\x5c\x3b\xf1\xed\x5f\xeb\x82\xed"
"\x56\x7b\x61\xe7\xfd\x02\x47\x0e"
"\x2a\x15\xa4\xce\x43\x86\x9b\xe1"
"\x2b\x4c\x2a\xd9\x42\x97\xf7\x9a"
"\xe5\x47\x46\x48\xd3\x55\x6f\x4d"
"\xd9\xeb\x4b\xdd\x7b\x21\x2f\xb3"
"\xa8\x36\x28\xdf\xca\xf1\xf6\xd9"
"\x10\xf6\x1c\xfd\x2e\x0c\x27\xe0"
"\x01\xb3\xff\x6d\x47\x08\x4d\xd4"
"\x00\x25\xee\x55\x4a\xe9\xe8\x5b"
"\xd8\xf7\x56\x12\xd4\x50\xb2\xe5"
"\x51\x6f\x34\x63\x69\xd2\x4e\x96"
"\x4e\xbc\x79\xbf\x18\xae\xc6\x13"
"\x80\x92\x77\xb0\xb4\x0f\x29\x94"
"\x6f\x4c\xbb\x53\x11\x36\xc3\x9f"
"\x42\x8e\x96\x8a\x91\xc8\xe9\xfc"
"\xfe\xbf\x7c\x2d\x6f\xf9\xb8\x44"
"\x89\x1b\x09\x53\x0a\x2a\x92\xc3"
"\x54\x7a\x3a\xf9\xe2\xe4\x75\x87"
"\xa0\x5e\x4b\x03\x7a\x0d\x8a\xf4"
"\x55\x59\x94\x2b\x63\x96\x0e\xf5",
.psize = 1040,
.digest = "\xb5\xb9\x08\xb3\x24\x3e\x03\xf0"
"\xd6\x0b\x57\xbc\x0a\x6d\x89\x59",
}, {
.key = "\xf6\x34\x42\x71\x35\x52\x8b\x58"
"\x02\x3a\x8e\x4a\x8d\x41\x13\xe9"
"\x7f\xba\xb9\x55\x9d\x73\x4d\xf8"
"\x3f\x5d\x73\x15\xff\xd3\x9e\x7f"
"\x20\x2a\x6a\xa8\xd1\xf0\x8f\x12"
"\x6b\x02\xd8\x6c\xde\xba\x80\x22"
"\x19\x37\xc8\xd0\x4e\x89\x17\x7c"
"\x7c\xdd\x88\xfd\x41\xc0\x04\xb7"
"\x1d\xac\x19\xe3\x20\xc7\x16\xcf"
"\x58\xee\x1d\x7a\x61\x69\xa9\x12"
"\x4b\xef\x4f\xb6\x38\xdd\x78\xf8"
"\x28\xee\x70\x08\xc7\x7c\xcc\xc8"
"\x1e\x41\xf5\x80\x86\x70\xd0\xf0"
"\xa3\x87\x6b\x0a\x00\xd2\x41\x28"
"\x74\x26\xf1\x24\xf3\xd0\x28\x77"
"\xd7\xcd\xf6\x2d\x61\xf4\xa2\x13"
"\x77\xb4\x6f\xa0\xf4\xfb\xd6\xb5"
"\x38\x9d\x5a\x0c\x51\xaf\xad\x63"
"\x27\x67\x8c\x01\xea\x42\x1a\x66"
"\xda\x16\x7c\x3c\x30\x0c\x66\x53"
"\x1c\x88\xa4\x5c\xb2\xe3\x78\x0a"
"\x13\x05\x6d\xe2\xaf\xb3\xe4\x75"
"\x00\x99\x58\xee\x76\x09\x64\xaa"
"\xbb\x2e\xb1\x81\xec\xd8\x0e\xd3"
"\x0c\x33\x5d\xb7\x98\xef\x36\xb6"
"\xd2\x65\x69\x41\x70\x12\xdc\x25"
"\x41\x03\x99\x81\x41\x19\x62\x13"
"\xd1\x0a\x29\xc5\x8c\xe0\x4c\xf3"
"\xd6\xef\x4c\xf4\x1d\x83\x2e\x6d"
"\x8e\x14\x87\xed\x80\xe0\xaa\xd3"
"\x08\x04\x73\x1a\x84\x40\xf5\x64"
"\xbd\x61\x32\x65\x40\x42\xfb\xb0"
"\x40\xf6\x40\x8d\xc7\x7f\x14\xd0"
"\x83\x99\xaa\x36\x7e\x60\xc6\xbf"
"\x13\x8a\xf9\x21\xe4\x7e\x68\x87"
"\xf3\x33\x86\xb4\xe0\x23\x7e\x0a"
"\x21\xb1\xf5\xad\x67\x3c\x9c\x9d"
"\x09\xab\xaf\x5f\xba\xe0\xd0\x82"
"\x48\x22\x70\xb5\x6d\x53\xd6\x0e"
"\xde\x64\x92\x41\xb0\xd3\xfb\xda"
"\x21\xfe\xab\xea\x20\xc4\x03\x58"
"\x18\x2e\x7d\x2f\x03\xa9\x47\x66"
"\xdf\x7b\xa4\x6b\x34\x6b\x55\x9c"
"\x4f\xd7\x9c\x47\xfb\xa9\x42\xec"
"\x5a\x12\xfd\xfe\x76\xa0\x92\x9d"
"\xfe\x1e\x16\xdd\x24\x2a\xe4\x27"
"\xd5\xa9\xf2\x05\x4f\x83\xa2\xaf"
"\xfe\xee\x83\x7a\xad\xde\xdf\x9a"
"\x80\xd5\x81\x14\x93\x16\x7e\x46"
"\x47\xc2\x14\xef\x49\x6e\xb9\xdb"
"\x40\xe8\x06\x6f\x9c\x2a\xfd\x62"
"\x06\x46\xfd\x15\x1d\x36\x61\x6f"
"\x77\x77\x5e\x64\xce\x78\x1b\x85"
"\xbf\x50\x9a\xfd\x67\xa6\x1a\x65"
"\xad\x5b\x33\x30\xf1\x71\xaa\xd9"
"\x23\x0d\x92\x24\x5f\xae\x57\xb0"
"\x24\x37\x0a\x94\x12\xfb\xb5\xb1"
"\xd3\xb8\x1d\x12\x29\xb0\x80\x24"
"\x2d\x47\x9f\x96\x1f\x95\xf1\xb1"
"\xda\x35\xf6\x29\xe0\xe1\x23\x96"
"\xc7\xe8\x22\x9b\x7c\xac\xf9\x41"
"\x39\x01\xe5\x73\x15\x5e\x99\xec"
"\xb4\xc1\xf4\xe7\xa7\x97\x6a\xd5"
"\x90\x9a\xa0\x1d\xf3\x5a\x8b\x5f"
"\xdf\x01\x52\xa4\x93\x31\x97\xb0"
"\x93\x24\xb5\xbc\xb2\x14\x24\x98"
"\x4a\x8f\x19\x85\xc3\x2d\x0f\x74"
"\x9d\x16\x13\x80\x5e\x59\x62\x62"
"\x25\xe0\xd1\x2f\x64\xef\xba\xac"
"\xcd\x09\x07\x15\x8a\xcf\x73\xb5"
"\x8b\xc9\xd8\x24\xb0\x53\xd5\x6f"
"\xe1\x2b\x77\xb1\xc5\xe4\xa7\x0e"
"\x18\x45\xab\x36\x03\x59\xa8\xbd"
"\x43\xf0\xd8\x2c\x1a\x69\x96\xbb"
"\x13\xdf\x6c\x33\x77\xdf\x25\x34"
"\x5b\xa5\x5b\x8c\xf9\x51\x05\xd4"
"\x8b\x8b\x44\x87\x49\xfc\xa0\x8f"
"\x45\x15\x5b\x40\x42\xc4\x09\x92"
"\x98\x0c\x4d\xf4\x26\x37\x1b\x13"
"\x76\x01\x93\x8d\x4f\xe6\xed\x18"
"\xd0\x79\x7b\x3f\x44\x50\xcb\xee"
"\xf7\x4a\xc9\x9e\xe0\x96\x74\xa7"
"\xe6\x93\xb2\x53\xca\x55\xa8\xdc"
"\x1e\x68\x07\x87\xb7\x2e\xc1\x08"
"\xb2\xa4\x5b\xaf\xc6\xdb\x5c\x66"
"\x41\x1c\x51\xd9\xb0\x07\x00\x0d"
"\xf0\x4c\xdc\x93\xde\xa9\x1e\x8e"
"\xd3\x22\x62\xd8\x8b\x88\x2c\xea"
"\x5e\xf1\x6e\x14\x40\xc7\xbe\xaa"
"\x42\x28\xd0\x26\x30\x78\x01\x9b"
"\x83\x07\xbc\x94\xc7\x57\xa2\x9f"
"\x03\x07\xff\x16\xff\x3c\x6e\x48"
"\x0a\xd0\xdd\x4c\xf6\x64\x9a\xf1"
"\xcd\x30\x12\x82\x2c\x38\xd3\x26"
"\x83\xdb\xab\x3e\xc6\xf8\xe6\xfa"
"\x77\x0a\x78\x82\x75\xf8\x63\x51"
"\x59\xd0\x8d\x24\x9f\x25\xe6\xa3"
"\x4c\xbc\x34\xfc\xe3\x10\xc7\x62"
"\xd4\x23\xc8\x3d\xa7\xc6\xa6\x0a"
"\x4f\x7e\x29\x9d\x6d\xbe\xb5\xf1"
"\xdf\xa4\x53\xfa\xc0\x23\x0f\x37"
"\x84\x68\xd0\xb5\xc8\xc6\xae\xf8"
"\xb7\x8d\xb3\x16\xfe\x8f\x87\xad"
"\xd0\xc1\x08\xee\x12\x1c\x9b\x1d"
"\x90\xf8\xd1\x63\xa4\x92\x3c\xf0"
"\xc7\x34\xd8\xf1\x14\xed\xa3\xbc"
"\x17\x7e\xd4\x62\x42\x54\x57\x2c"
"\x3e\x7a\x35\x35\x17\x0f\x0b\x7f"
"\x81\xa1\x3f\xd0\xcd\xc8\x3b\x96"
"\xe9\xe0\x4a\x04\xe1\xb6\x3c\xa1"
"\xd6\xca\xc4\xbd\xb6\xb5\x95\x34"
"\x12\x9d\xc5\x96\xf2\xdf\xba\x54"
"\x76\xd1\xb2\x6b\x3b\x39\xe0\xb9"
"\x18\x62\xfb\xf7\xfc\x12\xf1\x5f"
"\x7e\xc7\xe3\x59\x4c\xa6\xc2\x3d"
"\x40\x15\xf9\xa3\x95\x64\x4c\x74"
"\x8b\x73\x77\x33\x07\xa7\x04\x1d"
"\x33\x5a\x7e\x8f\xbd\x86\x01\x4f"
"\x3e\xb9\x27\x6f\xe2\x41\xf7\x09"
"\x67\xfd\x29\x28\xc5\xe4\xf6\x18"
"\x4c\x1b\x49\xb2\x9c\x5b\xf6\x81"
"\x4f\xbb\x5c\xcc\x0b\xdf\x84\x23"
"\x58\xd6\x28\x34\x93\x3a\x25\x97"
"\xdf\xb2\xc3\x9e\x97\x38\x0b\x7d"
"\x10\xb3\x54\x35\x23\x8c\x64\xee"
"\xf0\xd8\x66\xff\x8b\x22\xd2\x5b"
"\x05\x16\x3c\x89\xf7\xb1\x75\xaf"
"\xc0\xae\x6a\x4f\x3f\xaf\x9a\xf4"
"\xf4\x9a\x24\xd9\x80\x82\xc0\x12"
"\xde\x96\xd1\xbe\x15\x0b\x8d\x6a"
"\xd7\x12\xe4\x85\x9f\x83\xc9\xc3"
"\xff\x0b\xb5\xaf\x3b\xd8\x6d\x67"
"\x81\x45\xe6\xac\xec\xc1\x7b\x16"
"\x18\x0a\xce\x4b\xc0\x2e\x76\xbc"
"\x1b\xfa\xb4\x34\xb8\xfc\x3e\xc8"
"\x5d\x90\x71\x6d\x7a\x79\xef\x06",
.ksize = 1088,
.plaintext = "\xaa\x5d\x54\xcb\xea\x1e\x46\x0f"
"\x45\x87\x70\x51\x8a\x66\x7a\x33"
"\xb4\x18\xff\xa9\x82\xf9\x45\x4b"
"\x93\xae\x2e\x7f\xab\x98\xfe\xbf"
"\x01\xee\xe5\xa0\x37\x8f\x57\xa6"
"\xb0\x76\x0d\xa4\xd6\x28\x2b\x5d"
"\xe1\x03\xd6\x1c\x6f\x34\x0d\xe7"
"\x61\x2d\x2e\xe5\xae\x5d\x47\xc7"
"\x80\x4b\x18\x8f\xa8\x99\xbc\x28"
"\xed\x1d\x9d\x86\x7d\xd7\x41\xd1"
"\xe0\x2b\xe1\x8c\x93\x2a\xa7\x80"
"\xe1\x07\xa0\xa9\x9f\x8c\x8d\x1a"
"\x55\xfc\x6b\x24\x7a\xbd\x3e\x51"
"\x68\x4b\x26\x59\xc8\xa7\x16\xd9"
"\xb9\x61\x13\xde\x8b\x63\x1c\xf6"
"\x60\x01\xfb\x08\xb3\x5b\x0a\xbf"
"\x34\x73\xda\x87\x87\x3d\x6f\x97"
"\x4a\x0c\xa3\x58\x20\xa2\xc0\x81"
"\x5b\x8c\xef\xa9\xc2\x01\x1e\x64"
"\x83\x8c\xbc\x03\xb6\xd0\x29\x9f"
"\x54\xe2\xce\x8b\xc2\x07\x85\x78"
"\x25\x38\x96\x4c\xb4\xbe\x17\x4a"
"\x65\xa6\xfa\x52\x9d\x66\x9d\x65"
"\x4a\xd1\x01\x01\xf0\xcb\x13\xcc"
"\xa5\x82\xf3\xf2\x66\xcd\x3f\x9d"
"\xd1\xaa\xe4\x67\xea\xf2\xad\x88"
"\x56\x76\xa7\x9b\x59\x3c\xb1\x5d"
"\x78\xfd\x69\x79\x74\x78\x43\x26"
"\x7b\xde\x3f\xf1\xf5\x4e\x14\xd9"
"\x15\xf5\x75\xb5\x2e\x19\xf3\x0c"
"\x48\x72\xd6\x71\x6d\x03\x6e\xaa"
"\xa7\x08\xf9\xaa\x70\xa3\x0f\x4d"
"\x12\x8a\xdd\xe3\x39\x73\x7e\xa7"
"\xea\x1f\x6d\x06\x26\x2a\xf2\xc5"
"\x52\xb4\xbf\xfd\x52\x0c\x06\x60"
"\x90\xd1\xb2\x7b\x56\xae\xac\x58"
"\x5a\x6b\x50\x2a\xf5\xe0\x30\x3c"
"\x2a\x98\x0f\x1b\x5b\x0a\x84\x6c"
"\x31\xae\x92\xe2\xd4\xbb\x7f\x59"
"\x26\x10\xb9\x89\x37\x68\x26\xbf"
"\x41\xc8\x49\xc4\x70\x35\x7d\xff"
"\x2d\x7f\xf6\x8a\x93\x68\x8c\x78"
"\x0d\x53\xce\x7d\xff\x7d\xfb\xae"
"\x13\x1b\x75\xc4\x78\xd7\x71\xd8"
"\xea\xd3\xf4\x9d\x95\x64\x8e\xb4"
"\xde\xb8\xe4\xa6\x68\xc8\xae\x73"
"\x58\xaf\xa8\xb0\x5a\x20\xde\x87"
"\x43\xb9\x0f\xe3\xad\x41\x4b\xd5"
"\xb7\xad\x16\x00\xa6\xff\xf6\x74"
"\xbf\x8c\x9f\xb3\x58\x1b\xb6\x55"
"\xa9\x90\x56\x28\xf0\xb5\x13\x4e"
"\x9e\xf7\x25\x86\xe0\x07\x7b\x98"
"\xd8\x60\x5d\x38\x95\x3c\xe4\x22"
"\x16\x2f\xb2\xa2\xaf\xe8\x90\x17"
"\xec\x11\x83\x1a\xf4\xa9\x26\xda"
"\x39\x72\xf5\x94\x61\x05\x51\xec"
"\xa8\x30\x8b\x2c\x13\xd0\x72\xac"
"\xb9\xd2\xa0\x4c\x4b\x78\xe8\x6e"
"\x04\x85\xe9\x04\x49\x82\x91\xff"
"\x89\xe5\xab\x4c\xaa\x37\x03\x12"
"\xca\x8b\x74\x10\xfd\x9e\xd9\x7b"
"\xcb\xdb\x82\x6e\xce\x2e\x33\x39"
"\xce\xd2\x84\x6e\x34\x71\x51\x6e"
"\x0d\xd6\x01\x87\xc7\xfa\x0a\xd3"
"\xad\x36\xf3\x4c\x9f\x96\x5e\x62"
"\x62\x54\xc3\x03\x78\xd6\xab\xdd"
"\x89\x73\x55\x25\x30\xf8\xa7\xe6"
"\x4f\x11\x0c\x7c\x0a\xa1\x2b\x7b"
"\x3d\x0d\xde\x81\xd4\x9d\x0b\xae"
"\xdf\x00\xf9\x4c\xb6\x90\x8e\x16"
"\xcb\x11\xc8\xd1\x2e\x73\x13\x75"
"\x75\x3e\xaa\xf5\xee\x02\xb3\x18"
"\xa6\x2d\xf5\x3b\x51\xd1\x1f\x47"
"\x6b\x2c\xdb\xc4\x10\xe0\xc8\xba"
"\x9d\xac\xb1\x9d\x75\xd5\x41\x0e"
"\x7e\xbe\x18\x5b\xa4\x1f\xf8\x22"
"\x4c\xc1\x68\xda\x6d\x51\x34\x6c"
"\x19\x59\xec\xb5\xb1\xec\xa7\x03"
"\xca\x54\x99\x63\x05\x6c\xb1\xac"
"\x9c\x31\xd6\xdb\xba\x7b\x14\x12"
"\x7a\xc3\x2f\xbf\x8d\xdc\x37\x46"
"\xdb\xd2\xbc\xd4\x2f\xab\x30\xd5"
"\xed\x34\x99\x8e\x83\x3e\xbe\x4c"
"\x86\x79\x58\xe0\x33\x8d\x9a\xb8"
"\xa9\xa6\x90\x46\xa2\x02\xb8\xdd"
"\xf5\xf9\x1a\x5c\x8c\x01\xaa\x6e"
"\xb4\x22\x12\xf5\x0c\x1b\x9b\x7a"
"\xc3\x80\xf3\x06\x00\x5f\x30\xd5"
"\x06\xdb\x7d\x82\xc2\xd4\x0b\x4c"
"\x5f\xe9\xc5\xf5\xdf\x97\x12\xbf"
"\x56\xaf\x9b\x69\xcd\xee\x30\xb4"
"\xa8\x71\xff\x3e\x7d\x73\x7a\xb4"
"\x0d\xa5\x46\x7a\xf3\xf4\x15\x87"
"\x5d\x93\x2b\x8c\x37\x64\xb5\xdd"
"\x48\xd1\xe5\x8c\xae\xd4\xf1\x76"
"\xda\xf4\xba\x9e\x25\x0e\xad\xa3"
"\x0d\x08\x7c\xa8\x82\x16\x8d\x90"
"\x56\x40\x16\x84\xe7\x22\x53\x3a"
"\x58\xbc\xb9\x8f\x33\xc8\xc2\x84"
"\x22\xe6\x0d\xe7\xb3\xdc\x5d\xdf"
"\xd7\x2a\x36\xe4\x16\x06\x07\xd2"
"\x97\x60\xb2\xf5\x5e\x14\xc9\xfd"
"\x8b\x05\xd1\xce\xee\x9a\x65\x99"
"\xb7\xae\x19\xb7\xc8\xbc\xd5\xa2"
"\x7b\x95\xe1\xcc\xba\x0d\xdc\x8a"
"\x1d\x59\x52\x50\xaa\x16\x02\x82"
"\xdf\x61\x33\x2e\x44\xce\x49\xc7"
"\xe5\xc6\x2e\x76\xcf\x80\x52\xf0"
"\x3d\x17\x34\x47\x3f\xd3\x80\x48"
"\xa2\xba\xd5\xc7\x7b\x02\x28\xdb"
"\xac\x44\xc7\x6e\x05\x5c\xc2\x79"
"\xb3\x7d\x6a\x47\x77\x66\xf1\x38"
"\xf0\xf5\x4f\x27\x1a\x31\xca\x6c"
"\x72\x95\x92\x8e\x3f\xb0\xec\x1d"
"\xc7\x2a\xff\x73\xee\xdf\x55\x80"
"\x93\xd2\xbd\x34\xd3\x9f\x00\x51"
"\xfb\x2e\x41\xba\x6c\x5a\x7c\x17"
"\x7f\xe6\x70\xac\x8d\x39\x3f\x77"
"\xe2\x23\xac\x8f\x72\x4e\xe4\x53"
"\xcc\xf1\x1b\xf1\x35\xfe\x52\xa4"
"\xd6\xb8\x40\x6b\xc1\xfd\xa0\xa1"
"\xf5\x46\x65\xc2\x50\xbb\x43\xe2"
"\xd1\x43\x28\x34\x74\xf5\x87\xa0"
"\xf2\x5e\x27\x3b\x59\x2b\x3e\x49"
"\xdf\x46\xee\xaf\x71\xd7\x32\x36"
"\xc7\x14\x0b\x58\x6e\x3e\x2d\x41"
"\xfa\x75\x66\x3a\x54\xe0\xb2\xb9"
"\xaf\xdd\x04\x80\x15\x19\x3f\x6f"
"\xce\x12\xb4\xd8\xe8\x89\x3c\x05"
"\x30\xeb\xf3\x3d\xcd\x27\xec\xdc"
"\x56\x70\x12\xcf\x78\x2b\x77\xbf"
"\x22\xf0\x1b\x17\x9c\xcc\xd6\x1b"
"\x2d\x3d\xa0\x3b\xd8\xc9\x70\xa4"
"\x7a\x3e\x07\xb9\x06\xc3\xfa\xb0"
"\x33\xee\xc1\xd8\xf6\xe0\xf0\xb2"
"\x61\x12\x69\xb0\x5f\x28\x99\xda"
"\xc3\x61\x48\xfa\x07\x16\x03\xc4"
"\xa8\xe1\x3c\xe8\x0e\x64\x15\x30"
"\xc1\x9d\x84\x2f\x73\x98\x0e\x3a"
"\xf2\x86\x21\xa4\x9e\x1d\xb5\x86"
"\x16\xdb\x2b\x9a\x06\x64\x8e\x79"
"\x8d\x76\x3e\xc3\xc2\x64\x44\xe3"
"\xda\xbc\x1a\x52\xd7\x61\x03\x65"
"\x54\x32\x77\x01\xed\x9d\x8a\x43"
"\x25\x24\xe3\xc1\xbe\xb8\x2f\xcb"
"\x89\x14\x64\xab\xf6\xa0\x6e\x02"
"\x57\xe4\x7d\xa9\x4e\x9a\x03\x36"
"\xad\xf1\xb1\xfc\x0b\xe6\x79\x51"
"\x9f\x81\x77\xc4\x14\x78\x9d\xbf"
"\xb6\xd6\xa3\x8c\xba\x0b\x26\xe7"
"\xc8\xb9\x5c\xcc\xe1\x5f\xd5\xc6"
"\xc4\xca\xc2\xa3\x45\xba\x94\x13"
"\xb2\x8f\xc3\x54\x01\x09\xe7\x8b"
"\xda\x2a\x0a\x11\x02\x43\xcb\x57"
"\xc9\xcc\xb5\x5c\xab\xc4\xec\x54"
"\x00\x06\x34\xe1\x6e\x03\x89\x7c"
"\xc6\xfb\x6a\xc7\x60\x43\xd6\xc5"
"\xb5\x68\x72\x89\x8f\x42\xc3\x74"
"\xbd\x25\xaa\x9f\x67\xb5\xdf\x26"
"\x20\xe8\xb7\x01\x3c\xe4\x77\xce"
"\xc4\x65\xa7\x23\x79\xea\x33\xc7"
"\x82\x14\x5c\x82\xf2\x4e\x3d\xf6"
"\xc6\x4a\x0e\x29\xbb\xec\x44\xcd"
"\x2f\xd1\x4f\x21\x71\xa9\xce\x0f"
"\x5c\xf2\x72\x5c\x08\x2e\x21\xd2"
"\xc3\x29\x13\xd8\xac\xc3\xda\x13"
"\x1a\x9d\xa7\x71\x1d\x27\x1d\x27"
"\x1d\xea\xab\x44\x79\xad\xe5\xeb"
"\xef\x1f\x22\x0a\x44\x4f\xcb\x87"
"\xa7\x58\x71\x0e\x66\xf8\x60\xbf"
"\x60\x74\x4a\xb4\xec\x2e\xfe\xd3"
"\xf5\xb8\xfe\x46\x08\x50\x99\x6c"
"\x66\xa5\xa8\x34\x44\xb5\xe5\xf0"
"\xdd\x2c\x67\x4e\x35\x96\x8e\x67"
"\x48\x3f\x5f\x37\x44\x60\x51\x2e"
"\x14\x91\x5e\x57\xc3\x0e\x79\x77"
"\x2f\x03\xf4\xe2\x1c\x72\xbf\x85"
"\x5d\xd3\x17\xdf\x6c\xc5\x70\x24"
"\x42\xdf\x51\x4e\x2a\xb2\xd2\x5b"
"\x9e\x69\x83\x41\x11\xfe\x73\x22"
"\xde\x8a\x9e\xd8\x8a\xfb\x20\x38"
"\xd8\x47\x6f\xd5\xed\x8f\x41\xfd"
"\x13\x7a\x18\x03\x7d\x0f\xcd\x7d"
"\xa6\x7d\x31\x9e\xf1\x8f\x30\xa3"
"\x8b\x4c\x24\xb7\xf5\x48\xd7\xd9"
"\x12\xe7\x84\x97\x5c\x31\x6d\xfb"
"\xdf\xf3\xd3\xd1\xd5\x0c\x30\x06"
"\x01\x6a\xbc\x6c\x78\x7b\xa6\x50"
"\xfa\x0f\x3c\x42\x2d\xa5\xa3\x3b"
"\xcf\x62\x50\xff\x71\x6d\xe7\xda"
"\x27\xab\xc6\x67\x16\x65\x68\x64"
"\xc7\xd5\x5f\x81\xa9\xf6\x65\xb3"
"\x5e\x43\x91\x16\xcd\x3d\x55\x37"
"\x55\xb3\xf0\x28\xc5\x54\x19\xc0"
"\xe0\xd6\x2a\x61\xd4\xc8\x72\x51"
"\xe9\xa1\x7b\x48\x21\xad\x44\x09"
"\xe4\x01\x61\x3c\x8a\x5b\xf9\xa1"
"\x6e\x1b\xdf\xc0\x04\xa8\x8b\xf2"
"\x21\xbe\x34\x7b\xfc\xa1\xcd\xc9"
"\xa9\x96\xf4\xa4\x4c\xf7\x4e\x8f"
"\x84\xcc\xd3\xa8\x92\x77\x8f\x36"
"\xe2\x2e\x8c\x33\xe8\x84\xa6\x0c"
"\x6c\x8a\xda\x14\x32\xc2\x96\xff"
"\xc6\x4a\xc2\x9b\x30\x7f\xd1\x29"
"\xc0\xd5\x78\x41\x00\x80\x80\x03"
"\x2a\xb1\xde\x26\x03\x48\x49\xee"
"\x57\x14\x76\x51\x3c\x36\x5d\x0a"
"\x5c\x9f\xe8\xd8\x53\xdb\x4f\xd4"
"\x38\xbf\x66\xc9\x75\x12\x18\x75"
"\x34\x2d\x93\x22\x96\x51\x24\x6e"
"\x4e\xd9\x30\xea\x67\xff\x92\x1c"
"\x16\x26\xe9\xb5\x33\xab\x8c\x22"
"\x47\xdb\xa0\x2c\x08\xf0\x12\x69"
"\x7e\x93\x52\xda\xa5\xe5\xca\xc1"
"\x0f\x55\x2a\xbd\x09\x30\x88\x1b"
"\x9c\xc6\x9f\xe6\xdb\xa6\x92\xeb"
"\xf4\xbd\x5c\xc4\xdb\xc6\x71\x09"
"\xab\x5e\x48\x0c\xed\x6f\xda\x8e"
"\x8d\x0c\x98\x71\x7d\x10\xd0\x9c"
"\x20\x9b\x79\x53\x26\x5d\xb9\x85"
"\x8a\x31\xb8\xc5\x1c\x97\xde\x88"
"\x61\x55\x7f\x7c\x21\x06\xea\xc4"
"\x5f\xaf\xf2\xf0\xd5\x5e\x7d\xb4"
"\x6e\xcf\xe9\xae\x1b\x0e\x11\x80"
"\xc1\x9a\x74\x7e\x52\x6f\xa0\xb7"
"\x24\xcd\x8d\x0a\x11\x40\x63\x72"
"\xfa\xe2\xc5\xb3\x94\xef\x29\xa2"
"\x1a\x23\x43\x04\x37\x55\x0d\xe9"
"\x83\xb2\x29\x51\x49\x64\xa0\xbd"
"\xde\x73\xfd\xa5\x7c\x95\x70\x62"
"\x58\xdc\xe2\xd0\xbf\x98\xf5\x8a"
"\x6a\xfd\xce\xa8\x0e\x42\x2a\xeb"
"\xd2\xff\x83\x27\x53\x5c\xa0\x6e"
"\x93\xef\xe2\xb9\x5d\x35\xd6\x98"
"\xf6\x71\x19\x7a\x54\xa1\xa7\xe8"
"\x09\xfe\xf6\x9e\xc7\xbd\x3e\x29"
"\xbd\x6b\x17\xf4\xe7\x3e\x10\x5c"
"\xc1\xd2\x59\x4f\x4b\x12\x1a\x5b"
"\x50\x80\x59\xb9\xec\x13\x66\xa8"
"\xd2\x31\x7b\x6a\x61\x22\xdd\x7d"
"\x61\xee\x87\x16\x46\x9f\xf9\xc7"
"\x41\xee\x74\xf8\xd0\x96\x2c\x76"
"\x2a\xac\x7d\x6e\x9f\x0e\x7f\x95"
"\xfe\x50\x16\xb2\x23\xca\x62\xd5"
"\x68\xcf\x07\x3f\x3f\x97\x85\x2a"
"\x0c\x25\x45\xba\xdb\x32\xcb\x83"
"\x8c\x4f\xe0\x6d\x9a\x99\xf9\xc9"
"\xda\xd4\x19\x31\xc1\x7c\x6d\xd9"
"\x9c\x56\xd3\xec\xc1\x81\x4c\xed"
"\x28\x9d\x87\xeb\x19\xd7\x1a\x4f"
"\x04\x6a\xcb\x1f\xcf\x1f\xa2\x16"
"\xfc\x2a\x0d\xa1\x14\x2d\xfa\xc5"
"\x5a\xd2\xc5\xf9\x19\x7c\x20\x1f"
"\x2d\x10\xc0\x66\x7c\xd9\x2d\xe5"
"\x88\x70\x59\xa7\x85\xd5\x2e\x7c"
"\x5c\xe3\xb7\x12\xd6\x97\x3f\x29",
.psize = 2048,
.digest = "\x37\x90\x92\xc2\xeb\x01\x87\xd9"
"\x95\xc7\x91\xc3\x17\x8b\x38\x52",
}
};
/*
* DES test vectors.
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec des_tv_template[] = {
{ /* From Applied Cryptography */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7",
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d",
.len = 8,
}, { /* Same key, different plaintext block */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x22\x33\x44\x55\x66\x77\x88\x99",
.ctext = "\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b",
.len = 8,
}, { /* Sbox test from NBS */
.key = "\x7c\xa1\x10\x45\x4a\x1a\x6e\x57",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\xa1\xd6\xd0\x39\x77\x67\x42",
.ctext = "\x69\x0f\x5b\x0d\x9a\x26\x93\x9b",
.len = 8,
}, { /* Three blocks */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xca\xfe\xba\xbe\xfe\xed\xbe\xef",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b"
"\xb4\x99\x26\xf7\x1f\xe1\xd4\x90",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 24,
}, { /* Weak key */
.fail = true,
.wk = 1,
.key = "\x01\x01\x01\x01\x01\x01\x01\x01",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7",
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d",
.len = 8,
}, { /* Two blocks -- for testing encryption across pages */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
"\x22\x33\x44\x55\x66\x77\x88\x99",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
.np = 2,
.tap = { 8, 8 }
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
"\xa3\x99\x7b\xca\xaf\x69\xa0\xf5",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\x69\x0f\x5b\x0d\x9a\x26\x93\x9b",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
.np = 2,
.tap = { 8, 8 }
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
"\xa3\x99\x7b\xca\xaf\x69\xa0\xf5",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\x69\x0f\x5b\x0d\x9a\x26\x93\x9b",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
.np = 3,
.tap = { 3, 12, 1 }
}, { /* Four blocks -- for testing encryption with chunking */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xca\xfe\xba\xbe\xfe\xed\xbe\xef"
"\x22\x33\x44\x55\x66\x77\x88\x99",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b"
"\xb4\x99\x26\xf7\x1f\xe1\xd4\x90"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 32,
.np = 3,
.tap = { 14, 10, 8 }
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xca\xfe\xba\xbe\xfe\xed\xbe\xef",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b"
"\xb4\x99\x26\xf7\x1f\xe1\xd4\x90",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 24,
.np = 4,
.tap = { 2, 1, 3, 18 }
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7"
"\x22\x33\x44\x55\x66\x77\x88\x99",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d"
"\xf7\x9c\x89\x2a\x33\x8f\x4a\x8b",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
.np = 5,
.tap = { 2, 2, 2, 2, 8 }
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xe7",
.ctext = "\xc9\x57\x44\x25\x6a\x5e\xd3\x1d",
.len = 8,
.np = 8,
.tap = { 1, 1, 1, 1, 1, 1, 1, 1 }
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82\xEB",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x88\xCB\x1F\xAB\x2F\x2A\x49\x57"
"\x92\xB9\x77\xFF\x2F\x47\x58\xDD"
"\xD7\x8A\x91\x95\x26\x33\x78\xB2"
"\x33\xBA\xB2\x3E\x02\xF5\x1F\xEF"
"\x98\xC5\xA6\xD2\x7D\x79\xEC\xB3"
"\x45\xF3\x4C\x61\xAC\x6C\xC2\x55"
"\xE5\xD3\x06\x58\x8A\x42\x3E\xDD"
"\x3D\x20\x45\xE9\x6F\x0D\x25\xA8"
"\xA5\xC7\x69\xCE\xD5\x3B\x7B\xC9"
"\x9E\x65\xE7\xA3\xF2\xE4\x18\x94"
"\xD2\x81\xE9\x33\x2B\x2D\x49\xC4"
"\xFE\xDA\x7F\xE2\xF2\x8C\x9C\xDC"
"\x73\x58\x11\x1F\x81\xD7\x21\x1A"
"\x80\xD0\x0D\xE8\x45\xD6\xD8\xD5"
"\x2E\x51\x16\xCA\x09\x89\x54\x62"
"\xF7\x04\x3D\x75\xB9\xA3\x84\xF4"
"\x62\xF0\x02\x58\x83\xAF\x30\x87"
"\x85\x3F\x01\xCD\x8E\x58\x42\xC4"
"\x41\x73\xE0\x15\x0A\xE6\x2E\x80"
"\x94\xF8\x5B\x3A\x4E\xDF\x51\xB2"
"\x9D\xE4\xC4\x9D\xF7\x3F\xF8\x8E"
"\x37\x22\x4D\x00\x2A\xEF\xC1\x0F"
"\x14\xA0\x66\xAB\x79\x39\xD0\x8E"
"\xE9\x95\x61\x74\x12\xED\x07\xD7"
"\xDD\x95\xDC\x7B\x57\x25\x27\x9C"
"\x51\x96\x16\xF7\x94\x61\xB8\x87"
"\xF0\x21\x1B\x32\xFB\x07\x0F\x29"
"\x56\xBD\x9D\x22\xA2\x9F\xA2\xB9"
"\x46\x31\x4C\x5E\x2E\x95\x61\xEF"
"\xE1\x58\x39\x09\xB4\x8B\x40\xAC"
"\x5F\x62\xC7\x72\xD9\xFC\xCB\x9A",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 248,
.also_non_np = 1,
.np = 3,
.tap = { 248 - 10, 2, 8 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec des_cbc_tv_template[] = {
{ /* From OpenSSL */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x37\x36\x35\x34\x33\x32\x31\x20"
"\x4e\x6f\x77\x20\x69\x73\x20\x74"
"\x68\x65\x20\x74\x69\x6d\x65\x20",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xcc\xd1\x73\xff\xab\x20\x39\xf4"
"\xac\xd8\xae\xfd\xdf\xd8\xa1\xeb"
"\x46\x8e\x91\x15\x78\x88\xba\x68",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 24,
}, { /* FIPS Pub 81 */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\x12\x34\x56\x78\x90\xab\xcd\xef",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x4e\x6f\x77\x20\x69\x73\x20\x74",
.ctext = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c",
.len = 8,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\xe5\xc7\xcd\xde\x87\x2b\xf2\x7c",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x68\x65\x20\x74\x69\x6d\x65\x20",
.ctext = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f",
.len = 8,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\x43\xe9\x34\x00\x8c\x38\x9c\x0f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x66\x6f\x72\x20\x61\x6c\x6c\x20",
.ctext = "\x68\x37\x88\x49\x9a\x7c\x05\xf6",
.len = 8,
.np = 2,
.tap = { 4, 4 },
.also_non_np = 1,
}, { /* Copy of openssl vector for chunk testing */
/* From OpenSSL */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x37\x36\x35\x34\x33\x32\x31\x20"
"\x4e\x6f\x77\x20\x69\x73\x20\x74"
"\x68\x65\x20\x74\x69\x6d\x65\x20",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xcc\xd1\x73\xff\xab\x20\x39\xf4"
"\xac\xd8\xae\xfd\xdf\xd8\xa1\xeb"
"\x46\x8e\x91\x15\x78\x88\xba\x68",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 24,
.np = 2,
.tap = { 13, 11 }
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82\xEB",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x71\xCC\x56\x1C\x87\x2C\x43\x20"
"\x1C\x20\x13\x09\xF9\x2B\x40\x47"
"\x99\x10\xD1\x1B\x65\x33\x33\xBA"
"\x88\x0D\xA2\xD1\x86\xFF\x4D\xF4"
"\x5A\x0C\x12\x96\x32\x57\xAA\x26"
"\xA7\xF4\x32\x8D\xBC\x10\x31\x9E"
"\x81\x72\x74\xDE\x30\x19\x69\x49"
"\x54\x9C\xC3\xEB\x0B\x97\xDD\xD1"
"\xE8\x6D\x0D\x05\x83\xA5\x12\x08"
"\x47\xF8\x88\x03\x86\x51\x3C\xEF"
"\xE7\x11\x73\x4D\x44\x2B\xE2\x16"
"\xE8\xA5\x06\x50\x66\x70\x0E\x14"
"\xBA\x21\x3B\xD5\x23\x5B\xA7\x8F"
"\x56\xB6\xA7\x44\xDB\x86\xAB\x69"
"\x33\x3C\xBE\x64\xC4\x22\xD3\xFE"
"\x49\x90\x88\x6A\x09\x8F\x76\x59"
"\xCB\xB7\xA0\x2D\x79\x75\x92\x8A"
"\x82\x1D\xC2\xFE\x09\x1F\x78\x6B"
"\x2F\xD6\xA4\x87\x1E\xC4\x53\x63"
"\x80\x02\x61\x2F\xE3\x46\xB6\xB5"
"\xAA\x95\xF4\xEE\xA7\x64\x2B\x4F"
"\x20\xCF\xD2\x47\x4E\x39\x65\xB3"
"\x11\x87\xA2\x6C\x49\x7E\x36\xC7"
"\x62\x8B\x48\x0D\x6A\x64\x00\xBD"
"\x71\x91\x8C\xE9\x70\x19\x01\x4F"
"\x4E\x68\x23\xBA\xDA\x24\x2E\x45"
"\x02\x14\x33\x21\xAE\x58\x4B\xCF"
"\x3B\x4B\xE8\xF8\xF6\x4F\x34\x93"
"\xD7\x07\x8A\xD7\x18\x92\x36\x8C"
"\x82\xA9\xBD\x6A\x31\x91\x39\x11"
"\xC6\x4A\xF3\x55\xC7\x29\x2E\x63",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 248,
.also_non_np = 1,
.np = 3,
.tap = { 248 - 10, 2, 8 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec des_ctr_tv_template[] = {
{ /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82\xEB",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x2F\x96\x06\x0F\x50\xC9\x68\x03"
"\x0F\x31\xD4\x64\xA5\x29\x77\x35"
"\xBC\x7A\x9F\x19\xE7\x0D\x33\x3E"
"\x12\x0B\x8C\xAE\x48\xAE\xD9\x02"
"\x0A\xD4\xB0\xD6\x37\xB2\x65\x1C"
"\x4B\x65\xEB\x24\xB5\x8E\xAD\x47"
"\x0D\xDA\x79\x77\xA0\x29\xA0\x2B"
"\xC8\x0F\x85\xDC\x03\x13\xA9\x04"
"\x19\x40\xBE\xBE\x5C\x49\x4A\x69"
"\xED\xE8\xE1\x9E\x14\x43\x74\xDE"
"\xEC\x6E\x11\x3F\x36\xEF\x7B\xFB"
"\xBE\x4C\x91\x43\x22\x65\x72\x48"
"\xE2\x12\xED\x88\xAC\xA7\xC9\x91"
"\x14\xA2\x36\x1C\x29\xFF\xC8\x4F"
"\x72\x5C\x4B\xB0\x1E\x93\xC2\xFA"
"\x9D\x53\x86\xA0\xAE\xC6\xB7\x3C"
"\x59\x0C\xD0\x8F\xA6\xD8\xA4\x31"
"\xB7\x30\x1C\x21\x38\xFB\x68\x8C"
"\x2E\xF5\x6E\x73\xC3\x16\x5F\x12"
"\x0C\x33\xB9\x1E\x7B\x70\xDE\x86"
"\x32\xB3\xC1\x16\xAB\xD9\x49\x0B"
"\x96\x28\x72\x6B\xF3\x30\xA9\xEB"
"\x69\xE2\x1E\x58\x46\xA2\x8E\xC7"
"\xC0\xEF\x07\xB7\x77\x2C\x00\x05"
"\x46\xBD\xFE\x53\x81\x8B\xA4\x03"
"\x20\x0F\xDB\x78\x0B\x1F\x53\x04"
"\x4C\x60\x4C\xC3\x2A\x86\x86\x7E"
"\x13\xD2\x26\xED\x5D\x3E\x9C\xF2"
"\x5C\xC4\x15\xC9\x9A\x21\xC5\xCD"
"\x19\x7F\x99\x19\x53\xCE\x1D\x14"
"\x69\x74\xA1\x06\x46\x0F\x4E\x75",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 248,
.also_non_np = 1,
.np = 3,
.tap = { 248 - 10, 2, 8 },
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55",
.klen = 8,
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x62\xE5\xF4\xDC\x99\xE7\x89\xE3"
"\xF4\x10\xCC\x21\x99\xEB\xDC\x15"
"\x19\x13\x93\x27\x9D\xB6\x6F\x45"
"\x17\x55\x61\x72\xC8\xD3\x7F\xA5"
"\x32\xD0\xD3\x02\x15\xA4\x05\x23"
"\x9C\x23\x61\x60\x77\x7B\x6C\x95"
"\x26\x49\x42\x2E\xF3\xC1\x8C\x6D"
"\xC8\x47\xD5\x94\xE7\x53\xC8\x23"
"\x1B\xA5\x0B\xCB\x12\xD3\x7A\x12"
"\xA4\x42\x15\x34\xF7\x5F\xDC\x58"
"\x5B\x58\x4C\xAD\xD1\x33\x8E\xE6"
"\xE5\xA0\xDA\x4D\x94\x3D\x63\xA8"
"\x02\x82\xBB\x16\xB8\xDC\xB5\x58"
"\xC3\x2D\x79\xE4\x25\x79\x43\xF9"
"\x6D\xD3\xCA\xC0\xE8\x12\xD4\x7E"
"\x04\x25\x79\xFD\x27\xFB\xC4\xEA"
"\x32\x94\x48\x92\xF3\x68\x1A\x7F"
"\x36\x33\x43\x79\xF7\xCA\xC2\x38"
"\xC0\x68\xD4\x53\xA9\xCC\x43\x0C"
"\x40\x57\x3E\xED\x00\x9F\x22\x6E"
"\x80\x99\x0B\xCC\x40\x63\x46\x8A"
"\xE8\xC4\x9B\x6D\x7A\x08\x6E\xA9"
"\x6F\x84\xBC\xB3\xF4\x95\x0B\x2D"
"\x6A\xBA\x37\x50\xC3\xCF\x9F\x7C"
"\x59\x5E\xDE\x0B\x30\xFA\x34\x8A"
"\xF8\xD1\xA2\xF8\x4E\xBD\x5D\x5E"
"\x7D\x71\x99\xE0\xF6\xE5\x7C\xE0"
"\x6D\xEE\x82\x89\x92\xD4\xF5\xD7"
"\xDF\x85\x2D\xE1\xB2\xD6\xAB\x94"
"\xA5\xA6\xE7\xB0\x51\x36\x52\x37"
"\x91\x45\x05\x3E\x58\xBF\x32",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 247,
.also_non_np = 1,
.np = 2,
.tap = { 247 - 8, 8 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec des3_ede_tv_template[] = {
{ /* These are from openssl */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\x55\x55\x55\x55\x55\x55\x55\x55"
"\xfe\xdc\xba\x98\x76\x54\x32\x10",
.klen = 24,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x73\x6f\x6d\x65\x64\x61\x74\x61",
.ctext = "\x18\xd7\x48\xe5\x63\x62\x05\x72",
.len = 8,
}, {
.key = "\x03\x52\x02\x07\x67\x20\x82\x17"
"\x86\x02\x87\x66\x59\x08\x21\x98"
"\x64\x05\x6a\xbd\xfe\xa9\x34\x57",
.klen = 24,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x73\x71\x75\x69\x67\x67\x6c\x65",
.ctext = "\xc0\x7d\x2a\x0f\xa5\x66\xfa\x30",
.len = 8,
}, {
.key = "\x10\x46\x10\x34\x89\x98\x80\x20"
"\x91\x07\xd0\x15\x89\x19\x01\x01"
"\x19\x07\x92\x10\x98\x1a\x01\x01",
.klen = 24,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\xe1\xef\x62\xc3\x32\xfe\x82\x5b",
.len = 8,
}, { /* Generated with Crypto++ */
.key = "\xF3\x9C\xD6\xF3\x9C\xB9\x5A\x67"
"\x00\x5A\x67\x00\x2D\xCE\xEB\x2D"
"\xCE\xEB\xB4\x51\x72\xB4\x51\x72",
.klen = 24,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20"
"\x8B\x12\x86\x69\xF0\x5B\xCF\x56"
"\x39\xAD\x34\x9F\x66\xEA\x7D\xC4"
"\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A"
"\xFE\x41\x28\x5C\x27\x8E\x11\x85"
"\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B"
"\x92\x65\xE9\x70\xDB\x4F\xD6\xB9"
"\x00\xB4\x1F\xE6\x49\xFD\x44\x2F"
"\x53\x3A\x8D\x14\x98\x63\xCA\x5D"
"\xC1\xA8\x33\xA7\x0E\x91\x78\xEC"
"\x77\xDE\x42\xD5\xBC\x07\x8B\x12"
"\xE5\x4C\xF0\x5B\x22\x56\x39\x80"
"\x6B\x9F\x66\xC9\x50\xC4\xAF\x36"
"\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41"
"\x28\xB3\x1A\x8E\x11\xF8\x43\xF7"
"\x5E\x21\x55\x3C\x87\x6E\x92\x65"
"\xCC\x57\xDB\xA2\x35\xB9\x00\xEB"
"\x72\xE6\x49\xD0\x44\x2F\xB6\x19"
"\x8D\x14\xFF\x46\xCA\x5D\x24\xA8"
"\x33\x9A\x6D\x91\x78\xC3\x77\xDE"
"\xA1\x08\xBC\x07\xEE\x71\xE5\x4C"
"\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2"
"\x45\xC9\x50\x3B\xAF\x36\x99\x60"
"\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3"
"\x1A\xED\x74\xF8\x43\x2A\x5E\x21"
"\x88\x13\x87\x6E\xF1\x58\xCC\x57"
"\x3E\xA2\x35\x9C\x67\xEB\x72\xC5"
"\x49\xD0\xBB\x02\xB6\x19\xE0\x4B"
"\xFF\x46\x29\x5D\x24\x8F\x16\x9A"
"\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08"
"\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE"
"\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C"
"\x50\x3B\x82\x15\x99\x60\xCB\x52"
"\xC6\xA9\x30\xA4\x0F\x96\x79\xED"
"\x74\xDF\x43\x2A\xBD\x04\x88\x13"
"\xFA\x4D\xF1\x58\x23\x57\x3E\x81"
"\x68\x9C\x67\xCE\x51\xC5\xAC\x37"
"\xBB\x02\x95\x7C\xE0\x4B\xD2\x46"
"\x29\xB0\x1B\x8F\x16\xF9\x40\xF4"
"\x5F\x26\xAA\x3D\x84\x6F\x93\x7A"
"\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8"
"\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E"
"\x82\x15\xFC\x47\xCB\x52\x25\xA9"
"\x30\x9B\x62\x96\x79\xC0\x74\xDF"
"\xA6\x09\xBD\x04\xEF\x76\xFA\x4D"
"\xD4\x58\x23\x8A\x1D\x81\x68\xF3"
"\x5A\xCE\x51\x38\xAC\x37\x9E\x61"
"\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0"
"\x1B\xE2\x75\xF9\x40\x2B\x5F\x26"
"\x89\x10\x84\x6F\xF6\x59\xCD\x54"
"\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA"
"\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48"
"\xFC\x47\x2E\x52\x25\x8C\x17\x9B"
"\x62\xF5\x5C\xC0\xAB\x32\xA6\x09"
"\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF"
"\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D"
"\x51\x38\x83\x6A\x9E\x61\xC8\x53"
"\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2"
"\x75\xDC\x40\x2B\xB2\x05\x89\x10"
"\xFB\x42\xF6\x59\x20\x54\x3F\x86"
"\x69\x9D\x64\xCF\x56\xDA\xAD\x34"
"\xB8\x03\xEA\x7D\xE1\x48\xD3\x47",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x4E\x9A\x40\x3D\x61\x7D\x17\xFA"
"\x16\x86\x88\x0B\xD8\xAE\xF8\xE4"
"\x81\x01\x04\x00\x76\xFA\xED\xD3"
"\x44\x7E\x21\x9D\xF0\xFB\x2B\x64"
"\xCA\x4E\x90\xE0\xC0\x63\x28\x92"
"\xF3\x1F\xA4\x53\x2C\x77\xCC\x77"
"\x69\x56\xD0\x19\xAD\x00\x2D\x97"
"\xBC\xDE\x49\x6A\x82\xBC\x16\xE2"
"\x2F\x3E\x72\xEE\xD1\xCE\xFC\x1B"
"\xEA\x32\x56\xE4\x0B\xAF\x27\x36"
"\xAF\x08\xB9\x61\xB7\x48\x23\x27"
"\xEE\x4D\xC8\x79\x56\x06\xEB\xC7"
"\x5B\xCA\x0A\xC6\x5E\x5C\xCB\xB6"
"\x9D\xDA\x04\x59\xE2\x09\x48\x7E"
"\x6B\x37\xC6\xFE\x92\xA9\x1E\x6E"
"\x0D\x19\xFA\x33\x0F\xEE\x36\x68"
"\x11\xBB\xF9\x5A\x73\xAB\x3A\xEA"
"\xAC\x28\xD8\xD5\x27\xE8\x6B\x16"
"\x45\x86\x50\x01\x70\x35\x99\x92"
"\xDF\x0C\x07\x88\x8B\x7F\x9E\x4B"
"\xD2\x04\x84\x90\xC4\x27\xDF\x0A"
"\x49\xA8\xA7\x1A\x6D\x78\x16\xCA"
"\xB3\x18\x5C\xC3\x93\x63\x5A\x68"
"\x77\x02\xBA\xED\x62\x71\xB1\xD9"
"\x5E\xE5\x6F\x1A\xCC\x1D\xBE\x2E"
"\x11\xF3\xA6\x97\xCA\x8E\xBF\xB4"
"\x56\xA1\x36\x6B\xB1\x0A\x3E\x70"
"\xEA\xD7\xCD\x72\x7B\x79\xC8\xAD"
"\x6B\xFE\xFB\xBA\x64\xAE\x19\xC1"
"\x82\xCF\x8A\xA1\x50\x17\x7F\xB2"
"\x6F\x7B\x0F\x52\xC5\x3E\x4A\x52"
"\x3F\xD9\x3F\x01\xA6\x41\x1A\xB3"
"\xB3\x7A\x0E\x8E\x75\xB2\xB1\x5F"
"\xDB\xEA\x84\x13\x26\x6C\x85\x4E"
"\xAE\x6B\xDC\xE7\xE7\xAD\xB0\x06"
"\x5C\xBA\x92\xD0\x30\xBB\x8D\xD2"
"\xAE\x4C\x70\x85\xA0\x07\xE3\x2C"
"\xD1\x27\x9C\xCF\xDB\x13\xB7\xE5"
"\xF9\x6A\x02\xD0\x39\x9D\xB6\xE7"
"\xD1\x17\x25\x08\xF9\xA9\xA6\x67"
"\x38\x80\xD1\x22\xAB\x1A\xD7\x26"
"\xAD\xCA\x19\x1B\xFA\x18\xA7\x57"
"\x31\xEC\xC9\xED\xDB\x79\xC0\x48"
"\xAC\x31\x9F\x03\x8B\x62\x5B\x7E"
"\x0E\xA6\xD0\x64\xEE\xEA\x00\xFC"
"\x58\xC8\xDE\x51\x4E\x17\x15\x11"
"\x66\x58\xB6\x90\xDC\xDF\xA1\x49"
"\xCA\x79\xE9\x31\x31\x42\xDC\x56"
"\x0B\xCD\xB6\x0D\xC7\x64\xF7\x19"
"\xD9\x42\x05\x7F\xBC\x2F\xFC\x90"
"\xAE\x29\x86\xAA\x43\x7A\x4F\x6B"
"\xCE\xEA\xBC\x31\x8D\x65\x9D\x46"
"\xEA\x77\xB4\xF9\x58\xEA\x5D\x84"
"\xE4\xDC\x14\xBB\xBD\x15\x0E\xDA"
"\xD8\xE4\xA4\x5D\x61\xF9\x58\x0F"
"\xE4\x82\x77\xCE\x87\xC0\x09\xF0"
"\xD6\x10\x9E\x34\xE1\x0C\x67\x55"
"\x7B\x6D\xD5\x51\x4B\x00\xEE\xBA"
"\xF2\x7B\xBE\x75\x07\x42\x9D\x99"
"\x12\xE1\x71\x4A\xF9\x2A\xF5\xF6"
"\x93\x03\xD7\x51\x09\xFA\xBE\x68"
"\xD8\x45\xFF\x33\xBA\xBB\x2B\x63",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec des3_ede_cbc_tv_template[] = {
{ /* Generated from openssl */
.key = "\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
"\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
"\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
.klen = 24,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
"\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
"\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
"\x76\xd1\xda\x0c\x94\x67\xbb\x04"
"\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
"\x22\x64\x47\xaa\x8f\x75\x13\xbf"
"\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
"\x71\x63\x2e\x89\x7b\x1e\x12\xca"
"\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
"\xd6\xf9\x21\x31\x62\x44\x45\xa6"
"\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
"\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
"\x6b\xfa\xb1\x91\x13\xb0\xd9\x19",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 128,
}, { /* Generated with Crypto++ */
.key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00"
"\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE"
"\xEB\xB4\x51\x72\xB4\x51\x72\x1F",
.klen = 24,
.iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12"
"\xB7\x28\x4D\x83\x24\x59\xF2\x17",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20"
"\x8B\x12\x86\x69\xF0\x5B\xCF\x56"
"\x39\xAD\x34\x9F\x66\xEA\x7D\xC4"
"\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A"
"\xFE\x41\x28\x5C\x27\x8E\x11\x85"
"\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B"
"\x92\x65\xE9\x70\xDB\x4F\xD6\xB9"
"\x00\xB4\x1F\xE6\x49\xFD\x44\x2F"
"\x53\x3A\x8D\x14\x98\x63\xCA\x5D"
"\xC1\xA8\x33\xA7\x0E\x91\x78\xEC"
"\x77\xDE\x42\xD5\xBC\x07\x8B\x12"
"\xE5\x4C\xF0\x5B\x22\x56\x39\x80"
"\x6B\x9F\x66\xC9\x50\xC4\xAF\x36"
"\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41"
"\x28\xB3\x1A\x8E\x11\xF8\x43\xF7"
"\x5E\x21\x55\x3C\x87\x6E\x92\x65"
"\xCC\x57\xDB\xA2\x35\xB9\x00\xEB"
"\x72\xE6\x49\xD0\x44\x2F\xB6\x19"
"\x8D\x14\xFF\x46\xCA\x5D\x24\xA8"
"\x33\x9A\x6D\x91\x78\xC3\x77\xDE"
"\xA1\x08\xBC\x07\xEE\x71\xE5\x4C"
"\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2"
"\x45\xC9\x50\x3B\xAF\x36\x99\x60"
"\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3"
"\x1A\xED\x74\xF8\x43\x2A\x5E\x21"
"\x88\x13\x87\x6E\xF1\x58\xCC\x57"
"\x3E\xA2\x35\x9C\x67\xEB\x72\xC5"
"\x49\xD0\xBB\x02\xB6\x19\xE0\x4B"
"\xFF\x46\x29\x5D\x24\x8F\x16\x9A"
"\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08"
"\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE"
"\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C"
"\x50\x3B\x82\x15\x99\x60\xCB\x52"
"\xC6\xA9\x30\xA4\x0F\x96\x79\xED"
"\x74\xDF\x43\x2A\xBD\x04\x88\x13"
"\xFA\x4D\xF1\x58\x23\x57\x3E\x81"
"\x68\x9C\x67\xCE\x51\xC5\xAC\x37"
"\xBB\x02\x95\x7C\xE0\x4B\xD2\x46"
"\x29\xB0\x1B\x8F\x16\xF9\x40\xF4"
"\x5F\x26\xAA\x3D\x84\x6F\x93\x7A"
"\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8"
"\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E"
"\x82\x15\xFC\x47\xCB\x52\x25\xA9"
"\x30\x9B\x62\x96\x79\xC0\x74\xDF"
"\xA6\x09\xBD\x04\xEF\x76\xFA\x4D"
"\xD4\x58\x23\x8A\x1D\x81\x68\xF3"
"\x5A\xCE\x51\x38\xAC\x37\x9E\x61"
"\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0"
"\x1B\xE2\x75\xF9\x40\x2B\x5F\x26"
"\x89\x10\x84\x6F\xF6\x59\xCD\x54"
"\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA"
"\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48"
"\xFC\x47\x2E\x52\x25\x8C\x17\x9B"
"\x62\xF5\x5C\xC0\xAB\x32\xA6\x09"
"\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF"
"\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D"
"\x51\x38\x83\x6A\x9E\x61\xC8\x53"
"\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2"
"\x75\xDC\x40\x2B\xB2\x05\x89\x10"
"\xFB\x42\xF6\x59\x20\x54\x3F\x86"
"\x69\x9D\x64\xCF\x56\xDA\xAD\x34"
"\xB8\x03\xEA\x7D\xE1\x48\xD3\x47",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xF8\xF6\xB5\x60\x5C\x5A\x75\x84"
"\x87\x81\x53\xBA\xC9\x6F\xEC\xD5"
"\x1E\x68\x8E\x85\x12\x86\x1D\x38"
"\x1C\x91\x40\xCC\x69\x6A\xD5\x35"
"\x0D\x7C\xB5\x07\x7C\x7B\x2A\xAF"
"\x32\xBC\xA1\xB3\x84\x31\x1B\x3C"
"\x0A\x2B\xFA\xD3\x9F\xB0\x8C\x37"
"\x8F\x9D\xA7\x6D\x6C\xFA\xD7\x90"
"\xE3\x69\x54\xED\x3A\xC4\xF1\x6B"
"\xB1\xCC\xFB\x7D\xD8\x8E\x17\x0B"
"\x9C\xF6\x4C\xD6\xFF\x03\x4E\xD9"
"\xE6\xA5\xAD\x25\xE6\x17\x69\x63"
"\x11\x35\x61\x94\x88\x7B\x1C\x48"
"\xF1\x24\x20\x29\x6B\x93\x1A\x8E"
"\x43\x03\x89\xD8\xB1\xDA\x47\x7B"
"\x79\x3A\x83\x76\xDA\xAE\xC6\xBB"
"\x22\xF8\xE8\x3D\x9A\x65\x54\xD8"
"\x4C\xE9\xE7\xE4\x63\x2F\x5C\x73"
"\x5A\xC3\xAE\x46\xA8\xCD\x57\xE6"
"\x67\x88\xA5\x20\x6F\x5F\x97\xC7"
"\xCC\x15\xA2\x0A\x93\xEA\x33\xE7"
"\x03\x5F\xEC\x64\x30\x6F\xEE\xD7"
"\x7E\xDF\xD6\xE9\x6F\x3F\xD6\x1E"
"\xBE\x67\x6C\x5B\x97\xA0\x09\xE6"
"\xEE\xFE\x55\xA3\x29\x65\xE0\x12"
"\xA1\x6A\x8A\x6F\xF2\xE6\xF1\x96"
"\x87\xFB\x9C\x05\xDD\x80\xEC\xFF"
"\xC5\xED\x50\xFE\xFC\x91\xCD\xCE"
"\x25\x2C\x5F\xD9\xAD\x95\x7D\x99"
"\xF0\x05\xC4\x71\x46\x5F\xF9\x0D"
"\xD2\x63\xDF\x9B\x96\x2E\x2B\xA6"
"\x2B\x1C\xD5\xFB\x96\x24\x60\x60"
"\x54\x40\xB8\x62\xA4\xF8\x46\x95"
"\x73\x28\xA3\xA6\x16\x2B\x17\xE7"
"\x7A\xF8\x62\x54\x3B\x64\x69\xE1"
"\x71\x34\x29\x5B\x4E\x05\x9B\xFA"
"\x5E\xF1\x96\xB7\xCE\x16\x9B\x59"
"\xF1\x1A\x4C\x51\x26\xFD\x79\xE2"
"\x3B\x8E\x71\x69\x6A\x91\xB6\x65"
"\x32\x09\xB8\xE4\x09\x1F\xEA\x39"
"\xCE\x20\x65\x9F\xD6\xD1\xC7\xF0"
"\x73\x50\x08\x56\x20\x9B\x94\x23"
"\x14\x39\xB7\x2B\xB1\x2D\x6D\x6F"
"\x41\x5B\xCC\xE2\x18\xAE\x62\x89"
"\x78\x8E\x67\x23\xD0\xFB\x2B\xE5"
"\x25\xC9\x48\x97\xB5\xD3\x17\xD5"
"\x6A\x9F\xA7\x48\x0C\x2B\x73\x3B"
"\x57\x08\xAE\x91\xF2\xB7\x57\x89"
"\xF4\xD0\xB0\x07\xB0\x42\x6C\xAF"
"\x98\x1A\xE7\xD1\xAC\x1E\xB5\x02"
"\xD4\x56\x42\x79\x79\x7F\x2A\x77"
"\x25\xE9\x7D\xC1\x88\x19\x2B\x49"
"\x6F\x46\x59\xAB\x56\x1F\x61\xE0"
"\x0C\x24\x9C\xC9\x5B\x63\xA9\x12"
"\xCF\x88\x96\xB6\xA8\x24\xC6\xA8"
"\x21\x85\x1A\x62\x7E\x34\xBB\xEB"
"\xBD\x02\x2A\xC7\xD8\x89\x80\xC5"
"\xB1\xBB\x60\xA5\x22\xFC\x6F\x38"
"\x02\x80\xA3\x28\x22\x75\xE1\xE9"
"\x90\xE9\xFA\x4B\x00\x10\xAC\x58"
"\x83\x70\xFF\x86\xE6\xAA\x0F\x1F"
"\x95\x63\x73\xA2\x44\xAC\xF8\xA5",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec des3_ede_ctr_tv_template[] = {
{ /* Generated with Crypto++ */
.key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00"
"\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE"
"\xEB\xB4\x51\x72\xB4\x51\x72\x1F",
.klen = 24,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20"
"\x8B\x12\x86\x69\xF0\x5B\xCF\x56"
"\x39\xAD\x34\x9F\x66\xEA\x7D\xC4"
"\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A"
"\xFE\x41\x28\x5C\x27\x8E\x11\x85"
"\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B"
"\x92\x65\xE9\x70\xDB\x4F\xD6\xB9"
"\x00\xB4\x1F\xE6\x49\xFD\x44\x2F"
"\x53\x3A\x8D\x14\x98\x63\xCA\x5D"
"\xC1\xA8\x33\xA7\x0E\x91\x78\xEC"
"\x77\xDE\x42\xD5\xBC\x07\x8B\x12"
"\xE5\x4C\xF0\x5B\x22\x56\x39\x80"
"\x6B\x9F\x66\xC9\x50\xC4\xAF\x36"
"\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41"
"\x28\xB3\x1A\x8E\x11\xF8\x43\xF7"
"\x5E\x21\x55\x3C\x87\x6E\x92\x65"
"\xCC\x57\xDB\xA2\x35\xB9\x00\xEB"
"\x72\xE6\x49\xD0\x44\x2F\xB6\x19"
"\x8D\x14\xFF\x46\xCA\x5D\x24\xA8"
"\x33\x9A\x6D\x91\x78\xC3\x77\xDE"
"\xA1\x08\xBC\x07\xEE\x71\xE5\x4C"
"\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2"
"\x45\xC9\x50\x3B\xAF\x36\x99\x60"
"\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3"
"\x1A\xED\x74\xF8\x43\x2A\x5E\x21"
"\x88\x13\x87\x6E\xF1\x58\xCC\x57"
"\x3E\xA2\x35\x9C\x67\xEB\x72\xC5"
"\x49\xD0\xBB\x02\xB6\x19\xE0\x4B"
"\xFF\x46\x29\x5D\x24\x8F\x16\x9A"
"\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08"
"\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE"
"\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C"
"\x50\x3B\x82\x15\x99\x60\xCB\x52"
"\xC6\xA9\x30\xA4\x0F\x96\x79\xED"
"\x74\xDF\x43\x2A\xBD\x04\x88\x13"
"\xFA\x4D\xF1\x58\x23\x57\x3E\x81"
"\x68\x9C\x67\xCE\x51\xC5\xAC\x37"
"\xBB\x02\x95\x7C\xE0\x4B\xD2\x46"
"\x29\xB0\x1B\x8F\x16\xF9\x40\xF4"
"\x5F\x26\xAA\x3D\x84\x6F\x93\x7A"
"\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8"
"\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E"
"\x82\x15\xFC\x47\xCB\x52\x25\xA9"
"\x30\x9B\x62\x96\x79\xC0\x74\xDF"
"\xA6\x09\xBD\x04\xEF\x76\xFA\x4D"
"\xD4\x58\x23\x8A\x1D\x81\x68\xF3"
"\x5A\xCE\x51\x38\xAC\x37\x9E\x61"
"\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0"
"\x1B\xE2\x75\xF9\x40\x2B\x5F\x26"
"\x89\x10\x84\x6F\xF6\x59\xCD\x54"
"\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA"
"\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48"
"\xFC\x47\x2E\x52\x25\x8C\x17\x9B"
"\x62\xF5\x5C\xC0\xAB\x32\xA6\x09"
"\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF"
"\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D"
"\x51\x38\x83\x6A\x9E\x61\xC8\x53"
"\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2"
"\x75\xDC\x40\x2B\xB2\x05\x89\x10"
"\xFB\x42\xF6\x59\x20\x54\x3F\x86"
"\x69\x9D\x64\xCF\x56\xDA\xAD\x34"
"\xB8\x03\xEA\x7D\xE1\x48\xD3\x47",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x07\xC2\x08\x20\x72\x1F\x49\xEF"
"\x19\xCD\x6F\x32\x53\x05\x22\x15"
"\xA2\x85\x2B\xDB\x85\xD2\xD8\xB9"
"\xDD\x0D\x1B\x45\xCB\x69\x11\xD4"
"\xEA\xBE\xB2\x45\x5D\x0C\xAE\xBE"
"\xA0\xC1\x27\xAC\x65\x9F\x53\x7E"
"\xAF\xC2\x1B\xB5\xB8\x6D\x36\x0C"
"\x25\xC0\xF8\x6D\x0B\x29\x01\xDA"
"\x13\x78\xDC\x89\x12\x12\x43\xFA"
"\xF6\x12\xEF\x8D\x87\x62\x78\x83"
"\xE2\xBE\x41\x20\x4C\x6D\x35\x1B"
"\xD1\x0C\x30\xCF\xE2\xDE\x2B\x03"
"\xBF\x45\x73\xD4\xE5\x59\x95\xD1"
"\xB3\x9B\x27\x62\x97\xBD\xDE\x7F"
"\xA4\xD2\x39\x80\xAA\x50\x23\xF0"
"\x74\x88\x3D\xA8\x6A\x18\x79\x3B"
"\xC4\x96\x6C\x8D\x22\x40\x92\x6E"
"\xD6\xAD\x2A\x1F\xDE\x63\xC0\xE7"
"\x07\xF7\x2D\xF7\xB5\xF3\xF0\xCC"
"\x01\x7C\x2A\x9B\xC2\x10\xCA\xAA"
"\xFD\x2B\x3F\xC5\xF3\xF6\xFC\x9B"
"\x45\xDB\x53\xE4\x5B\xF3\xC9\x7B"
"\x8E\x52\xFF\xC8\x02\xB8\xAC\x9D"
"\xA1\x00\x39\xDA\x3D\x2D\x0E\x01"
"\x09\x7D\x8D\x5E\xBE\x53\xB9\xB0"
"\x8E\xE7\xE2\x96\x6A\xB2\x78\xEA"
"\xDE\x23\x8B\xA5\xFA\x5C\xE3\xDA"
"\xBF\x8E\x31\x6A\x55\xD1\x6A\xB2"
"\xB5\x46\x6F\xA5\xF0\xEE\xBA\x1F"
"\x9F\x98\xB0\x66\x4F\xD0\x3F\xA9"
"\xDF\x5F\x58\xC4\xF4\xFF\x75\x5C"
"\x40\x3A\x09\x7E\x6E\x1C\x97\xD4"
"\xCC\xE7\xE7\x71\xCF\x0B\x15\x08"
"\x71\xFA\x07\x97\xCD\xE6\xCA\x1D"
"\x14\x28\x0C\xCF\x99\x13\x7A\xF1"
"\xEB\xFA\xFA\x92\x07\xDE\x1D\xA1"
"\xD3\x36\x69\xFE\x51\x4D\x9F\x2E"
"\x83\x37\x4F\x1F\x48\x30\xED\x04"
"\x4D\xA4\xEF\x3A\xCA\x76\xF4\x1C"
"\x41\x8F\x63\x37\x78\x2F\x86\xA6"
"\xEF\x41\x7E\xD2\xAF\x88\xAB\x67"
"\x52\x71\xC3\x8E\xF8\x26\x93\x72"
"\xAA\xD6\x0E\xE7\x0B\x46\xB1\x3A"
"\xB4\x08\xA9\xA8\xA0\xCF\x20\x0C"
"\x52\xBC\x8B\x05\x56\xB2\xBC\x31"
"\x9B\x74\xB9\x29\x29\x96\x9A\x50"
"\xDC\x45\xDC\x1A\xEB\x0C\x64\xD4"
"\xD3\x05\x7E\x59\x55\xC3\xF4\x90"
"\xC2\xAB\xF8\x9B\x8A\xDA\xCE\xA1"
"\xC3\xF4\xAD\x77\xDD\x44\xC8\xAC"
"\xA3\xF1\xC9\xD2\x19\x5C\xB0\xCA"
"\xA2\x34\xC1\xF7\x6C\xFD\xAC\x65"
"\x32\xDC\x48\xC4\xF2\x00\x6B\x77"
"\xF1\x7D\x76\xAC\xC0\x31\x63\x2A"
"\xA5\x3A\x62\xC8\x91\xB1\x03\x65"
"\xCB\x43\xD1\x06\xDF\xC3\x67\xBC"
"\xDC\xE0\xCD\x35\xCE\x49\x65\xA0"
"\x52\x7B\xA7\x0D\x07\xA9\x1B\xB0"
"\x40\x77\x72\xC2\xEA\x0E\x3A\x78"
"\x46\xB9\x91\xB6\xE7\x3D\x51\x42"
"\xFD\x51\xB0\xC6\x2C\x63\x13\x78"
"\x5C\xEE\xFC\xCF\xC4\x70\x00\x34",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
}, { /* Generated with Crypto++ */
.key = "\x9C\xD6\xF3\x9C\xB9\x5A\x67\x00"
"\x5A\x67\x00\x2D\xCE\xEB\x2D\xCE"
"\xEB\xB4\x51\x72\xB4\x51\x72\x1F",
.klen = 24,
.iv = "\xB2\xD7\x48\xED\x06\x44\xF9\x12"
"\xB7\x28\x4D\x83\x24\x59\xF2\x17",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x05\xEC\x77\xFB\x42\xD5\x59\x20"
"\x8B\x12\x86\x69\xF0\x5B\xCF\x56"
"\x39\xAD\x34\x9F\x66\xEA\x7D\xC4"
"\x48\xD3\xBA\x0D\xB1\x18\xE3\x4A"
"\xFE\x41\x28\x5C\x27\x8E\x11\x85"
"\x6C\xF7\x5E\xC2\x55\x3C\xA0\x0B"
"\x92\x65\xE9\x70\xDB\x4F\xD6\xB9"
"\x00\xB4\x1F\xE6\x49\xFD\x44\x2F"
"\x53\x3A\x8D\x14\x98\x63\xCA\x5D"
"\xC1\xA8\x33\xA7\x0E\x91\x78\xEC"
"\x77\xDE\x42\xD5\xBC\x07\x8B\x12"
"\xE5\x4C\xF0\x5B\x22\x56\x39\x80"
"\x6B\x9F\x66\xC9\x50\xC4\xAF\x36"
"\xBA\x0D\x94\x7F\xE3\x4A\xDD\x41"
"\x28\xB3\x1A\x8E\x11\xF8\x43\xF7"
"\x5E\x21\x55\x3C\x87\x6E\x92\x65"
"\xCC\x57\xDB\xA2\x35\xB9\x00\xEB"
"\x72\xE6\x49\xD0\x44\x2F\xB6\x19"
"\x8D\x14\xFF\x46\xCA\x5D\x24\xA8"
"\x33\x9A\x6D\x91\x78\xC3\x77\xDE"
"\xA1\x08\xBC\x07\xEE\x71\xE5\x4C"
"\xD7\x5B\x22\xB5\x1C\x80\x6B\xF2"
"\x45\xC9\x50\x3B\xAF\x36\x99\x60"
"\x94\x7F\xC6\x4A\xDD\xA4\x0F\xB3"
"\x1A\xED\x74\xF8\x43\x2A\x5E\x21"
"\x88\x13\x87\x6E\xF1\x58\xCC\x57"
"\x3E\xA2\x35\x9C\x67\xEB\x72\xC5"
"\x49\xD0\xBB\x02\xB6\x19\xE0\x4B"
"\xFF\x46\x29\x5D\x24\x8F\x16\x9A"
"\x6D\xF4\x5F\xC3\xAA\x3D\xA1\x08"
"\x93\x7A\xEE\x71\xD8\x4C\xD7\xBE"
"\x01\xB5\x1C\xE7\x4E\xF2\x45\x2C"
"\x50\x3B\x82\x15\x99\x60\xCB\x52"
"\xC6\xA9\x30\xA4\x0F\x96\x79\xED"
"\x74\xDF\x43\x2A\xBD\x04\x88\x13"
"\xFA\x4D\xF1\x58\x23\x57\x3E\x81"
"\x68\x9C\x67\xCE\x51\xC5\xAC\x37"
"\xBB\x02\x95\x7C\xE0\x4B\xD2\x46"
"\x29\xB0\x1B\x8F\x16\xF9\x40\xF4"
"\x5F\x26\xAA\x3D\x84\x6F\x93\x7A"
"\xCD\x54\xD8\xA3\x0A\xBE\x01\xE8"
"\x73\xE7\x4E\xD1\x45\x2C\xB7\x1E"
"\x82\x15\xFC\x47\xCB\x52\x25\xA9"
"\x30\x9B\x62\x96\x79\xC0\x74\xDF"
"\xA6\x09\xBD\x04\xEF\x76\xFA\x4D"
"\xD4\x58\x23\x8A\x1D\x81\x68\xF3"
"\x5A\xCE\x51\x38\xAC\x37\x9E\x61"
"\x95\x7C\xC7\x4B\xD2\xA5\x0C\xB0"
"\x1B\xE2\x75\xF9\x40\x2B\x5F\x26"
"\x89\x10\x84\x6F\xF6\x59\xCD\x54"
"\x3F\xA3\x0A\x9D\x64\xE8\x73\xDA"
"\x4E\xD1\xB8\x03\xB7\x1E\xE1\x48"
"\xFC\x47\x2E\x52\x25\x8C\x17\x9B"
"\x62\xF5\x5C\xC0\xAB\x32\xA6\x09"
"\x90\x7B\xEF\x76\xD9\x4D\xD4\xBF"
"\x06\x8A\x1D\xE4\x4F\xF3\x5A\x2D"
"\x51\x38\x83\x6A\x9E\x61\xC8\x53"
"\xC7\xAE\x31\xA5\x0C\x97\x7E\xE2"
"\x75\xDC\x40\x2B\xB2\x05\x89\x10"
"\xFB\x42\xF6\x59\x20\x54\x3F\x86"
"\x69\x9D\x64\xCF\x56\xDA\xAD\x34"
"\xB8\x03\xEA\x7D\xE1\x48\xD3\x47"
"\x2E\xB1\x18",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x23\xFF\x5C\x99\x75\xBB\x1F\xD4"
"\xBC\x27\x9D\x36\x60\xA9\xC9\xF7"
"\x94\x9D\x1B\xFF\x8E\x95\x57\x89"
"\x8C\x2E\x33\x70\x43\x61\xE6\xD2"
"\x82\x33\x63\xB6\xC4\x34\x5E\xF8"
"\x96\x07\xA7\xD2\x3B\x8E\xC9\xAA"
"\x7C\xA0\x55\x89\x2E\xE1\x85\x25"
"\x14\x04\xDA\x6B\xE0\xEE\x56\xCF"
"\x08\x2E\x69\xD4\x54\xDE\x22\x84"
"\x69\xA6\xA7\xD3\x3A\x9A\xE8\x05"
"\x63\xDB\xBF\x46\x3A\x26\x2E\x0F"
"\x58\x5C\x46\xEA\x07\x40\xDA\xE1"
"\x14\x1D\xCD\x4F\x06\xC0\xCA\x54"
"\x1E\xC9\x45\x85\x67\x7C\xC2\xB5"
"\x97\x5D\x61\x78\x2E\x46\xEC\x6A"
"\x53\xF4\xD0\xAE\xFA\xB4\x86\x29"
"\x9F\x17\x33\x24\xD8\xB9\xB2\x05"
"\x93\x88\xEA\xF7\xA0\x70\x69\x49"
"\x88\x6B\x73\x40\x41\x8D\xD9\xD9"
"\x7E\x78\xE9\xBE\x6C\x14\x22\x7A"
"\x66\xE1\xDA\xED\x10\xFF\x69\x1D"
"\xB9\xAA\xF2\x56\x72\x1B\x23\xE2"
"\x45\x54\x8B\xA3\x70\x23\xB4\x5E"
"\x8E\x96\xC9\x05\x00\xB3\xB6\xC2"
"\x2A\x02\x43\x7A\x62\xD5\xC8\xD2"
"\xC2\xD0\xE4\x78\xA1\x7B\x3E\xE8"
"\x9F\x7F\x7D\x40\x54\x30\x3B\xC0"
"\xA5\x54\xFD\xCA\x25\xEC\x44\x3E"
"\x1A\x54\x7F\x88\xD0\xE1\xFE\x71"
"\xCE\x05\x49\x89\xBA\xD6\x72\xE7"
"\xD6\x5D\x3F\xA2\xD9\xAB\xC5\x02"
"\xD6\x43\x22\xAF\xA2\xE4\x80\x85"
"\xD7\x87\xB9\xEA\x43\xDB\xC8\xEF"
"\x5C\x82\x2E\x98\x0D\x30\x41\x6B"
"\x08\x48\x8D\xF0\xF8\x60\xD7\x9D"
"\xE9\xDE\x40\xAD\x0D\xAD\x0D\x58"
"\x2A\x98\x35\xFE\xF7\xDD\x4B\x40"
"\xDE\xB0\x05\xD9\x7B\x09\x4D\xBC"
"\x42\xC0\xF1\x15\x0B\xFA\x26\x6B"
"\xC6\x12\x13\x4F\xCB\x35\xBA\x35"
"\xDD\x7A\x36\x9C\x12\x57\x55\x83"
"\x78\x58\x09\xD0\xB0\xCF\x7C\x5C"
"\x38\xCF\xBD\x79\x5B\x13\x4D\x97"
"\xC1\x85\x6F\x97\xC9\xE8\xC2\xA4"
"\x98\xE2\xBD\x77\x6B\x53\x39\x1A"
"\x28\x10\xE7\xE0\xE7\xDE\x9D\x69"
"\x78\x6F\x8E\xD2\xD9\x5D\xD2\x15"
"\x9E\xB5\x4D\x8C\xC0\x78\x22\x2F"
"\x17\x11\x2E\x99\xD7\xE3\xA4\x4F"
"\x65\xA5\x6B\x03\x2C\x35\x6F\xDA"
"\x8A\x19\x08\xE1\x08\x48\x59\x51"
"\x53\x4B\xD1\xDF\xDA\x14\x50\x5F"
"\xDF\xB5\x8C\xDF\xC6\xFD\x85\xFA"
"\xD4\xF9\x64\x45\x65\x0D\x7D\xF4"
"\xC8\xCD\x3F\x32\xAF\xDD\x30\xED"
"\x7B\xAA\xAC\xF0\xDA\x7F\xDF\x75"
"\x1C\xA4\xF1\xCB\x5E\x4F\x0B\xB4"
"\x97\x73\x28\xDE\xCF\xAF\x82\xBD"
"\xC4\xBA\xB4\x9C\x0D\x16\x77\x42"
"\x42\x39\x7C\x53\xA4\xD4\xDD\x40"
"\x5C\x60\x1F\x6E\xA7\xE2\xDC\xE7"
"\x32\x0F\x05\x2F\xF2\x4C\x95\x3B"
"\xF2\x79\xD9",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 499,
.also_non_np = 1,
.np = 2,
.tap = { 499 - 16, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* Blowfish test vectors.
*/
static const struct cipher_testvec bf_tv_template[] = {
{ /* DES test vectors from OpenSSL */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 8,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\x4e\xf9\x97\x45\x61\x98\xdd\x78",
.len = 8,
}, {
.key = "\x1f\x1f\x1f\x1f\x0e\x0e\x0e\x0e",
.klen = 8,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.ctext = "\xa7\x90\x79\x51\x08\xea\x3c\xae",
.len = 8,
}, {
.key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
.klen = 8,
.ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ctext = "\xe8\x7a\x24\x4e\x2c\xc8\x5e\x82",
.len = 8,
}, { /* Vary the keylength... */
.key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87"
"\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f",
.klen = 16,
.ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ctext = "\x93\x14\x28\x87\xee\x3b\xe1\x5c",
.len = 8,
}, {
.key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87"
"\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f"
"\x00\x11\x22\x33\x44",
.klen = 21,
.ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ctext = "\xe6\xf5\x1e\xd7\x9b\x9d\xb2\x1f",
.len = 8,
}, { /* Generated with bf488 */
.key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87"
"\x78\x69\x5a\x4b\x3c\x2d\x1e\x0f"
"\x00\x11\x22\x33\x44\x55\x66\x77"
"\x04\x68\x91\x04\xc2\xfd\x3b\x2f"
"\x58\x40\x23\x64\x1a\xba\x61\x76"
"\x1f\x1f\x1f\x1f\x0e\x0e\x0e\x0e"
"\xff\xff\xff\xff\xff\xff\xff\xff",
.klen = 56,
.ptext = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ctext = "\xc0\x45\x04\x01\x2e\x4e\x1f\x53",
.len = 8,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x96\x87\x3D\x0C\x7B\xFB\xBD\x1F"
"\xE3\xC1\x99\x6D\x39\xD4\xC2\x7D"
"\xD7\x87\xA1\xF2\xDF\x51\x71\x26"
"\xC2\xF4\x6D\xFF\xF6\xCD\x6B\x40"
"\xE1\xB3\xBF\xD4\x38\x2B\xC8\x3B"
"\xD3\xB2\xD4\x61\xC7\x9F\x06\xE9"
"\xCD\xF3\x88\x39\x39\x7A\xDF\x19"
"\xE8\x03\x2A\x0B\x9E\xA0\x2B\x86"
"\x31\xF8\x9D\xB1\xEE\x78\x9D\xB5"
"\xCD\x8B\x7C\x2E\xF5\xA2\x2D\x5D"
"\x6E\x66\xAF\x38\x6C\xD3\x13\xED"
"\x14\xEA\x5D\xD0\x17\x77\x0F\x4A"
"\x50\xF2\xD0\x0F\xC8\xF7\x1E\x7B"
"\x9D\x5B\x54\x65\x4F\x16\x8A\x97"
"\xF3\xF6\xD4\xAA\x87\x36\x77\x72"
"\x99\x4A\xB5\x5E\x88\xC3\xCD\x7D"
"\x1D\x97\xF9\x11\xBD\xE0\x1F\x1F"
"\x96\x3E\x4B\x22\xF4\xC0\xE6\xB8"
"\x47\x82\x98\x23\x33\x36\xBC\x1B"
"\x36\xE7\xF6\xCF\x97\x37\x16\xC0"
"\x87\x31\x8B\xB0\xDB\x19\x42\xA5"
"\x1F\x90\x7E\x66\x34\xDD\x5E\xE9"
"\x4F\xB2\x2B\x9A\xDE\xB3\x5D\x71"
"\x4D\x68\xF0\xDC\xA6\xEA\xE3\x9B"
"\x60\x00\x55\x57\x06\x8B\xD5\xB3"
"\x86\x30\x78\xDA\x33\x9A\x9D\xCC"
"\xBA\x0B\x81\x06\x77\x43\xC7\xC9"
"\xDB\x37\x60\x11\x45\x59\x6D\x2D"
"\x90\x3D\x65\x3E\xD0\x13\xC6\x3C"
"\x0E\x78\x7D\x9A\x00\xD6\x2F\x0B"
"\x3B\x53\x19\x1E\xA8\x9B\x11\xD9"
"\x98\xE4\x7F\xC3\x6E\x51\x24\x70"
"\x9F\x04\x9C\xC2\x9E\x44\x84\xE3"
"\xE0\x8A\x44\xA2\x5C\x94\x74\x34"
"\x37\x52\x7C\x03\xE8\x8E\x97\xE1"
"\x5B\x5C\x0E\xB0\x70\xFE\x54\x3F"
"\xD8\x65\xA9\xC5\xCD\xEC\xF4\x45"
"\x55\xC5\xA7\xA3\x19\x80\x28\x51"
"\xBE\x64\x4A\xC1\xD4\xE1\xBE\xEB"
"\x73\x4C\xB6\xF9\x5F\x6D\x82\xBC"
"\x3E\x42\x14\x49\x88\x51\xBF\x68"
"\x45\x75\x27\x1B\x0A\x72\xED\xAF"
"\xDA\xC4\x4D\x67\x0D\xEE\x75\xE3"
"\x34\xDD\x91\x19\x42\x3A\xCB\xDA"
"\x38\xFA\x3C\x93\x62\xF2\xE3\x81"
"\xB3\xE4\xBB\xF6\x0D\x0B\x1D\x09"
"\x9C\x52\x0D\x50\x63\xA4\xB2\xD2"
"\x82\xA0\x23\x3F\x1F\xB6\xED\x6E"
"\xC2\x9C\x1C\xD0\x9A\x40\xB6\xFC"
"\x36\x56\x6E\x85\x73\xD7\x52\xBA"
"\x35\x5E\x32\x89\x5D\x42\xF5\x36"
"\x52\x8D\x46\x7D\xC8\x71\xAD\x33"
"\xE1\xAF\x6A\xA8\xEC\xBA\x1C\xDC"
"\xFE\x88\xE6\x16\xE4\xC8\x13\x00"
"\x3C\xDA\x59\x32\x38\x19\xD5\xEB"
"\xB6\x7F\x78\x45\x1B\x8E\x07\x8C"
"\x66\x52\x75\xFF\xAF\xCE\x2D\x2B"
"\x22\x29\xCA\xB3\x5F\x7F\xE3\x29"
"\xB2\xB8\x9D\xEB\x16\xC8\xC5\x1D"
"\xC9\x0D\x59\x82\x27\x57\x9D\x42"
"\x54\x59\x09\xA5\x3D\xC5\x84\x68"
"\x56\xEB\x36\x77\x3D\xAA\xB8\xF5"
"\xC9\x1A\xFB\x5D\xDE\xBB\x43\xF4",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 504,
.also_non_np = 1,
.np = 3,
.tap = { 504 - 10, 2, 8 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec bf_cbc_tv_template[] = {
{ /* From OpenSSL */
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
.klen = 16,
.iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x37\x36\x35\x34\x33\x32\x31\x20"
"\x4e\x6f\x77\x20\x69\x73\x20\x74"
"\x68\x65\x20\x74\x69\x6d\x65\x20"
"\x66\x6f\x72\x20\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x6b\x77\xb4\xd6\x30\x06\xde\xe6"
"\x05\xb1\x56\xe2\x74\x03\x97\x93"
"\x58\xde\xb9\xe7\x15\x46\x16\xd9"
"\x59\xf1\x65\x2b\xd5\xff\x92\xcc",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 32,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xB4\xFE\xA5\xBB\x3D\x2C\x27\x06"
"\x06\x2B\x3A\x92\xB2\xF5\x5E\x62"
"\x84\xCD\xF7\x66\x7E\x41\x6C\x8E"
"\x1B\xD9\x02\xB6\x48\xB0\x87\x25"
"\x01\x9C\x93\x63\x51\x60\x82\xD2"
"\x4D\xE5\xC2\xB7\xAE\x60\xD8\xAD"
"\x9F\xAB\x6C\xFA\x20\x05\xDA\x6F"
"\x1F\xD1\xD8\x36\x0F\xB5\x16\x69"
"\x3C\xAF\xB3\x30\x18\x33\xE6\xB5"
"\x43\x29\x9D\x94\xF4\x2F\x0A\x65"
"\x40\xB2\xB2\xB2\x42\x89\xEE\x8A"
"\x60\xD3\x52\xA8\xED\x91\xDF\xE1"
"\x91\x73\x7C\x28\xA1\x14\xC3\x4C"
"\x82\x72\x4B\x7D\x7D\x32\xD5\x19"
"\xE8\xB8\x6B\x30\x21\x09\x0E\x27"
"\x10\x9D\x2D\x3A\x6A\x4B\x7B\xE6"
"\x8D\x4E\x02\x32\xFF\x7F\x8E\x13"
"\xB0\x96\xF4\xC2\xA1\x60\x8A\x69"
"\xEF\x0F\x86\xD0\x25\x13\x1A\x7C"
"\x6E\xF0\x41\xA3\xFB\xB3\xAB\x40"
"\x7D\x19\xA0\x11\x4F\x3E\x1D\x43"
"\x65\xFE\x15\x40\xD0\x62\x41\x02"
"\xEA\x0C\x7A\xC3\x84\xEE\xB0\xBE"
"\xBE\xC8\x57\x51\xCD\x4F\xAD\x5C"
"\xCC\x79\xBA\x0D\x85\x3A\xED\x6B"
"\xAC\x6B\xA3\x4D\xBC\xE8\x02\x6A"
"\xC2\x6D\xBD\x5E\x89\x95\x86\x43"
"\x2C\x17\x4B\xC6\x40\xA2\xBD\x24"
"\x04\xF0\x86\x08\x78\x18\x42\xE0"
"\x39\x1B\x22\x9E\x89\x4C\x04\x6B"
"\x65\xC5\xB6\x0E\xF6\x63\xFC\xD7"
"\xAE\x9E\x87\x13\xCC\xD3\x1A\xEC"
"\xF0\x51\xCC\x93\x68\xFC\xE9\x19"
"\x7C\x4E\x9B\xCC\x17\xAD\xD2\xFC"
"\x97\x18\x92\xFF\x15\x11\xCE\xED"
"\x04\x41\x05\xA3\x92\xFF\x3B\xE6"
"\xB6\x8C\x90\xC6\xCD\x15\xA0\x04"
"\x25\x8B\x5D\x5B\x5F\xDB\xAE\x68"
"\xEF\xB3\x61\x18\xDB\x83\x9B\x39"
"\xCA\x82\xD1\x88\xF0\xA2\x5C\x02"
"\x87\xBD\x8D\x8F\xBB\x62\xF0\x35"
"\x75\x6F\x06\x81\x0A\x97\x4D\xF0"
"\x43\x12\x73\x77\xDB\x91\x83\x5B"
"\xE7\x3A\xA6\x07\x7B\xBF\x2C\x50"
"\x94\xDE\x7B\x65\xDA\x1C\xF1\x9F"
"\x7E\x12\x40\xB2\x3E\x19\x23\xF1"
"\x7C\x1B\x5F\xA8\xF3\xAC\x63\x87"
"\xEB\x3E\x0C\xBE\xA3\x63\x97\x88"
"\x8D\x27\xC6\x2A\xF8\xF2\x67\x9A"
"\x0D\x14\x16\x2B\x6F\xCB\xD4\x76"
"\x14\x48\x2E\xDE\x2A\x44\x5E\x45"
"\xF1\x97\x82\xEF\xB7\xAE\xED\x3A"
"\xED\x73\xD3\x79\xF7\x38\x1D\xD0"
"\xC5\xF8\x69\x83\x28\x84\x87\x56"
"\x3F\xAE\x81\x04\x79\x1F\xD1\x09"
"\xC5\xE5\x05\x0D\x64\x16\xCE\x42"
"\xC5\xF8\xDB\x57\x89\x33\x22\xFC"
"\xB4\xD7\x94\xB9\xF3\xCC\x02\x90"
"\x02\xBA\x55\x1E\x24\x3E\x02\x1D"
"\xC6\xCD\x8F\xD9\xBD\xED\xB0\x51"
"\xCD\xE9\xD5\x0C\xFE\x12\x39\xA9"
"\x93\x9B\xEE\xB5\x97\x41\xD2\xA0"
"\xB4\x98\xD8\x6B\x74\xE7\x65\xF4",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 504,
.also_non_np = 1,
.np = 3,
.tap = { 504 - 10, 2, 8 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec bf_ctr_tv_template[] = {
{ /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D"
"\x9E\xDF\x38\x18\x83\x07\xEF\xC1"
"\x93\x3C\xAA\xAA\xFE\x06\x42\xCC"
"\x0D\x70\x86\x5A\x44\xAD\x85\x17"
"\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC"
"\x3D\xA7\xE9\x0A\x5C\x70\x4D\xDE"
"\x99\x38\x07\xCA\x1D\x21\xC1\x11"
"\x97\xEB\x98\x75\xC4\x73\x45\x83"
"\x46\x1C\x9C\x91\x87\xC1\xA0\x56"
"\x98\xA1\x8B\xDB\x22\x76\xBD\x62"
"\xA4\xBC\xE8\x86\xDA\xD2\x51\x13"
"\x13\xD2\x96\x68\x69\x10\x67\x0C"
"\xD0\x17\x25\x7C\xB2\xAE\x4F\x93"
"\xA6\x82\x20\xCF\x0F\xA6\x47\x79"
"\x88\x09\x40\x59\xBD\x12\x64\xB5"
"\x19\x38\x0D\xFF\x86\xD9\x42\x20"
"\x81\x0D\x96\x99\xAF\x22\x1F\x94"
"\x5C\x6E\xEC\xEA\xA3\x39\xCB\x09"
"\x43\x19\x7F\xD0\xBB\x10\xC2\x49"
"\xF7\xE9\xF2\xEE\xBF\xF7\xF8\xB3"
"\x0E\x1A\xF1\x8D\x70\x82\x0C\x04"
"\xFD\x29\x1A\xAC\xC0\x92\x48\x34"
"\x6A\xE3\x1D\x4F\xFC\x1C\x72\x6A"
"\x57\xCB\xAD\xD0\x98\xAB\xB1\x01"
"\x03\x6A\x45\xDD\x07\x71\x5F\x5B"
"\xB5\x4A\xE4\xE5\xB9\xB9\xBC\xAC"
"\x44\xF7\x41\xA4\x5F\x2E\xE9\x28"
"\xE3\x05\xD2\x94\x78\x4C\x33\x1B"
"\xBD\xC1\x6E\x51\xD9\xAD\xD9\x86"
"\x15\x4A\x78\xAE\x7B\xAD\x3B\xBC"
"\x2F\xE0\x0E\xC5\x7B\x54\x97\x5F"
"\x60\x51\x14\x65\xF9\x91\xE9\xDA"
"\x9A\xBC\xFC\x19\x29\x67\xAA\x63"
"\x5E\xF2\x48\x88\xEB\x79\xE1\xE4"
"\xF7\xF6\x4C\xA9\xE2\x8C\x3B\xE0"
"\xED\x52\xAE\x90\x8F\x5B\x98\x34"
"\x29\x94\x34\x7F\xF9\x6C\x1E\xB6"
"\xA4\xE7\x2D\x06\x54\x9D\xC3\x02"
"\xC1\x90\xA4\x72\x31\x6B\x24\x51"
"\x0B\xB3\x7C\x63\x15\xBA\xAF\x5D"
"\x41\xE0\x37\x6D\xBE\x41\x58\xDE"
"\xF2\x07\x62\x99\xBE\xC1\x8C\x0F"
"\x0F\x28\xFB\x8F\x0E\x1D\x91\xE2"
"\xDA\x99\x5C\x49\xBA\x9C\xA8\x86"
"\x82\x63\x11\xB3\x54\x49\x00\x08"
"\x07\xF2\xE8\x1F\x34\x49\x61\xF4"
"\x81\xE9\xF6\xA9\x5A\x28\x60\x1F"
"\x66\x99\x08\x06\xF2\xE8\x2D\xD1"
"\xD0\x67\xBA\x32\x1F\x02\x86\x7B"
"\xFB\x79\x3D\xC5\xB1\x7F\x15\xAF"
"\xD7\xBF\x31\x46\x22\x7F\xAE\x5B"
"\x8B\x95\x47\xC2\xB1\x62\xA1\xCE"
"\x52\xAC\x9C\x8B\xC2\x49\x7F\xBC"
"\x9C\x89\xB8\xB6\xCA\xE3\x8F\xEA"
"\xAC\xB4\x5D\xE4\x50\xDC\x3A\xB5"
"\x91\x04\x94\x99\x03\x3B\x42\x6D"
"\x9C\x4A\x02\xF5\xB5\x38\x98\xA8"
"\x5C\x97\x2E\x4D\x79\x67\x71\xAF"
"\xF0\x70\x77\xFF\x2D\xDA\xA0\x9E"
"\x23\x8D\xD6\xA6\x68\x10\x78\x9A"
"\x64\xBB\x15\xB8\x56\xCF\xEE\xE5"
"\x32\x44\x96\x1C\xD8\xEB\x95\xD2"
"\xF3\x71\xEF\xEB\x4E\xBB\x4D\x29",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 504,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xC7\xA3\xDF\xB9\x05\xF4\x9E\x8D"
"\x9E\xDF\x38\x18\x83\x07\xEF\xC1"
"\x93\x3C\xAA\xAA\xFE\x06\x42\xCC"
"\x0D\x70\x86\x5A\x44\xAD\x85\x17"
"\xE4\x1F\x5E\xA5\x89\xAC\x32\xBC"
"\x3D\xA7\xE9\x0A\x5C\x70\x4D\xDE"
"\x99\x38\x07\xCA\x1D\x21\xC1\x11"
"\x97\xEB\x98\x75\xC4\x73\x45\x83"
"\x46\x1C\x9C\x91\x87\xC1\xA0\x56"
"\x98\xA1\x8B\xDB\x22\x76\xBD\x62"
"\xA4\xBC\xE8\x86\xDA\xD2\x51\x13"
"\x13\xD2\x96\x68\x69\x10\x67\x0C"
"\xD0\x17\x25\x7C\xB2\xAE\x4F\x93"
"\xA6\x82\x20\xCF\x0F\xA6\x47\x79"
"\x88\x09\x40\x59\xBD\x12\x64\xB5"
"\x19\x38\x0D\xFF\x86\xD9\x42\x20"
"\x81\x0D\x96\x99\xAF\x22\x1F\x94"
"\x5C\x6E\xEC\xEA\xA3\x39\xCB\x09"
"\x43\x19\x7F\xD0\xBB\x10\xC2\x49"
"\xF7\xE9\xF2\xEE\xBF\xF7\xF8\xB3"
"\x0E\x1A\xF1\x8D\x70\x82\x0C\x04"
"\xFD\x29\x1A\xAC\xC0\x92\x48\x34"
"\x6A\xE3\x1D\x4F\xFC\x1C\x72\x6A"
"\x57\xCB\xAD\xD0\x98\xAB\xB1\x01"
"\x03\x6A\x45\xDD\x07\x71\x5F\x5B"
"\xB5\x4A\xE4\xE5\xB9\xB9\xBC\xAC"
"\x44\xF7\x41\xA4\x5F\x2E\xE9\x28"
"\xE3\x05\xD2\x94\x78\x4C\x33\x1B"
"\xBD\xC1\x6E\x51\xD9\xAD\xD9\x86"
"\x15\x4A\x78\xAE\x7B\xAD\x3B\xBC"
"\x2F\xE0\x0E\xC5\x7B\x54\x97\x5F"
"\x60\x51\x14\x65\xF9\x91\xE9\xDA"
"\x9A\xBC\xFC\x19\x29\x67\xAA\x63"
"\x5E\xF2\x48\x88\xEB\x79\xE1\xE4"
"\xF7\xF6\x4C\xA9\xE2\x8C\x3B\xE0"
"\xED\x52\xAE\x90\x8F\x5B\x98\x34"
"\x29\x94\x34\x7F\xF9\x6C\x1E\xB6"
"\xA4\xE7\x2D\x06\x54\x9D\xC3\x02"
"\xC1\x90\xA4\x72\x31\x6B\x24\x51"
"\x0B\xB3\x7C\x63\x15\xBA\xAF\x5D"
"\x41\xE0\x37\x6D\xBE\x41\x58\xDE"
"\xF2\x07\x62\x99\xBE\xC1\x8C\x0F"
"\x0F\x28\xFB\x8F\x0E\x1D\x91\xE2"
"\xDA\x99\x5C\x49\xBA\x9C\xA8\x86"
"\x82\x63\x11\xB3\x54\x49\x00\x08"
"\x07\xF2\xE8\x1F\x34\x49\x61\xF4"
"\x81\xE9\xF6\xA9\x5A\x28\x60\x1F"
"\x66\x99\x08\x06\xF2\xE8\x2D\xD1"
"\xD0\x67\xBA\x32\x1F\x02\x86\x7B"
"\xFB\x79\x3D\xC5\xB1\x7F\x15\xAF"
"\xD7\xBF\x31\x46\x22\x7F\xAE\x5B"
"\x8B\x95\x47\xC2\xB1\x62\xA1\xCE"
"\x52\xAC\x9C\x8B\xC2\x49\x7F\xBC"
"\x9C\x89\xB8\xB6\xCA\xE3\x8F\xEA"
"\xAC\xB4\x5D\xE4\x50\xDC\x3A\xB5"
"\x91\x04\x94\x99\x03\x3B\x42\x6D"
"\x9C\x4A\x02\xF5\xB5\x38\x98\xA8"
"\x5C\x97\x2E\x4D\x79\x67\x71\xAF"
"\xF0\x70\x77\xFF\x2D\xDA\xA0\x9E"
"\x23\x8D\xD6\xA6\x68\x10\x78\x9A"
"\x64\xBB\x15\xB8\x56\xCF\xEE\xE5"
"\x32\x44\x96\x1C\xD8\xEB\x95\xD2"
"\xF3\x71\xEF\xEB\x4E\xBB\x4D",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 503,
.also_non_np = 1,
.np = 2,
.tap = { 503 - 8, 8 },
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x5F\x58\x6E\x60\x51\x6E\xDC\x3D"
"\xD1\xBB\xF7\xB7\xFD\x04\x44\x82"
"\xDC\x9F\x4B\x02\xF1\xD2\x5A\x6F"
"\x25\xF9\x27\x21\xF2\xD2\x9A\x01"
"\xBD\xAD\x3D\x93\x87\xCA\x0D\xFE"
"\xB7\x2C\x17\x1F\x42\x8C\x13\xB2"
"\x62\x44\x72\xB9\x5D\xC0\xF8\x37"
"\xDF\xEA\x78\x81\x8F\xA6\x34\xB2"
"\x07\x09\x7C\xB9\x3A\xA0\x2B\x18"
"\x34\x6A\x9D\x3D\xA5\xEB\xF4\x60"
"\xF8\x98\xA2\x39\x81\x23\x6C\xA9"
"\x70\xCA\xCC\x45\xD8\x1F\xDF\x44"
"\x2A\x67\x7A\x88\x28\xDC\x36\x83"
"\x18\xD7\x48\x43\x17\x2B\x1B\xE6"
"\x0B\x82\x59\x14\x26\x67\x08\x09"
"\x5B\x5D\x38\xD0\x81\xCE\x54\x2A"
"\xCD\x22\x94\x42\xF5\xBA\x74\x7E"
"\xD9\x00\x40\xA9\x0D\x0B\xBD\x8E"
"\xC4\x8E\x5E\x17\x8F\x48\xE2\xB8"
"\xF4\xCC\x19\x76\xAB\x48\x29\xAA"
"\x81\xD5\xCE\xD5\x8A\x3B\xC9\x21"
"\xEF\x50\x4F\x04\x02\xBF\xE1\x1F"
"\x59\x28\x1A\xE4\x18\x16\xA0\x29"
"\xBF\x34\xA9\x2D\x28\x83\xC0\x5E"
"\xEA\x44\xC4\x6E\xAB\x24\x79\x9D"
"\x2D\xA1\xE8\x55\xCA\x74\xFC\xBD"
"\xFE\xDD\xDA\xA5\xFB\x34\x90\x31"
"\x0E\x62\x28\x9B\xDC\xD7\xA1\xBB"
"\xF0\x1A\xB3\xE2\xD0\xFA\xBD\xE8"
"\x5C\x5A\x10\x67\xF6\x6A\x17\x3F"
"\xC5\xE9\x09\x08\xDD\x22\x77\x42"
"\x26\x6A\x6A\x7A\x3F\x87\x80\x0C"
"\xF0\xFF\x15\x8E\x84\x86\xC0\x10"
"\x0F\x8D\x33\x06\xB8\x72\xA4\x47"
"\x6B\xED\x2E\x05\x94\x6C\x5C\x5B"
"\x13\xF6\x77\xEE\x3B\x16\xDF\xC2"
"\x63\x66\x07\x6D\x3F\x6C\x51\x7C"
"\x1C\xAC\x80\xB6\x58\x48\xB7\x9D"
"\xB4\x19\xD8\x19\x45\x66\x27\x02"
"\xA1\xA9\x99\xF3\x1F\xE5\xA7\x1D"
"\x31\xE7\x1B\x0D\xFF\xBB\xB5\xA1"
"\xF5\x9C\x45\x1E\x18\x19\xA1\xE7"
"\xC2\xF1\xBF\x68\xC3\xEC\xCF\x53"
"\x67\xA6\x2B\x7D\x3C\x6D\x24\xC3"
"\xE8\xE6\x07\x5A\x09\xE0\x32\xA8"
"\x52\xF6\xE9\xED\x0E\xC6\x0A\x6A"
"\xFC\x60\x2A\xE0\x93\xCE\xB8\x2E"
"\xA2\xA8\x0E\x79\x9E\x34\x5D\x37"
"\x6F\x12\xFE\x48\x7B\xE7\xB9\x22"
"\x29\xE8\xD7\xBE\x5D\xD1\x8B\xD9"
"\x91\x51\x4E\x71\xF2\x98\x85\x16"
"\x25\x7A\x76\x8A\x51\x0E\x65\x14"
"\x81\xB5\x3A\x37\xFD\xEC\xB5\x8A"
"\xE1\xCF\x41\x72\x14\x29\x4C\xF0"
"\x20\xD9\x9A\xC5\x66\xA4\x03\x76"
"\x5B\xA4\x15\x4F\x0E\x64\x39\x40"
"\x25\xF9\x20\x22\xF5\x88\xF5\xBA"
"\xE4\xDF\x45\x61\xBF\x8D\x7A\x24"
"\x4B\x92\x71\xD9\x2F\x77\xA7\x95"
"\xA8\x7F\x61\xD5\xA4\x57\xB0\xFB"
"\xB5\x77\xBA\x1C\xEE\x71\xFA\xB0"
"\x16\x4C\x18\x6B\xF2\x69\xA0\x07"
"\xEF\xBE\xEC\x69\xAC\xA8\x63\x9E",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 504,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* Twofish test vectors.
*/
static const struct cipher_testvec tf_tv_template[] = {
{
.key = zeroed_string,
.klen = 16,
.ptext = zeroed_string,
.ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
"\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a",
.len = 16,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10"
"\x00\x11\x22\x33\x44\x55\x66\x77",
.klen = 24,
.ptext = zeroed_string,
.ctext = "\xcf\xd1\xd2\xe5\xa9\xbe\x9c\xdf"
"\x50\x1f\x13\xb8\x92\xbd\x22\x48",
.len = 16,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10"
"\x00\x11\x22\x33\x44\x55\x66\x77"
"\x88\x99\xaa\xbb\xcc\xdd\xee\xff",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = zeroed_string,
.ctext = "\x37\x52\x7b\xe0\x05\x23\x34\xb8"
"\x9f\x0c\xfc\xca\xe8\x7c\xfa\x20",
.len = 16,
}, { /* Generated with Crypto++ */
.key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C"
"\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D"
"\x4A\x27\x04\xE1\x27\x04\xE1\xBE"
"\x9B\x78\xBE\x9B\x78\x55\x32\x0F",
.klen = 32,
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\x88\xCB\x1E\xC2\xAF\x8A\x97\xFF"
"\xF6\x90\x46\x9C\x4A\x0F\x08\xDC"
"\xDE\xAB\xAD\xFA\xFC\xA8\xC2\x3D"
"\xE0\xE4\x8B\x3F\xD5\xA3\xF7\x14"
"\x34\x9E\xB6\x08\xB2\xDD\xA8\xF5"
"\xDF\xFA\xC7\xE8\x09\x50\x76\x08"
"\xA2\xB6\x6A\x59\xC0\x2B\x6D\x05"
"\x89\xF6\x82\xF0\xD3\xDB\x06\x02"
"\xB5\x11\x5C\x5E\x79\x1A\xAC\x43"
"\x5C\xC0\x30\x4B\x6B\x16\xA1\x40"
"\x80\x27\x88\xBA\x2C\x74\x42\xE0"
"\x1B\xA5\x85\x08\xB9\xE6\x22\x7A"
"\x36\x3B\x0D\x9F\xA0\x22\x6C\x2A"
"\x91\x75\x47\xBC\x67\x21\x4E\xF9"
"\xEA\xFF\xD9\xD5\xC0\xFC\x9E\x2C"
"\x3E\xAD\xC6\x61\x0E\x93\x7A\x22"
"\x09\xC8\x8D\xC1\x8E\xB4\x8B\x5C"
"\xC6\x24\x42\xB8\x23\x66\x80\xA9"
"\x32\x0B\x7A\x29\xBF\xB3\x0B\x63"
"\x43\x27\x13\xA9\xBE\xEB\xBD\xF3"
"\x33\x62\x70\xE2\x1B\x86\x7A\xA1"
"\x51\x4A\x16\xFE\x29\x63\x7E\xD0"
"\x7A\xA4\x6E\x2C\xF8\xC1\xDB\xE8"
"\xCB\x4D\xD2\x8C\x04\x14\xB4\x66"
"\x41\xB7\x3A\x96\x16\x7C\x1D\x5B"
"\xB6\x41\x42\x64\x43\xEE\x6E\x7C"
"\x8B\xAF\x01\x9C\xA4\x6E\x75\x8F"
"\xDE\x10\x9F\xA6\xE7\xD6\x44\x97"
"\x66\xA3\x96\x0F\x1C\x25\x60\xF5"
"\x3C\x2E\x32\x69\x0E\x82\xFF\x27"
"\x0F\xB5\x06\xDA\xD8\x31\x15\x6C"
"\xDF\x18\x6C\x87\xF5\x3B\x11\x9A"
"\x1B\x42\x1F\x5B\x29\x19\x96\x13"
"\x68\x2E\x5E\x08\x1C\x8F\x32\x4B"
"\x81\x77\x6D\xF4\xA0\x01\x42\xEC"
"\xDD\x5B\xFD\x3A\x8E\x6A\x14\xFB"
"\x83\x54\xDF\x0F\x86\xB7\xEA\x40"
"\x46\x39\xF7\x2A\x89\x8D\x4E\x96"
"\x5F\x5F\x6D\x76\xC6\x13\x9D\x3D"
"\x1D\x5F\x0C\x7D\xE2\xBC\xC2\x16"
"\x16\xBE\x89\x3E\xB0\x61\xA2\x5D"
"\xAF\xD1\x40\x5F\x1A\xB8\x26\x41"
"\xC6\xBD\x36\xEF\xED\x29\x50\x6D"
"\x10\xEF\x26\xE8\xA8\x93\x11\x3F"
"\x2D\x1F\x88\x20\x77\x45\xF5\x66"
"\x08\xB9\xF1\xEF\xB1\x93\xA8\x81"
"\x65\xC5\xCD\x3E\x8C\x06\x60\x2C"
"\xB2\x10\x7A\xCA\x05\x25\x59\xDB"
"\xC7\x28\xF5\x20\x35\x52\x9E\x62"
"\xF8\x88\x24\x1C\x4D\x84\x12\x39"
"\x39\xE4\x2E\xF4\xD4\x9D\x2B\xBC"
"\x87\x66\xE6\xC0\x6B\x31\x9A\x66"
"\x03\xDC\x95\xD8\x6B\xD0\x30\x8F"
"\xDF\x8F\x8D\xFA\xEC\x1F\x08\xBD"
"\xA3\x63\xE2\x71\x4F\x03\x94\x87"
"\x50\xDF\x15\x1F\xED\x3A\xA3\x7F"
"\x1F\x2A\xB5\xA1\x69\xAC\x4B\x0D"
"\x84\x9B\x2A\xE9\x55\xDD\x46\x91"
"\x15\x33\xF3\x2B\x9B\x46\x97\x00"
"\xF0\x29\xD8\x59\x5D\x33\x37\xF9"
"\x58\x33\x9B\x78\xC7\x58\x48\x6B"
"\x2C\x75\x64\xC4\xCA\xC1\x7E\xD5",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
static const struct cipher_testvec tf_cbc_tv_template[] = {
{ /* Generated with Nettle */
.key = zeroed_string,
.klen = 16,
.iv = zeroed_string,
.ptext = zeroed_string,
.ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
"\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a",
.len = 16,
}, {
.key = zeroed_string,
.klen = 16,
.iv = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
"\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a",
.ptext = zeroed_string,
.ctext = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e"
"\x86\xcb\x08\x6b\x78\x9f\x54\x19",
.len = 16,
}, {
.key = zeroed_string,
.klen = 16,
.iv = "\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e"
"\x86\xcb\x08\x6b\x78\x9f\x54\x19",
.ptext = zeroed_string,
.ctext = "\x05\xef\x8c\x61\xa8\x11\x58\x26"
"\x34\xba\x5c\xb7\x10\x6a\xa6\x41",
.len = 16,
}, {
.key = zeroed_string,
.klen = 16,
.iv = zeroed_string,
.ptext = zeroed_string,
.ctext = "\x9f\x58\x9f\x5c\xf6\x12\x2c\x32"
"\xb6\xbf\xec\x2f\x2a\xe8\xc3\x5a"
"\xd4\x91\xdb\x16\xe7\xb1\xc3\x9e"
"\x86\xcb\x08\x6b\x78\x9f\x54\x19"
"\x05\xef\x8c\x61\xa8\x11\x58\x26"
"\x34\xba\x5c\xb7\x10\x6a\xa6\x41",
.len = 48,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\xC8\xFF\xF2\x53\xA6\x27\x09\xD1"
"\x33\x38\xC2\xC0\x0C\x14\x7E\xB5"
"\x26\x1B\x05\x0C\x05\x12\x3F\xC0"
"\xF9\x1C\x02\x28\x40\x96\x6F\xD0"
"\x3D\x32\xDF\xDA\x56\x00\x6E\xEE"
"\x5B\x2A\x72\x9D\xC2\x4D\x19\xBC"
"\x8C\x53\xFA\x87\x6F\xDD\x81\xA3"
"\xB1\xD3\x44\x65\xDF\xE7\x63\x38"
"\x4A\xFC\xDC\xEC\x3F\x26\x8E\xB8"
"\x43\xFC\xFE\x18\xB5\x11\x6D\x31"
"\x81\x8B\x0D\x75\xF6\x80\xEC\x84"
"\x04\xB9\xE6\x09\x63\xED\x39\xDB"
"\xC3\xF6\x14\xD6\x6E\x5E\x8B\xBD"
"\x3E\xFA\xD7\x98\x50\x6F\xD9\x63"
"\x02\xCD\x0D\x39\x4B\x0D\xEC\x80"
"\xE3\x6A\x17\xF4\xCC\xAD\xFF\x68"
"\x45\xDD\xC8\x83\x1D\x41\x96\x0D"
"\x91\x2E\x05\xD3\x59\x82\xE0\x43"
"\x90\x4F\xB9\xF7\xAD\x6B\x2E\xAF"
"\xA7\x84\x00\x53\xCD\x6F\xD1\x0C"
"\x4E\xF9\x5A\x23\xFB\xCA\xC7\xD3"
"\xA9\xAA\x9D\xB2\x3F\x66\xF1\xAC"
"\x25\x21\x8F\xF7\xEF\xF2\x6A\xDF"
"\xE8\xDA\x75\x1A\x8A\xF1\xDD\x38"
"\x1F\xF9\x3D\x68\x4A\xBB\x9E\x34"
"\x1F\x66\x1F\x9C\x2B\x54\xFF\x60"
"\x7F\x29\x4B\x55\x80\x8F\x4E\xA7"
"\xA6\x9A\x0A\xD9\x0D\x19\x00\xF8"
"\x1F\xBC\x0C\x40\x6B\xEC\x99\x25"
"\x94\x70\x74\x0E\x1D\xC5\xBC\x12"
"\xF3\x42\xBE\x95\xBF\xFB\x4E\x55"
"\x9A\xB9\xCE\x14\x16\x5B\xDC\xD3"
"\x75\x42\x62\x04\x31\x1F\x95\x7C"
"\x66\x1A\x97\xDC\x2F\x40\x5C\x39"
"\x78\xE6\x02\xDB\x49\xE1\xC6\x47"
"\xC2\x78\x9A\xBB\xF3\xBE\xCB\x93"
"\xD8\xB8\xE8\xBB\x8C\xB3\x9B\xA7"
"\xC2\x89\xF3\x91\x88\x83\x3D\xF0"
"\x29\xA2\xCD\xB5\x79\x16\xC2\x40"
"\x11\x03\x8E\x9C\xFD\xC9\x43\xC4"
"\xC2\x19\xF0\x4A\x32\xEF\x0C\x2B"
"\xD3\x2B\xE9\xD4\x4C\xDE\x95\xCF"
"\x04\x03\xD3\x2C\x7F\x82\xC8\xFA"
"\x0F\xD8\x7A\x39\x7B\x01\x41\x9C"
"\x78\xB6\xC9\xBF\xF9\x78\x57\x88"
"\xB1\xA5\xE1\xE0\xD9\x16\xD4\xC8"
"\xEE\xC4\xBE\x7B\x55\x59\x00\x48"
"\x1B\xBC\x14\xFA\x2A\x9D\xC9\x1C"
"\xFB\x28\x3F\x95\xDD\xB7\xD6\xCE"
"\x3A\x7F\x09\x0C\x0E\x69\x30\x7D"
"\xBC\x68\x9C\x91\x2A\x59\x57\x04"
"\xED\x1A\x1E\x00\xB1\x85\x92\x04"
"\x28\x8C\x0C\x3C\xC1\xD5\x12\xF7"
"\x4C\x3E\xB0\xE7\x86\x62\x68\x91"
"\xFC\xC4\xE2\xCE\xA6\xDC\x5E\x93"
"\x5D\x8D\x8C\x68\xB3\xB2\xB9\x64"
"\x16\xB8\xC8\x6F\xD8\xEE\x21\xBD"
"\xAC\x18\x0C\x7D\x0D\x05\xAB\xF1"
"\xFA\xDD\xE2\x48\xDF\x4C\x02\x39"
"\x69\xA1\x62\xBD\x49\x3A\x9D\x91"
"\x30\x70\x56\xA4\x37\xDD\x7C\xC0"
"\x0A\xA3\x30\x10\x26\x25\x41\x2C",
.len = 496,
.also_non_np = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
static const struct cipher_testvec tf_ctr_tv_template[] = {
{ /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE"
"\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30"
"\x26\x9B\x89\xA1\xEE\x43\xE0\x52"
"\x55\x17\x4E\xC7\x0E\x33\x1F\xF1"
"\x9F\x8D\x40\x9F\x24\xFD\x92\xA0"
"\xBC\x8F\x35\xDD\x67\x38\xD8\xAA"
"\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60"
"\x01\x41\x21\x12\x38\xAB\x52\x4F"
"\xA8\x57\x20\xE0\x21\x6A\x17\x0D"
"\x0E\xF9\x8E\x49\x42\x00\x3C\x94"
"\x14\xC0\xD0\x8D\x8A\x98\xEB\x29"
"\xEC\xAE\x96\x44\xC0\x3C\x48\xDC"
"\x29\x35\x25\x2F\xE7\x11\x6C\x68"
"\xC8\x67\x0A\x2F\xF4\x07\xBE\xF9"
"\x2C\x31\x87\x40\xAB\xB2\xB6\xFA"
"\xD2\xC9\x6D\x5C\x50\xE9\xE6\x7E"
"\xE3\x0A\xD2\xD5\x6D\x8D\x64\x9E"
"\x70\xCE\x03\x76\xDD\xE0\xF0\x8C"
"\x84\x86\x8B\x6A\xFE\xC7\xF9\x69"
"\x2E\xFE\xFC\xC2\xC4\x1A\x55\x58"
"\xB3\xBE\xE2\x7E\xED\x39\x42\x6C"
"\xB4\x42\x97\x9A\xEC\xE1\x0A\x06"
"\x02\xC5\x03\x9D\xC4\x48\x15\x66"
"\x35\x6A\xC2\xC9\xA2\x26\x30\xBB"
"\xDB\x2D\xC8\x08\x2B\xA0\x29\x1A"
"\x23\x61\x48\xEA\x80\x04\x27\xAA"
"\x69\x49\xE8\xE8\x4A\x83\x6B\x5A"
"\xCA\x7C\xD3\xB1\xB5\x0B\xCC\x23"
"\x74\x1F\xA9\x87\xCD\xED\xC0\x2D"
"\xBF\xEB\xCF\x16\x2D\x2A\x2E\x1D"
"\x96\xBA\x36\x11\x45\x41\xDA\xCE"
"\xA4\x48\x80\x8B\x06\xF4\x98\x89"
"\x8B\x23\x08\x53\xF4\xD4\x5A\x24"
"\x8B\xF8\x43\x73\xD1\xEE\xC4\xB0"
"\xF8\xFE\x09\x0C\x75\x05\x38\x0B"
"\x7C\x81\xDE\x9D\xE4\x61\x37\x63"
"\x63\xAD\x12\xD2\x04\xB9\xCE\x45"
"\x5A\x1A\x6E\xB3\x78\x2A\xA4\x74"
"\x86\xD0\xE3\xFF\xDA\x38\x9C\xB5"
"\xB8\xB1\xDB\x38\x2F\xC5\x6A\xB4"
"\xEB\x6E\x96\xE8\x43\x80\xB5\x51"
"\x61\x2D\x48\xAA\x07\x65\x11\x8C"
"\x48\xE3\x90\x7E\x78\x3A\xEC\x97"
"\x05\x3D\x84\xE7\x90\x2B\xAA\xBD"
"\x83\x29\x0E\x1A\x81\x73\x7B\xE0"
"\x7A\x01\x4A\x37\x3B\x77\x7F\x8D"
"\x49\xA4\x2F\x6E\xBE\x68\x99\x08"
"\x99\xAA\x4C\x12\x04\xAE\x1F\x77"
"\x35\x88\xF1\x65\x06\x0A\x0B\x4D"
"\x47\xF9\x50\x38\x5D\x71\xF9\x6E"
"\xDE\xEC\x61\x35\x2C\x4C\x96\x50"
"\xE8\x28\x93\x9C\x7E\x01\xC6\x04"
"\xB2\xD6\xBC\x6C\x17\xEB\xC1\x7D"
"\x11\xE9\x43\x83\x76\xAA\x53\x37"
"\x0C\x1D\x39\x89\x53\x72\x09\x7E"
"\xD9\x85\x16\x04\xA5\x2C\x05\x6F"
"\x17\x0C\x6E\x66\xAA\x84\xA7\xD9"
"\xE2\xD9\xC4\xEB\x43\x3E\xB1\x8D"
"\x7C\x36\xC7\x71\x70\x9C\x10\xD8"
"\xE8\x47\x2A\x4D\xFD\xA1\xBC\xE3"
"\xB9\x32\xE2\xC1\x82\xAC\xFE\xCC"
"\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF",
.len = 496,
}, { /* Generated with Crypto++ */
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xEB\x44\xAF\x49\x27\xB8\xFB\x44"
"\x4C\xA6\xC3\x0C\x8B\xD0\x01\x0C"
"\x53\xC8\x16\x38\xDE\x40\x4F\x91"
"\x25\x6D\x4C\xA0\x9A\x87\x1E\xDA"
"\x88\x7E\x89\xE9\x67\x2B\x83\xA2"
"\x5F\x2E\x23\x3E\x45\xB9\x77\x7B"
"\xA6\x7E\x47\x36\x81\x9F\x9B\xF3"
"\xE0\xF0\xD7\x47\xA9\xC8\xEF\x33"
"\x0C\x43\xFE\x67\x50\x0A\x2C\x3E"
"\xA0\xE1\x25\x8E\x80\x07\x4A\xC0"
"\x64\x89\x9F\x6A\x27\x96\x07\xA6"
"\x9B\xC8\x1B\x21\x60\xAE\x5D\x01"
"\xE2\xCD\xC8\xAA\x6C\x9D\x1C\x34"
"\x39\x18\x09\xA4\x82\x59\x78\xE7"
"\xFC\x59\x65\xF2\x94\xFF\xFB\xE2"
"\x3C\xDA\xB1\x90\x95\xBF\x91\xE3"
"\xE6\x87\x31\x9E\x16\x85\xAD\xB1"
"\x4C\xAE\x43\x4D\x19\x58\xB5\x5E"
"\x2E\xF5\x09\xAA\x39\xF4\xC0\xB3"
"\xD4\x4D\xDB\x73\x7A\xD4\xF1\xBF"
"\x89\x16\x4D\x2D\xA2\x26\x33\x72"
"\x18\x33\x7E\xD6\xD2\x16\xA4\x54"
"\xF4\x8C\xB3\x52\xDF\x21\x9C\xEB"
"\xBF\x49\xD3\xF9\x05\x06\xCB\xD2"
"\xA9\xD2\x3B\x6E\x19\x8C\xBC\x19"
"\xAB\x89\xD6\xD8\xCD\x56\x89\x5E"
"\xAC\x00\xE3\x50\x63\x4A\x80\x9A"
"\x05\xBC\x50\x39\xD3\x32\xD9\x0D"
"\xE3\x20\x0D\x75\x54\xEC\xE6\x31"
"\x14\xB9\x3A\x59\x00\x43\x37\x8E"
"\x8C\x5A\x79\x62\x14\x76\x8A\xAE"
"\x8F\xCC\xA1\x6C\x38\x78\xDD\x2D"
"\x8B\x6D\xEA\xBD\x7B\x25\xFF\x60"
"\xC9\x87\xB1\x79\x1E\xA5\x86\x68"
"\x81\xB4\xE2\xC1\x05\x7D\x3A\x73"
"\xD0\xDA\x75\x77\x9E\x05\x27\xF1"
"\x08\xA9\x66\x64\x6C\xBC\x82\x17"
"\x2C\x23\x5F\x62\x4D\x02\x1A\x58"
"\xE7\xB7\x23\x6D\xE2\x20\xDA\xEF"
"\xB4\xB3\x3F\xB2\x2B\x69\x98\x83"
"\x95\x87\x13\x57\x60\xD7\xB5\xB1"
"\xEE\x0A\x2F\x95\x36\x4C\x76\x5D"
"\x5F\xD9\x19\xED\xB9\xA5\x48\xBF"
"\xC8\xAB\x0F\x71\xCC\x61\x8E\x0A"
"\xD0\x29\x44\xA8\xB9\xC1\xE8\xC8"
"\xC9\xA8\x28\x81\xFB\x50\xF2\xF0"
"\x26\xAE\x39\xB8\x91\xCD\xA8\xAC"
"\xDE\x55\x1B\x50\x14\x53\x44\x17"
"\x54\x46\xFC\xB1\xE4\x07\x6B\x9A"
"\x01\x14\xF0\x2E\x2E\xDB\x46\x1B"
"\x1A\x09\x97\xA9\xB6\x97\x79\x06"
"\xFB\xCB\x85\xCF\xDD\xA1\x41\xB1"
"\x00\xAA\xF7\xE0\x89\x73\xFB\xE5"
"\xBF\x84\xDB\xC9\xCD\xC4\xA2\x0D"
"\x3B\xAC\xF9\xDF\x96\xBF\x88\x23"
"\x41\x67\xA1\x24\x99\x7E\xCC\x9B"
"\x02\x8F\x6A\x49\xF6\x25\xBA\x7A"
"\xF4\x78\xFD\x79\x62\x63\x4F\x14"
"\xD6\x11\x11\x04\x05\x5F\x7E\xEA"
"\x4C\xB6\xF8\xF4\x5F\x48\x52\x54"
"\x94\x63\xA8\x4E\xCF\xD2\x1B\x1B"
"\x22\x18\x6A\xAF\x6E\x3E\xE1\x0D",
.len = 496,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59",
.ctext = "\xDF\xDD\x69\xFA\xB0\x2E\xFD\xFE"
"\x70\x9E\xC5\x4B\xC9\xD4\xA1\x30"
"\x26\x9B\x89\xA1\xEE\x43\xE0\x52"
"\x55\x17\x4E\xC7\x0E\x33\x1F\xF1"
"\x9F\x8D\x40\x9F\x24\xFD\x92\xA0"
"\xBC\x8F\x35\xDD\x67\x38\xD8\xAA"
"\xCF\xF8\x48\xCA\xFB\xE4\x5C\x60"
"\x01\x41\x21\x12\x38\xAB\x52\x4F"
"\xA8\x57\x20\xE0\x21\x6A\x17\x0D"
"\x0E\xF9\x8E\x49\x42\x00\x3C\x94"
"\x14\xC0\xD0\x8D\x8A\x98\xEB\x29"
"\xEC\xAE\x96\x44\xC0\x3C\x48\xDC"
"\x29\x35\x25\x2F\xE7\x11\x6C\x68"
"\xC8\x67\x0A\x2F\xF4\x07\xBE\xF9"
"\x2C\x31\x87\x40\xAB\xB2\xB6\xFA"
"\xD2\xC9\x6D\x5C\x50\xE9\xE6\x7E"
"\xE3\x0A\xD2\xD5\x6D\x8D\x64\x9E"
"\x70\xCE\x03\x76\xDD\xE0\xF0\x8C"
"\x84\x86\x8B\x6A\xFE\xC7\xF9\x69"
"\x2E\xFE\xFC\xC2\xC4\x1A\x55\x58"
"\xB3\xBE\xE2\x7E\xED\x39\x42\x6C"
"\xB4\x42\x97\x9A\xEC\xE1\x0A\x06"
"\x02\xC5\x03\x9D\xC4\x48\x15\x66"
"\x35\x6A\xC2\xC9\xA2\x26\x30\xBB"
"\xDB\x2D\xC8\x08\x2B\xA0\x29\x1A"
"\x23\x61\x48\xEA\x80\x04\x27\xAA"
"\x69\x49\xE8\xE8\x4A\x83\x6B\x5A"
"\xCA\x7C\xD3\xB1\xB5\x0B\xCC\x23"
"\x74\x1F\xA9\x87\xCD\xED\xC0\x2D"
"\xBF\xEB\xCF\x16\x2D\x2A\x2E\x1D"
"\x96\xBA\x36\x11\x45\x41\xDA\xCE"
"\xA4\x48\x80\x8B\x06\xF4\x98\x89"
"\x8B\x23\x08\x53\xF4\xD4\x5A\x24"
"\x8B\xF8\x43\x73\xD1\xEE\xC4\xB0"
"\xF8\xFE\x09\x0C\x75\x05\x38\x0B"
"\x7C\x81\xDE\x9D\xE4\x61\x37\x63"
"\x63\xAD\x12\xD2\x04\xB9\xCE\x45"
"\x5A\x1A\x6E\xB3\x78\x2A\xA4\x74"
"\x86\xD0\xE3\xFF\xDA\x38\x9C\xB5"
"\xB8\xB1\xDB\x38\x2F\xC5\x6A\xB4"
"\xEB\x6E\x96\xE8\x43\x80\xB5\x51"
"\x61\x2D\x48\xAA\x07\x65\x11\x8C"
"\x48\xE3\x90\x7E\x78\x3A\xEC\x97"
"\x05\x3D\x84\xE7\x90\x2B\xAA\xBD"
"\x83\x29\x0E\x1A\x81\x73\x7B\xE0"
"\x7A\x01\x4A\x37\x3B\x77\x7F\x8D"
"\x49\xA4\x2F\x6E\xBE\x68\x99\x08"
"\x99\xAA\x4C\x12\x04\xAE\x1F\x77"
"\x35\x88\xF1\x65\x06\x0A\x0B\x4D"
"\x47\xF9\x50\x38\x5D\x71\xF9\x6E"
"\xDE\xEC\x61\x35\x2C\x4C\x96\x50"
"\xE8\x28\x93\x9C\x7E\x01\xC6\x04"
"\xB2\xD6\xBC\x6C\x17\xEB\xC1\x7D"
"\x11\xE9\x43\x83\x76\xAA\x53\x37"
"\x0C\x1D\x39\x89\x53\x72\x09\x7E"
"\xD9\x85\x16\x04\xA5\x2C\x05\x6F"
"\x17\x0C\x6E\x66\xAA\x84\xA7\xD9"
"\xE2\xD9\xC4\xEB\x43\x3E\xB1\x8D"
"\x7C\x36\xC7\x71\x70\x9C\x10\xD8"
"\xE8\x47\x2A\x4D\xFD\xA1\xBC\xE3"
"\xB9\x32\xE2\xC1\x82\xAC\xFE\xCC"
"\xC5\xC9\x7F\x9E\xCF\x33\x7A\xDF"
"\x6C\x82\x9D",
.len = 499,
.also_non_np = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.np = 2,
.tap = { 499 - 16, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec tf_lrw_tv_template[] = {
/* Generated from AES-LRW test vectors */
{
.key = "\x45\x62\xac\x25\xf8\x28\x17\x6d"
"\x4c\x26\x84\x14\xb5\x68\x01\x85"
"\x25\x8e\x2a\x05\xe7\x3e\x9d\x03"
"\xee\x5a\x83\x0c\xcc\x09\x4c\x87",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\xa1\x6c\x50\x69\x26\xa4\xef\x7b"
"\x7c\xc6\x91\xeb\x72\xdd\x9b\xee",
.len = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x59\x70\x47\x14\xf5\x57\x47\x8c"
"\xd7\x79\xe8\x0f\x54\x88\x79\x44"
"\x0d\x48\xf0\xb7\xb1\x5a\x53\xea"
"\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x02",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\xab\x72\x0a\xad\x3b\x0c\xf0\xc9"
"\x42\x2f\xf1\xae\xf1\x3c\xb1\xbd",
.len = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50"
"\x30\xfe\x69\xe2\x37\x7f\x98\x47"
"\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6"
"\xb0\x0d\x0d\x1b\xae\x85\x87\x1f",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x85\xa7\x56\x67\x08\xfa\x42\xe1"
"\x22\xe6\x82\xfc\xd9\xb4\xd7\xd4",
.len = 16,
}, {
.key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15"
"\x25\x83\xf7\x3c\x1f\x01\x28\x74"
"\xca\xc6\xbc\x35\x4d\x4a\x65\x54"
"\x90\xae\x61\xcf\x7b\xae\xbd\xcc"
"\xad\xe4\x94\xc5\x4a\x29\xae\x70",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\xd2\xaf\x69\x35\x24\x1d\x0e\x1c"
"\x84\x8b\x05\xe4\xa2\x2f\x16\xf5",
.len = 16,
}, {
.key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff"
"\xf8\x86\xce\xac\x93\xc5\xad\xc6"
"\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd"
"\x52\x13\xb2\xb7\xf0\xff\x11\xd8"
"\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x4a\x23\x56\xd7\xff\x90\xd0\x9a"
"\x0d\x7c\x26\xfc\xf0\xf0\xf6\xe4",
.len = 16,
}, {
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x30\xaf\x26\x05\x9d\x5d\x0a\x58"
"\xe2\xe7\xce\x8a\xb2\x56\x6d\x76",
.len = 16,
}, {
.key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d"
"\xd4\x70\x98\x0b\xc7\x95\x84\xc8"
"\xb2\xfb\x64\xce\x60\x97\x87\x8d"
"\x17\xfc\xe4\x5a\x49\xe8\x30\xb7"
"\x6e\x78\x17\xe7\x2d\x5e\x12\xd4"
"\x60\x64\x04\x7a\xf1\x2f\x9e\x0c",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\xdf\xcf\xdc\xd2\xe1\xcf\x86\x75"
"\x17\x66\x5e\x0c\x14\xa1\x3d\x40",
.len = 16,
}, {
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac"
"\x70\x5d\xf6\x22\x94\xcd\xe5\x6c"
"\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8"
"\x50\x38\x1f\x71\x49\xb6\x57\xd6"
"\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90"
"\xfe\x2a\x62\x82\xae\x6d\x8b\xf6"
"\xad\x1e\x9e\x20\x5f\x38\xbe\x04"
"\xda\x10\x8e\xed\xa2\xa4\x87\xab"
"\xda\x6b\xb4\x0c\x75\xba\xd3\x7c"
"\xc9\xac\x42\x31\x95\x7c\xc9\x04"
"\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6"
"\x15\xd7\x3f\x4f\x2f\x66\x69\x03"
"\x9c\x1f\x54\x0f\xde\x1f\xf3\x65"
"\x4c\x96\x12\xed\x7c\x92\x03\x01"
"\x6f\xbc\x35\x93\xac\xf1\x27\xf1"
"\xb4\x96\x82\x5a\x5f\xb0\xa0\x50"
"\x89\xa4\x8e\x66\x44\x85\xcc\xfd"
"\x33\x14\x70\xe3\x96\xb2\xc3\xd3"
"\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5"
"\x2d\x64\x75\xdd\xb4\x54\xe6\x74"
"\x8c\xd3\x9d\x9e\x86\xab\x51\x53"
"\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40"
"\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5"
"\x76\x12\x73\x44\x1a\x56\xd7\x72"
"\x88\xcd\x21\x8c\x4c\x0f\xfe\xda"
"\x95\xe0\x3a\xa6\xa5\x84\x46\xcd"
"\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60"
"\x1a\xe2\x70\x85\x58\xc2\x1b\x09"
"\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9"
"\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8"
"\x51\x71\xd9\x3c\x6c\xf1\x56\xf8"
"\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10"
"\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1"
"\x90\x3e\x76\x4a\x74\xa4\x21\x2c"
"\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e"
"\x41\x09\x6a\x33\x7d\xf6\xdd\x3f"
"\x8d\x23\x31\x74\x84\xeb\x88\x6e"
"\xcc\xb9\xbc\x22\x83\x19\x07\x22"
"\xa5\x2d\xdf\xa5\xf3\x80\x85\x78"
"\x84\x39\x6a\x6d\x6a\x99\x4f\xa5"
"\x15\xfe\x46\xb0\xe4\x6c\xa5\x41"
"\x3c\xce\x8f\x42\x60\x71\xa7\x75"
"\x08\x40\x65\x8a\x82\xbf\xf5\x43"
"\x71\x96\xa9\x4d\x44\x8a\x20\xbe"
"\xfa\x4d\xbb\xc0\x7d\x31\x96\x65"
"\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9"
"\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4"
"\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a"
"\x62\x73\x65\xfd\x46\x63\x25\x3d"
"\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf"
"\x24\xf3\xb4\xac\x64\xba\xdf\x4b"
"\xc6\x96\x7d\x81\x2d\x8d\x97\xf7"
"\xc5\x68\x77\x84\x32\x2b\xcc\x85"
"\x74\x96\xf0\x12\x77\x61\xb9\xeb"
"\x71\xaa\x82\xcb\x1c\xdb\x89\xc8"
"\xc6\xb5\xe3\x5c\x7d\x39\x07\x24"
"\xda\x39\x87\x45\xc0\x2b\xbb\x01"
"\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce"
"\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6"
"\xc5\x55\xa9\x66\x2f\xe1\xc8\x32"
"\xa6\x5d\xa4\x3a\x98\x73\xe8\x45"
"\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6"
"\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4"
"\x21\xc4\xc2\x75\x67\x89\x37\x0a",
.ctext = "\x30\x38\xeb\xaf\x12\x43\x1a\x89"
"\x62\xa2\x36\xe5\xcf\x77\x1e\xd9"
"\x08\xc3\x0d\xdd\x95\xab\x19\x96"
"\x27\x52\x41\xc3\xca\xfb\xf6\xee"
"\x40\x2d\xdf\xdd\x00\x0c\xb9\x0a"
"\x3a\xf0\xc0\xd1\xda\x63\x9e\x45"
"\x42\xe9\x29\xc0\xb4\x07\xb4\x31"
"\x66\x77\x72\xb5\xb6\xb3\x57\x46"
"\x34\x9a\xfe\x03\xaf\x6b\x36\x07"
"\x63\x8e\xc2\x5d\xa6\x0f\xb6\x7d"
"\xfb\x6d\x82\x51\xb6\x98\xd0\x71"
"\xe7\x10\x7a\xdf\xb2\xbd\xf1\x1d"
"\x72\x2b\x54\x13\xe3\x6d\x79\x37"
"\xa9\x39\x2c\xdf\x21\xab\x87\xd5"
"\xee\xef\x9a\x12\x50\x39\x2e\x1b"
"\x7d\xe6\x6a\x27\x48\xb9\xe7\xac"
"\xaa\xcd\x79\x5f\xf2\xf3\xa0\x08"
"\x6f\x2c\xf4\x0e\xd1\xb8\x89\x25"
"\x31\x9d\xef\xb1\x1d\x27\x55\x04"
"\xc9\x8c\xb7\x68\xdc\xb6\x67\x8a"
"\xdb\xcf\x22\xf2\x3b\x6f\xce\xbb"
"\x26\xbe\x4f\x27\x04\x42\xd1\x44"
"\x4c\x08\xa3\x95\x4c\x7f\x1a\xaf"
"\x1d\x28\x14\xfd\xb1\x1a\x34\x18"
"\xf5\x1e\x28\x69\x95\x6a\x5a\xba"
"\x8e\xb2\x58\x1d\x28\x17\x13\x3d"
"\x38\x7d\x14\x8d\xab\x5d\xf9\xe8"
"\x3c\x0f\x2b\x0d\x2b\x08\xb4\x4b"
"\x6b\x0d\xc8\xa7\x84\xc2\x3a\x1a"
"\xb7\xbd\xda\x92\x29\xb8\x5b\x5a"
"\x63\xa5\x99\x82\x09\x72\x8f\xc6"
"\xa4\x62\x24\x69\x8c\x2d\x26\x00"
"\x99\x83\x91\xd6\xc6\xcf\x57\x67"
"\x38\xea\xf2\xfc\x29\xe0\x73\x39"
"\xf9\x13\x94\x6d\xe2\x58\x28\x75"
"\x3e\xae\x71\x90\x07\x70\x1c\x38"
"\x5b\x4c\x1e\xb5\xa5\x3b\x20\xef"
"\xb1\x4c\x3e\x1a\x72\x62\xbb\x22"
"\x82\x09\xe3\x18\x3f\x4f\x48\xfc"
"\xdd\xac\xfc\xb6\x09\xdb\xd2\x7b"
"\xd6\xb7\x7e\x41\x2f\x14\xf5\x0e"
"\xc3\xac\x4a\xed\xe7\x82\xef\x31"
"\x1f\x1a\x51\x1e\x29\x60\xc8\x98"
"\x93\x51\x1d\x3d\x62\x59\x83\x82"
"\x0c\xf1\xd7\x8d\xac\x33\x44\x81"
"\x3c\x59\xb7\xd4\x5b\x65\x82\xc4"
"\xec\xdc\x24\xfd\x0e\x1a\x79\x94"
"\x34\xb0\x62\xfa\x98\x49\x26\x1f"
"\xf4\x9e\x40\x44\x5b\x1f\xf8\xbe"
"\x36\xff\xc6\xc6\x9d\xf2\xd6\xcc"
"\x63\x93\x29\xb9\x0b\x6d\xd7\x6c"
"\xdb\xf6\x21\x80\xf7\x5a\x37\x15"
"\x0c\xe3\x36\xc8\x74\x75\x20\x91"
"\xdf\x52\x2d\x0c\xe7\x45\xff\x46"
"\xb3\xf4\xec\xc2\xbd\xd3\x37\xb6"
"\x26\xa2\x5d\x7d\x61\xbf\x10\x46"
"\x57\x8d\x05\x96\x70\x0b\xd6\x41"
"\x5c\xe9\xd3\x54\x81\x39\x3a\xdd"
"\x5f\x92\x81\x6e\x35\x03\xd4\x72"
"\x3d\x5a\xe7\xb9\x3b\x0c\x84\x23"
"\x45\x5d\xec\x72\xc1\x52\xef\x2e"
"\x81\x00\xd3\xfe\x4c\x3c\x05\x61"
"\x80\x18\xc4\x6c\x03\xd3\xb7\xba"
"\x11\xd7\xb8\x6e\xea\xe1\x80\x30",
.len = 512,
.also_non_np = 1,
.np = 3,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.tap = { 512 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec tf_xts_tv_template[] = {
/* Generated from AES-XTS test vectors */
{
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\x4b\xc9\x44\x4a\x11\xa3\xef\xac"
"\x30\x74\xe4\x44\x52\x77\x97\x43"
"\xa7\x60\xb2\x45\x2e\xf9\x00\x90"
"\x9f\xaa\xfd\x89\x6e\x9d\x4a\xe0",
.len = 32,
}, {
.key = "\x11\x11\x11\x11\x11\x11\x11\x11"
"\x11\x11\x11\x11\x11\x11\x11\x11"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
.ctext = "\x57\x0e\x8f\xe5\x2a\x35\x61\x4f"
"\x32\xd3\xbd\x36\x05\x15\x44\x2c"
"\x58\x06\xf7\xf8\x00\xa8\xb6\xd5"
"\xc6\x28\x92\xdb\xd8\x34\xa2\xe9",
.len = 32,
}, {
.key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
"\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
.ctext = "\x96\x45\x8f\x8d\x7a\x75\xb1\xde"
"\x40\x0c\x89\x56\xf6\x4d\xa7\x07"
"\x38\xbb\x5b\xe9\xcd\x84\xae\xb2"
"\x7b\x6a\x62\xf4\x8c\xb5\x37\xea",
.len = 32,
}, {
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
.ctext = "\xa9\x78\xae\x1e\xea\xa2\x44\x4c"
"\xa2\x7a\x64\x1f\xaf\x46\xc1\xe0"
"\x6c\xb2\xf3\x92\x9a\xd6\x7d\x58"
"\xb8\x2d\xb9\x5d\x58\x07\x66\x50"
"\xea\x35\x35\x8c\xb2\x46\x61\x06"
"\x5d\x65\xfc\x57\x8f\x69\x74\xab"
"\x8a\x06\x69\xb5\x6c\xda\x66\xc7"
"\x52\x90\xbb\x8e\x6d\x8b\xb5\xa2"
"\x78\x1d\xc2\xa9\xc2\x73\x00\xc3"
"\x32\x36\x7c\x97\x6b\x4e\x8a\x50"
"\xe4\x91\x83\x96\x8f\xf4\x94\x1a"
"\xa6\x27\xe1\x33\xcb\x91\xc6\x5f"
"\x94\x75\xbc\xd7\x3e\x3e\x6f\x9e"
"\xa9\x31\x80\x5e\xe5\xdb\xc8\x53"
"\x01\x73\x68\x32\x25\x19\xfa\xfb"
"\xe4\xcf\xb9\x3e\xa2\xa0\x8f\x31"
"\xbf\x54\x06\x93\xa8\xb1\x0f\xb6"
"\x7c\x3c\xde\x6f\x0f\xfb\x0c\x11"
"\x39\x80\x39\x09\x97\x65\xf2\x83"
"\xae\xe6\xa1\x6f\x47\xb8\x49\xde"
"\x99\x36\x20\x7d\x97\x3b\xec\xfa"
"\xb4\x33\x6e\x7a\xc7\x46\x84\x49"
"\x91\xcd\xe1\x57\x0d\xed\x40\x08"
"\x13\xf1\x4e\x3e\xa4\xa4\x5c\xe6"
"\xd2\x0c\x20\x8f\x3e\xdf\x3f\x47"
"\x9a\x2f\xde\x6d\x66\xc9\x99\x4a"
"\x2d\x9e\x9d\x4b\x1a\x27\xa2\x12"
"\x99\xf0\xf8\xb1\xb6\xf6\x57\xc3"
"\xca\x1c\xa3\x8e\xed\x39\x28\xb5"
"\x10\x1b\x4b\x08\x42\x00\x4a\xd3"
"\xad\x5a\xc6\x8e\xc8\xbb\x95\xc4"
"\x4b\xaa\xfe\xd5\x42\xa8\xa3\x6d"
"\x3c\xf3\x34\x91\x2d\xb4\xdd\x20"
"\x0c\x90\x6d\xa3\x9b\x66\x9d\x24"
"\x02\xa6\xa9\x3f\x3f\x58\x5d\x47"
"\x24\x65\x63\x7e\xbd\x8c\xe6\x52"
"\x7d\xef\x33\x53\x63\xec\xaa\x0b"
"\x64\x15\xa9\xa6\x1f\x10\x00\x38"
"\x35\xa8\xe7\xbe\x23\x70\x22\xe0"
"\xd3\xb9\xe6\xfd\xe6\xaa\x03\x50"
"\xf3\x3c\x27\x36\x8b\xcc\xfe\x9c"
"\x9c\xa3\xb3\xe7\x68\x9b\xa2\x71"
"\xe0\x07\xd9\x1f\x68\x1f\xac\x5e"
"\x7a\x74\x85\xa9\x6a\x90\xab\x2c"
"\x38\x51\xbc\x1f\x43\x4a\x56\x1c"
"\xf8\x47\x03\x4e\x67\xa8\x1f\x99"
"\x04\x39\x73\x32\xb2\x86\x79\xe7"
"\x14\x28\x70\xb8\xe2\x7d\x69\x85"
"\xb6\x0f\xc5\xd0\xd0\x01\x5c\xe6"
"\x09\x0f\x75\xf7\xb6\x81\xd2\x11"
"\x20\x9c\xa1\xee\x11\x44\x79\xd0"
"\xb2\x34\x77\xda\x10\x9a\x6f\x6f"
"\xef\x7c\xd9\xdc\x35\xb7\x61\xdd"
"\xf1\xa4\xc6\x1c\xbf\x05\x22\xac"
"\xfe\x2f\x85\x00\x44\xdf\x33\x16"
"\x35\xb6\xa3\xd3\x70\xdf\x69\x35"
"\x6a\xc7\xb4\x99\x45\x27\xc8\x8e"
"\x5a\x14\x30\xd0\x55\x3e\x4f\x64"
"\x0d\x38\xe3\xdf\x8b\xa8\x93\x26"
"\x75\xae\xf6\xb5\x23\x0b\x17\x31"
"\xbf\x27\xb8\xb5\x94\x31\xa7\x8f"
"\x43\xc4\x46\x24\x22\x4f\x8f\x7e"
"\xe5\xf4\x6d\x1e\x0e\x18\x7a\xbb"
"\xa6\x8f\xfb\x49\x49\xd8\x7e\x5a",
.len = 512,
}, {
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x62\x49\x77\x57\x24\x70\x93\x69"
"\x99\x59\x57\x49\x66\x96\x76\x27"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95"
"\x02\x88\x41\x97\x16\x93\x99\x37"
"\x51\x05\x82\x09\x74\x94\x45\x92",
.klen = 64,
.iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
.ctext = "\xd7\x4b\x93\x7d\x13\xa2\xa2\xe1"
"\x35\x39\x71\x88\x76\x1e\xc9\xea"
"\x86\xad\xf3\x14\x48\x3d\x5e\xe9"
"\xe9\x2d\xb2\x56\x59\x35\x9d\xec"
"\x84\xfa\x7e\x9d\x6d\x33\x36\x8f"
"\xce\xf4\xa9\x21\x0b\x5f\x96\xec"
"\xcb\xf9\x57\x68\x33\x88\x39\xbf"
"\x2f\xbb\x59\x03\xbd\x66\x8b\x11"
"\x11\x65\x51\x2e\xb8\x67\x05\xd1"
"\x27\x11\x5c\xd4\xcc\x97\xc2\xb3"
"\xa9\x55\xaf\x07\x56\xd1\xdc\xf5"
"\x85\xdc\x46\xe6\xf0\x24\xeb\x93"
"\x4d\xf0\x9b\xf5\x73\x1c\xda\x03"
"\x22\xc8\x3a\x4f\xb4\x19\x91\x09"
"\x54\x0b\xf6\xfe\x17\x3d\x1a\x53"
"\x72\x60\x79\xcb\x0e\x32\x8a\x77"
"\xd5\xed\xdb\x33\xd7\x62\x16\x69"
"\x63\xe0\xab\xb5\xf6\x9c\x5f\x3d"
"\x69\x35\x61\x86\xf8\x86\xb9\x89"
"\x6e\x59\x35\xac\xf6\x6b\x33\xa0"
"\xea\xef\x96\x62\xd8\xa9\xcf\x56"
"\xbf\xdb\x8a\xfd\xa1\x82\x77\x73"
"\x3d\x94\x4a\x49\x42\x6d\x08\x60"
"\xa1\xea\xab\xb6\x88\x13\x94\xb8"
"\x51\x98\xdb\x35\x85\xdf\xf6\xb9"
"\x8f\xcd\xdf\x80\xd3\x40\x2d\x72"
"\xb8\xb2\x6c\x02\x43\x35\x22\x2a"
"\x31\xed\xcd\x16\x19\xdf\x62\x0f"
"\x29\xcf\x87\x04\xec\x02\x4f\xe4"
"\xa2\xed\x73\xc6\x69\xd3\x7e\x89"
"\x0b\x76\x10\x7c\xd6\xf9\x6a\x25"
"\xed\xcc\x60\x5d\x61\x20\xc1\x97"
"\x56\x91\x57\x28\xbe\x71\x0d\xcd"
"\xde\xc4\x9e\x55\x91\xbe\xd1\x28"
"\x9b\x90\xeb\x73\xf3\x68\x51\xc6"
"\xdf\x82\xcc\xd8\x1f\xce\x5b\x27"
"\xc0\x60\x5e\x33\xd6\xa7\x20\xea"
"\xb2\x54\xc7\x5d\x6a\x3b\x67\x47"
"\xcf\xa0\xe3\xab\x86\xaf\xc1\x42"
"\xe6\xb0\x23\x4a\xaf\x53\xdf\xa0"
"\xad\x12\x32\x31\x03\xf7\x21\xbe"
"\x2d\xd5\x82\x42\xb6\x4a\x3d\xcd"
"\xd8\x81\x77\xa9\x49\x98\x6c\x09"
"\xc5\xa3\x61\x12\x62\x85\x6b\xcd"
"\xb3\xf4\x20\x0c\x41\xc4\x05\x37"
"\x46\x5f\xeb\x71\x8b\xf1\xaf\x6e"
"\xba\xf3\x50\x2e\xfe\xa8\x37\xeb"
"\xe8\x8c\x4f\xa4\x0c\xf1\x31\xc8"
"\x6e\x71\x4f\xa5\xd7\x97\x73\xe0"
"\x93\x4a\x2f\xda\x7b\xe0\x20\x54"
"\x1f\x8d\x85\x79\x0b\x7b\x5e\x75"
"\xb9\x07\x67\xcc\xc8\xe7\x21\x15"
"\xa7\xc8\x98\xff\x4b\x80\x1c\x12"
"\xa8\x54\xe1\x38\x52\xe6\x74\x81"
"\x97\x47\xa1\x41\x0e\xc0\x50\xe3"
"\x55\x0e\xc3\xa7\x70\x77\xce\x07"
"\xed\x8c\x88\xe6\xa1\x5b\x14\xec"
"\xe6\xde\x06\x6d\x74\xc5\xd9\xfa"
"\xe5\x2f\x5a\xff\xc8\x05\xee\x27"
"\x35\x61\xbf\x0b\x19\x78\x9b\xd2"
"\x04\xc7\x05\xb1\x79\xb4\xff\x5f"
"\xf3\xea\x67\x52\x78\xc2\xce\x70"
"\xa4\x05\x0b\xb2\xb3\xa8\x30\x97"
"\x37\x30\xe1\x91\x8d\xb3\x2a\xff",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
},
};
/*
* Serpent test vectors. These are backwards because Serpent writes
* octet sequences in right-to-left mode.
*/
static const struct cipher_testvec serpent_tv_template[] = {
{
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ctext = "\x12\x07\xfc\xce\x9b\xd0\xd6\x47"
"\x6a\xe9\x8f\xbe\xd1\x43\xa0\xe2",
.len = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.klen = 16,
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ctext = "\x4c\x7d\x8a\x32\x80\x72\xa2\x2c"
"\x82\x3e\x4a\x1f\x3a\xcd\xa1\x6d",
.len = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.klen = 32,
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ctext = "\xde\x26\x9f\xf8\x33\xe4\x32\xb8"
"\x5b\x2e\x88\xd2\x70\x1c\xe7\x5c",
.len = 16,
}, {
.key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80",
.klen = 16,
.ptext = zeroed_string,
.ctext = "\xdd\xd2\x6b\x98\xa5\xff\xd8\x2c"
"\x05\x34\x5a\x9d\xad\xbf\xaf\x49",
.len = 16,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\xFB\xB0\x5D\xDE\xC0\xFE\xFC\xEB"
"\xB1\x80\x10\x43\xDE\x62\x70\xBD"
"\xFA\x8A\x93\xEA\x6B\xF7\xC5\xD7"
"\x0C\xD1\xBB\x29\x25\x14\x4C\x22"
"\x77\xA6\x38\x00\xDB\xB9\xE2\x07"
"\xD1\xAC\x82\xBA\xEA\x67\xAA\x39"
"\x99\x34\x89\x5B\x54\xE9\x12\x13"
"\x3B\x04\xE5\x12\x42\xC5\x79\xAB"
"\x0D\xC7\x3C\x58\x2D\xA3\x98\xF6"
"\xE4\x61\x9E\x17\x0B\xCE\xE8\xAA"
"\xB5\x6C\x1A\x3A\x67\x52\x81\x6A"
"\x04\xFF\x8A\x1B\x96\xFE\xE6\x87"
"\x3C\xD4\x39\x7D\x36\x9B\x03\xD5"
"\xB6\xA0\x75\x3C\x83\xE6\x1C\x73"
"\x9D\x74\x2B\x77\x53\x2D\xE5\xBD"
"\x69\xDA\x7A\x01\xF5\x6A\x70\x39"
"\x30\xD4\x2C\xF2\x8E\x06\x4B\x39"
"\xB3\x12\x1D\xB3\x17\x46\xE6\xD6"
"\xB6\x31\x36\x34\x38\x3C\x1D\x69"
"\x9F\x47\x28\x9A\x1D\x96\x70\x54"
"\x8E\x88\xCB\xE0\xF5\x6A\xAE\x0A"
"\x3C\xD5\x93\x1C\x21\xC9\x14\x3A"
"\x23\x9C\x9B\x79\xC7\x75\xC8\x39"
"\xA6\xAC\x65\x9A\x99\x37\xAF\x6D"
"\xBD\xB5\x32\xFD\xD8\x9C\x95\x7B"
"\xC6\x6A\x80\x64\xEA\xEF\x6D\x3F"
"\xA9\xFE\x5B\x16\xA3\xCF\x32\xC8"
"\xEF\x50\x22\x20\x93\x30\xBE\xE2"
"\x38\x05\x65\xAF\xBA\xB6\xE4\x72"
"\xA9\xEE\x05\x42\x88\xBD\x9D\x49"
"\xAD\x93\xCA\x4D\x45\x11\x43\x4D"
"\xB8\xF5\x74\x2B\x48\xE7\x21\xE4"
"\x4E\x3A\x4C\xDE\x65\x7A\x5A\xAD"
"\x86\xE6\x23\xEC\x6B\xA7\x17\xE6"
"\xF6\xA1\xAC\x29\xAE\xF9\x9B\x69"
"\x73\x65\x65\x51\xD6\x0B\x4E\x8C"
"\x17\x15\x9D\xB0\xCF\xB2\x42\x2B"
"\x51\xC3\x03\xE8\xB7\x7D\x2D\x39"
"\xE8\x10\x93\x16\xC8\x68\x4C\x60"
"\x87\x70\x14\xD0\x01\x57\xCB\x42"
"\x13\x59\xB1\x7F\x12\x4F\xBB\xC7"
"\xBD\x2B\xD4\xA9\x12\x26\x4F\xDE"
"\xFD\x72\xEC\xD7\x6F\x97\x14\x90"
"\x0E\x37\x13\xE6\x67\x1D\xE5\xFE"
"\x9E\x18\x3C\x8F\x3A\x3F\x59\x9B"
"\x71\x80\x05\x35\x3F\x40\x0B\x21"
"\x76\xE5\xEF\x42\x6C\xDB\x31\x05"
"\x5F\x05\xCF\x14\xE3\xF0\x61\xA2"
"\x49\x03\x5E\x77\x2E\x20\xBA\xA1"
"\xAF\x46\x51\xC0\x2B\xC4\x64\x1E"
"\x65\xCC\x51\x58\x0A\xDF\xF0\x5F"
"\x75\x9F\x48\xCD\x81\xEC\xC3\xF6"
"\xED\xC9\x4B\x7B\x4E\x26\x23\xE1"
"\xBB\xE9\x83\x0B\xCF\xE4\xDE\x00"
"\x48\xFF\xBF\x6C\xB4\x72\x16\xEF"
"\xC7\x46\xEE\x48\x8C\xB8\xAF\x45"
"\x91\x76\xE7\x6E\x65\x3D\x15\x86"
"\x10\xF8\xDB\x66\x97\x7C\x43\x4D"
"\x79\x12\x4E\xCE\x06\xD1\xD1\x6A"
"\x34\xC1\xC9\xF2\x28\x4A\xCD\x02"
"\x75\x55\x9B\xFF\x36\x73\xAB\x7C"
"\xF4\x46\x2E\xEB\xAC\xF3\xD2\xB7",
.len = 496,
.also_non_np = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec tnepres_tv_template[] = {
{ /* KeySize=0 */
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ctext = "\x41\xcc\x6b\x31\x59\x31\x45\x97"
"\x6d\x6f\xbb\x38\x4b\x37\x21\x28",
.len = 16,
},
{ /* KeySize=128, PT=0, I=1 */
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.key = "\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.ctext = "\x49\xaf\xbf\xad\x9d\x5a\x34\x05"
"\x2c\xd8\xff\xa5\x98\x6b\xd2\xdd",
.len = 16,
}, { /* KeySize=128 */
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.klen = 16,
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ctext = "\xea\xf4\xd7\xfc\xd8\x01\x34\x47"
"\x81\x45\x0b\xfa\x0c\xd6\xad\x6e",
.len = 16,
}, { /* KeySize=128, I=121 */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x80",
.klen = 16,
.ptext = zeroed_string,
.ctext = "\x3d\xda\xbf\xc0\x06\xda\xab\x06"
"\x46\x2a\xf4\xef\x81\x54\x4e\x26",
.len = 16,
}, { /* KeySize=192, PT=0, I=1 */
.key = "\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 24,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\xe7\x8e\x54\x02\xc7\x19\x55\x68"
"\xac\x36\x78\xf7\xa3\xf6\x0c\x66",
.len = 16,
}, { /* KeySize=256, PT=0, I=1 */
.key = "\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\xab\xed\x96\xe7\x66\xbf\x28\xcb"
"\xc0\xeb\xd2\x1a\x82\xef\x08\x19",
.len = 16,
}, { /* KeySize=256, I=257 */
.key = "\x1f\x1e\x1d\x1c\x1b\x1a\x19\x18"
"\x17\x16\x15\x14\x13\x12\x11\x10"
"\x0f\x0e\x0d\x0c\x0b\x0a\x09\x08"
"\x07\x06\x05\x04\x03\x02\x01\x00",
.klen = 32,
.ptext = "\x0f\x0e\x0d\x0c\x0b\x0a\x09\x08"
"\x07\x06\x05\x04\x03\x02\x01\x00",
.ctext = "\x5c\xe7\x1c\x70\xd2\x88\x2e\x5b"
"\xb8\x32\xe4\x33\xf8\x9f\x26\xde",
.len = 16,
}, { /* KeySize=256 */
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.klen = 32,
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ctext = "\x64\xa9\x1a\x37\xed\x9f\xe7\x49"
"\xa8\x4e\x76\xd6\xf5\x0d\x78\xee",
.len = 16,
}
};
static const struct cipher_testvec serpent_cbc_tv_template[] = {
{ /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x80\xCF\x11\x41\x1A\xB9\x4B\x9C"
"\xFF\xB7\x6C\xEA\xF0\xAF\x77\x6E"
"\x71\x75\x95\x9D\x4E\x1C\xCF\xAD"
"\x81\x34\xE9\x8F\xAE\x5A\x91\x1C"
"\x38\x63\x35\x7E\x79\x18\x0A\xE8"
"\x67\x06\x76\xD5\xFF\x22\x2F\xDA"
"\xB6\x2D\x57\x13\xB6\x3C\xBC\x97"
"\xFE\x53\x75\x35\x97\x7F\x51\xEA"
"\xDF\x5D\xE8\x9D\xCC\xD9\xAE\xE7"
"\x62\x67\xFF\x04\xC2\x18\x22\x5F"
"\x2E\x06\xC1\xE2\x26\xCD\xC6\x1E"
"\xE5\x2C\x4E\x87\x23\xDD\xF0\x41"
"\x08\xA5\xB4\x3E\x07\x1E\x0B\xBB"
"\x72\x84\xF8\x0A\x3F\x38\x5E\x91"
"\x15\x26\xE1\xDB\xA4\x3D\x74\xD2"
"\x41\x1E\x3F\xA9\xC6\x7D\x2A\xAB"
"\x27\xDF\x89\x1D\x86\x3E\xF7\x5A"
"\xF6\xE3\x0F\xC7\x6B\x4C\x96\x7C"
"\x2D\x12\xA5\x05\x92\xCB\xD7\x4A"
"\x4D\x1E\x88\x21\xE1\x63\xB4\xFC"
"\x4A\xF2\xCD\x35\xB9\xD7\x70\x97"
"\x5A\x5E\x7E\x96\x52\x20\xDC\x25"
"\xE9\x6B\x36\xB4\xE0\x98\x85\x2C"
"\x3C\xD2\xF7\x78\x8A\x73\x26\x9B"
"\xAF\x0B\x11\xE8\x4D\x67\x23\xE9"
"\x77\xDF\x58\xF6\x6F\x9E\xA4\xC5"
"\x10\xA1\x82\x0E\x80\xA0\x8F\x4B"
"\xA1\xC0\x12\x54\x4E\xC9\x20\x92"
"\x11\x00\x10\x4E\xB3\x7C\xCA\x63"
"\xE5\x3F\xD3\x41\x37\xCD\x74\xB7"
"\xA5\x7C\x61\xB8\x0B\x7A\x7F\x4D"
"\xFE\x96\x7D\x1B\xBE\x60\x37\xB7"
"\x81\x92\x66\x67\x15\x1E\x39\x98"
"\x52\xC0\xF4\x69\xC0\x99\x4F\x5A"
"\x2E\x32\xAD\x7C\x8B\xE9\xAD\x05"
"\x55\xF9\x0A\x1F\x97\x5C\xFA\x2B"
"\xF4\x99\x76\x3A\x6E\x4D\xE1\x4C"
"\x14\x4E\x6F\x87\xEE\x1A\x85\xA3"
"\x96\xC6\x66\x49\xDA\x0D\x71\xAC"
"\x04\x05\x46\xD3\x90\x0F\x64\x64"
"\x01\x66\x2C\x62\x5D\x34\xD1\xCB"
"\x3A\x24\xCE\x95\xEF\xAE\x2C\x97"
"\x0E\x0C\x1D\x36\x49\xEB\xE9\x3D"
"\x62\xA6\x19\x28\x9E\x26\xB4\x3F"
"\xD7\x55\x42\x3C\xCD\x72\x0A\xF0"
"\x7D\xE9\x95\x45\x86\xED\xB1\xE0"
"\x8D\xE9\xC5\x86\x13\x24\x28\x7D"
"\x74\xEF\xCA\x50\x12\x7E\x64\x8F"
"\x1B\xF5\x5B\xFE\xE2\xAC\xFA\xE7"
"\xBD\x38\x8C\x11\x20\xEF\xB1\xAA"
"\x7B\xE5\xE5\x78\xAD\x9D\x2D\xA2"
"\x8E\xDD\x48\xB3\xEF\x18\x92\x7E"
"\xE6\x75\x0D\x54\x64\x11\xA3\x3A"
"\xDB\x97\x0F\xD3\xDF\x07\xD3\x7E"
"\x1E\xD1\x87\xE4\x74\xBB\x46\xF4"
"\xBA\x23\x2D\x8D\x29\x07\x12\xCF"
"\x34\xCD\x72\x7F\x01\x30\xE7\xA0"
"\xF8\xDD\xA8\x08\xF0\xBC\xB1\xA2"
"\xCC\xE1\x6B\x5F\xBE\xEA\xF1\xE4"
"\x02\xC4\xAF\xFA\xAD\x31\xF4\xBF"
"\xFC\x66\xAA\x37\xF2\x37\x39\x6B"
"\xBC\x08\x3A\xA2\x29\xB3\xDF\xD1",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
static const struct cipher_testvec serpent_ctr_tv_template[] = {
{ /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA"
"\x37\x69\xE3\x3A\x22\x85\x48\x46"
"\x70\xAA\x25\xB4\xCD\x8B\x04\x4E"
"\x8D\x15\x2B\x98\xDF\x7B\x6D\xB9"
"\xE0\x4A\x73\x00\x65\xB6\x1A\x0D"
"\x5C\x60\xDF\x34\xDC\x60\x4C\xDF"
"\xB5\x1F\x26\x8C\xDA\xC1\x11\xA8"
"\x80\xFA\x37\x7A\x89\xAA\xAE\x7B"
"\x92\x6E\xB9\xDC\xC9\x62\x4F\x88"
"\x0A\x5D\x97\x2F\x6B\xAC\x03\x7C"
"\x22\xF6\x55\x5A\xFA\x35\xA5\x17"
"\xA1\x5C\x5E\x2B\x63\x2D\xB9\x91"
"\x3E\x83\x26\x00\x4E\xD5\xBE\xCE"
"\x79\xC4\x3D\xFC\x70\xA0\xAD\x96"
"\xBA\x58\x2A\x1C\xDF\xC2\x3A\xA5"
"\x7C\xB5\x12\x89\xED\xBF\xB6\x09"
"\x13\x4F\x7D\x61\x3C\x5C\x27\xFC"
"\x5D\xE1\x4F\xA1\xEA\xB3\xCA\xB9"
"\xE6\xD0\x97\x81\xDE\xD1\xFB\x8A"
"\x30\xDB\xA3\x5D\xEC\x25\x0B\x86"
"\x71\xC8\xA7\x67\xE8\xBC\x7D\x4C"
"\xAE\x82\xD3\x73\x31\x09\xCB\xB3"
"\x4D\xD4\xC0\x8A\x2B\xFA\xA6\x55"
"\x39\x0A\xBC\x6E\x75\xAB\xC2\xE2"
"\x8A\xF2\x26\xCD\x63\x38\x35\xF7"
"\xAE\x12\x83\xCD\x8A\x9E\x7E\x4C"
"\xFE\x4D\xD7\xCE\x5C\x6E\x4C\xAF"
"\xE3\xCD\x76\xA7\x87\xA1\x54\x7C"
"\xEC\x32\xC7\x83\x2A\xFF\xF8\xEA"
"\x87\xB2\x47\xA3\x9D\xC2\x9C\xA2"
"\xB7\x2C\x7C\x1A\x24\xCB\x88\x61"
"\xFF\xA7\x1A\x16\x01\xDD\x4B\xFC"
"\x2E\xE0\x48\x67\x09\x42\xCC\x91"
"\xBE\x20\x38\xC0\x5E\x3B\x95\x00"
"\xA1\x96\x66\x0B\x8A\xE9\x9E\xF7"
"\x6B\x34\x0A\x51\xC0\x3B\xEB\x71"
"\x07\x97\x38\x4B\x5C\x56\x98\x67"
"\x78\x9C\xD0\x0E\x2B\xB5\x67\x90"
"\x75\xF8\xFE\x6D\x4E\x85\xCC\x0D"
"\x18\x06\x15\x9D\x5A\x10\x13\x37"
"\xA3\xD6\x68\xA2\xDF\x7E\xC7\x12"
"\xC9\x0D\x4D\x91\xB0\x2A\x55\xFF"
"\x6F\x73\x13\xDF\x28\xB5\x2A\x2C"
"\xE4\xFC\x20\xD9\xF1\x7A\x82\xB1"
"\xCB\x57\xB6\x3D\x8C\xF4\x8E\x27"
"\x37\xDC\x35\xF3\x79\x01\x53\xA4"
"\x7B\x37\xDE\x7C\x04\xAE\x50\xDB"
"\x9B\x1E\x8C\x07\xA7\x52\x49\x50"
"\x34\x25\x65\xDD\xA9\x8F\x7E\xBD"
"\x7A\xC9\x36\xAE\xDE\x21\x48\x64"
"\xC2\x02\xBA\xBE\x11\x1E\x3D\x9C"
"\x98\x52\xCC\x04\xBD\x5E\x61\x26"
"\x10\xD3\x21\xD9\x6E\x25\x98\x77"
"\x8E\x98\x63\xF6\xF6\x52\xFB\x13"
"\xAA\x30\xF2\xB9\xA4\x43\x53\x39"
"\x1C\x97\x07\x7E\x6B\xFF\x3D\x43"
"\xA6\x71\x6B\x66\x8F\x58\x3F\x71"
"\x90\x47\x40\x92\xE6\x69\xD1\x96"
"\x34\xB3\x3B\xE5\x43\xE4\xD5\x56"
"\xB2\xE6\x7E\x86\x7A\x12\x17\x5B"
"\x30\xF3\x9B\x0D\xFA\x57\xE4\x50"
"\x40\x53\x77\x8C\x15\xF8\x8D\x13",
.len = 496,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x84\x68\xEC\xF2\x1C\x88\x20\xCA"
"\x37\x69\xE3\x3A\x22\x85\x48\x46"
"\x70\xAA\x25\xB4\xCD\x8B\x04\x4E"
"\x8D\x15\x2B\x98\xDF\x7B\x6D\xB9"
"\xE0\x4A\x73\x00\x65\xB6\x1A\x0D"
"\x5C\x60\xDF\x34\xDC\x60\x4C\xDF"
"\xB5\x1F\x26\x8C\xDA\xC1\x11\xA8"
"\x80\xFA\x37\x7A\x89\xAA\xAE\x7B"
"\x92\x6E\xB9\xDC\xC9\x62\x4F\x88"
"\x0A\x5D\x97\x2F\x6B\xAC\x03\x7C"
"\x22\xF6\x55\x5A\xFA\x35\xA5\x17"
"\xA1\x5C\x5E\x2B\x63\x2D\xB9\x91"
"\x3E\x83\x26\x00\x4E\xD5\xBE\xCE"
"\x79\xC4\x3D\xFC\x70\xA0\xAD\x96"
"\xBA\x58\x2A\x1C\xDF\xC2\x3A\xA5"
"\x7C\xB5\x12\x89\xED\xBF\xB6\x09"
"\x13\x4F\x7D\x61\x3C\x5C\x27\xFC"
"\x5D\xE1\x4F\xA1\xEA\xB3\xCA\xB9"
"\xE6\xD0\x97\x81\xDE\xD1\xFB\x8A"
"\x30\xDB\xA3\x5D\xEC\x25\x0B\x86"
"\x71\xC8\xA7\x67\xE8\xBC\x7D\x4C"
"\xAE\x82\xD3\x73\x31\x09\xCB\xB3"
"\x4D\xD4\xC0\x8A\x2B\xFA\xA6\x55"
"\x39\x0A\xBC\x6E\x75\xAB\xC2\xE2"
"\x8A\xF2\x26\xCD\x63\x38\x35\xF7"
"\xAE\x12\x83\xCD\x8A\x9E\x7E\x4C"
"\xFE\x4D\xD7\xCE\x5C\x6E\x4C\xAF"
"\xE3\xCD\x76\xA7\x87\xA1\x54\x7C"
"\xEC\x32\xC7\x83\x2A\xFF\xF8\xEA"
"\x87\xB2\x47\xA3\x9D\xC2\x9C\xA2"
"\xB7\x2C\x7C\x1A\x24\xCB\x88\x61"
"\xFF\xA7\x1A\x16\x01\xDD\x4B\xFC"
"\x2E\xE0\x48\x67\x09\x42\xCC\x91"
"\xBE\x20\x38\xC0\x5E\x3B\x95\x00"
"\xA1\x96\x66\x0B\x8A\xE9\x9E\xF7"
"\x6B\x34\x0A\x51\xC0\x3B\xEB\x71"
"\x07\x97\x38\x4B\x5C\x56\x98\x67"
"\x78\x9C\xD0\x0E\x2B\xB5\x67\x90"
"\x75\xF8\xFE\x6D\x4E\x85\xCC\x0D"
"\x18\x06\x15\x9D\x5A\x10\x13\x37"
"\xA3\xD6\x68\xA2\xDF\x7E\xC7\x12"
"\xC9\x0D\x4D\x91\xB0\x2A\x55\xFF"
"\x6F\x73\x13\xDF\x28\xB5\x2A\x2C"
"\xE4\xFC\x20\xD9\xF1\x7A\x82\xB1"
"\xCB\x57\xB6\x3D\x8C\xF4\x8E\x27"
"\x37\xDC\x35\xF3\x79\x01\x53\xA4"
"\x7B\x37\xDE\x7C\x04\xAE\x50\xDB"
"\x9B\x1E\x8C\x07\xA7\x52\x49\x50"
"\x34\x25\x65\xDD\xA9\x8F\x7E\xBD"
"\x7A\xC9\x36\xAE\xDE\x21\x48\x64"
"\xC2\x02\xBA\xBE\x11\x1E\x3D\x9C"
"\x98\x52\xCC\x04\xBD\x5E\x61\x26"
"\x10\xD3\x21\xD9\x6E\x25\x98\x77"
"\x8E\x98\x63\xF6\xF6\x52\xFB\x13"
"\xAA\x30\xF2\xB9\xA4\x43\x53\x39"
"\x1C\x97\x07\x7E\x6B\xFF\x3D\x43"
"\xA6\x71\x6B\x66\x8F\x58\x3F\x71"
"\x90\x47\x40\x92\xE6\x69\xD1\x96"
"\x34\xB3\x3B\xE5\x43\xE4\xD5\x56"
"\xB2\xE6\x7E\x86\x7A\x12\x17\x5B"
"\x30\xF3\x9B\x0D\xFA\x57\xE4\x50"
"\x40\x53\x77\x8C\x15\xF8\x8D\x13"
"\x38\xE2\xE5",
.len = 499,
.also_non_np = 1,
.np = 2,
.tap = { 499 - 16, 16 },
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\x06\x9A\xF8\xB4\x53\x88\x62\xFC"
"\x68\xB8\x2E\xDF\xC1\x05\x0F\x3D"
"\xAF\x4D\x95\xAE\xC4\xE9\x1C\xDC"
"\xF6\x2B\x8F\x90\x89\xF6\x7E\x1A"
"\xA6\xB9\xE4\xF4\xFA\xCA\xE5\x7E"
"\x71\x28\x06\x4F\xE8\x08\x39\xDA"
"\xA5\x0E\xC8\xC0\xB8\x16\xE5\x69"
"\xE5\xCA\xEC\x4F\x63\x2C\xC0\x9B"
"\x9F\x3E\x39\x79\xF0\xCD\x64\x35"
"\x4A\xD3\xC8\xA9\x31\xCD\x48\x5B"
"\x92\x3D\x8F\x3F\x96\xBD\xB3\x18"
"\x74\x2A\x5D\x29\x3F\x57\x8F\xE2"
"\x67\x9A\xE0\xE5\xD4\x4A\xE2\x47"
"\xBC\xF6\xEB\x14\xF3\x8C\x20\xC2"
"\x7D\xE2\x43\x81\x86\x72\x2E\xB1"
"\x39\xF6\x95\xE1\x1F\xCB\x76\x33"
"\x5B\x7D\x23\x0F\x3A\x67\x2A\x2F"
"\xB9\x37\x9D\xDD\x1F\x16\xA1\x3C"
"\x70\xFE\x52\xAA\x93\x3C\xC4\x46"
"\xB1\xE5\xFF\xDA\xAF\xE2\x84\xFE"
"\x25\x92\xB2\x63\xBD\x49\x77\xB4"
"\x22\xA4\x6A\xD5\x04\xE0\x45\x58"
"\x1C\x34\x96\x7C\x03\x0C\x13\xA2"
"\x05\x22\xE2\xCB\x5A\x35\x03\x09"
"\x40\xD2\x82\x05\xCA\x58\x73\xF2"
"\x29\x5E\x01\x47\x13\x32\x78\xBE"
"\x06\xB0\x51\xDB\x6C\x31\xA0\x1C"
"\x74\xBC\x8D\x25\xDF\xF8\x65\xD1"
"\x38\x35\x11\x26\x4A\xB4\x06\x32"
"\xFA\xD2\x07\x77\xB3\x74\x98\x80"
"\x61\x59\xA8\x9F\xF3\x6F\x2A\xBF"
"\xE6\xA5\x9A\xC4\x6B\xA6\x49\x6F"
"\xBC\x47\xD9\xFB\xC6\xEF\x25\x65"
"\x96\xAC\x9F\xE4\x81\x4B\xD8\xBA"
"\xD6\x9B\xC9\x6D\x58\x40\x81\x02"
"\x73\x44\x4E\x43\x6E\x37\xBB\x11"
"\xE3\xF9\xB8\x2F\xEC\x76\x34\xEA"
"\x90\xCD\xB7\x2E\x0E\x32\x71\xE8"
"\xBB\x4E\x0B\x98\xA4\x17\x17\x5B"
"\x07\xB5\x82\x3A\xC4\xE8\x42\x51"
"\x5A\x4C\x4E\x7D\xBF\xC4\xC0\x4F"
"\x68\xB8\xC6\x4A\x32\x6F\x0B\xD7"
"\x85\xED\x6B\xFB\x72\xD2\xA5\x8F"
"\xBF\xF9\xAC\x59\x50\xA8\x08\x70"
"\xEC\xBD\x0A\xBF\xE5\x87\xA1\xC2"
"\x92\x14\x78\xAF\xE8\xEA\x2E\xDD"
"\xC1\x03\x9A\xAA\x89\x8B\x32\x46"
"\x5B\x18\x27\xBA\x46\xAA\x64\xDE"
"\xE3\xD5\xA3\xFC\x7B\x5B\x61\xDB"
"\x7E\xDA\xEC\x30\x17\x19\xF8\x80"
"\xB5\x5E\x27\xB5\x37\x3A\x1F\x28"
"\x07\x73\xC3\x63\xCE\xFF\x8C\xFE"
"\x81\x4E\xF8\x24\xF3\xB8\xC7\xE8"
"\x16\x9A\xCC\x58\x2F\x88\x1C\x4B"
"\xBB\x33\xA2\x73\xF0\x1C\x89\x0E"
"\xDC\x34\x27\x89\x98\xCE\x1C\xA2"
"\xD8\xB8\x90\xBE\xEC\x72\x28\x13"
"\xAC\x7B\xF1\xD0\x7F\x7A\x28\x50"
"\xB7\x99\x65\x8A\xC9\xC6\x21\x34"
"\x7F\x67\x9D\xB7\x2C\xCC\xF5\x17"
"\x2B\x89\xAC\xB0\xD7\x1E\x47\xB0"
"\x61\xAF\xD4\x63\x6D\xB8\x2D\x20",
.len = 496,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec serpent_lrw_tv_template[] = {
/* Generated from AES-LRW test vectors */
{
.key = "\x45\x62\xac\x25\xf8\x28\x17\x6d"
"\x4c\x26\x84\x14\xb5\x68\x01\x85"
"\x25\x8e\x2a\x05\xe7\x3e\x9d\x03"
"\xee\x5a\x83\x0c\xcc\x09\x4c\x87",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x6f\xbf\xd4\xa4\x5d\x71\x16\x79"
"\x63\x9c\xa6\x8e\x40\xbe\x0d\x8a",
.len = 16,
}, {
.key = "\x59\x70\x47\x14\xf5\x57\x47\x8c"
"\xd7\x79\xe8\x0f\x54\x88\x79\x44"
"\x0d\x48\xf0\xb7\xb1\x5a\x53\xea"
"\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x02",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xfd\xb2\x66\x98\x80\x96\x55\xad"
"\x08\x94\x54\x9c\x21\x7c\x69\xe3",
.len = 16,
}, {
.key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50"
"\x30\xfe\x69\xe2\x37\x7f\x98\x47"
"\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6"
"\xb0\x0d\x0d\x1b\xae\x85\x87\x1f",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x14\x5e\x3d\x70\xc0\x6e\x9c\x34"
"\x5b\x5e\xcf\x0f\xe4\x8c\x21\x5c",
.len = 16,
}, {
.key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15"
"\x25\x83\xf7\x3c\x1f\x01\x28\x74"
"\xca\xc6\xbc\x35\x4d\x4a\x65\x54"
"\x90\xae\x61\xcf\x7b\xae\xbd\xcc"
"\xad\xe4\x94\xc5\x4a\x29\xae\x70",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x25\x39\xaa\xa5\xf0\x65\xc8\xdc"
"\x5d\x45\x95\x30\x8f\xff\x2f\x1b",
.len = 16,
}, {
.key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff"
"\xf8\x86\xce\xac\x93\xc5\xad\xc6"
"\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd"
"\x52\x13\xb2\xb7\xf0\xff\x11\xd8"
"\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x0c\x20\x20\x63\xd6\x8b\xfc\x8f"
"\xc0\xe2\x17\xbb\xd2\x59\x6f\x26",
.len = 16,
}, {
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc1\x35\x2e\x53\xf0\x96\x4d\x9c"
"\x2e\x18\xe6\x99\xcd\xd3\x15\x68",
.len = 16,
}, {
.key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d"
"\xd4\x70\x98\x0b\xc7\x95\x84\xc8"
"\xb2\xfb\x64\xce\x60\x97\x87\x8d"
"\x17\xfc\xe4\x5a\x49\xe8\x30\xb7"
"\x6e\x78\x17\xe7\x2d\x5e\x12\xd4"
"\x60\x64\x04\x7a\xf1\x2f\x9e\x0c",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x86\x0a\xc6\xa9\x1a\x9f\xe7\xe6"
"\x64\x3b\x33\xd6\xd5\x84\xd6\xdf",
.len = 16,
}, {
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac"
"\x70\x5d\xf6\x22\x94\xcd\xe5\x6c"
"\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8"
"\x50\x38\x1f\x71\x49\xb6\x57\xd6"
"\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90"
"\xfe\x2a\x62\x82\xae\x6d\x8b\xf6"
"\xad\x1e\x9e\x20\x5f\x38\xbe\x04"
"\xda\x10\x8e\xed\xa2\xa4\x87\xab"
"\xda\x6b\xb4\x0c\x75\xba\xd3\x7c"
"\xc9\xac\x42\x31\x95\x7c\xc9\x04"
"\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6"
"\x15\xd7\x3f\x4f\x2f\x66\x69\x03"
"\x9c\x1f\x54\x0f\xde\x1f\xf3\x65"
"\x4c\x96\x12\xed\x7c\x92\x03\x01"
"\x6f\xbc\x35\x93\xac\xf1\x27\xf1"
"\xb4\x96\x82\x5a\x5f\xb0\xa0\x50"
"\x89\xa4\x8e\x66\x44\x85\xcc\xfd"
"\x33\x14\x70\xe3\x96\xb2\xc3\xd3"
"\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5"
"\x2d\x64\x75\xdd\xb4\x54\xe6\x74"
"\x8c\xd3\x9d\x9e\x86\xab\x51\x53"
"\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40"
"\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5"
"\x76\x12\x73\x44\x1a\x56\xd7\x72"
"\x88\xcd\x21\x8c\x4c\x0f\xfe\xda"
"\x95\xe0\x3a\xa6\xa5\x84\x46\xcd"
"\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60"
"\x1a\xe2\x70\x85\x58\xc2\x1b\x09"
"\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9"
"\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8"
"\x51\x71\xd9\x3c\x6c\xf1\x56\xf8"
"\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10"
"\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1"
"\x90\x3e\x76\x4a\x74\xa4\x21\x2c"
"\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e"
"\x41\x09\x6a\x33\x7d\xf6\xdd\x3f"
"\x8d\x23\x31\x74\x84\xeb\x88\x6e"
"\xcc\xb9\xbc\x22\x83\x19\x07\x22"
"\xa5\x2d\xdf\xa5\xf3\x80\x85\x78"
"\x84\x39\x6a\x6d\x6a\x99\x4f\xa5"
"\x15\xfe\x46\xb0\xe4\x6c\xa5\x41"
"\x3c\xce\x8f\x42\x60\x71\xa7\x75"
"\x08\x40\x65\x8a\x82\xbf\xf5\x43"
"\x71\x96\xa9\x4d\x44\x8a\x20\xbe"
"\xfa\x4d\xbb\xc0\x7d\x31\x96\x65"
"\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9"
"\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4"
"\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a"
"\x62\x73\x65\xfd\x46\x63\x25\x3d"
"\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf"
"\x24\xf3\xb4\xac\x64\xba\xdf\x4b"
"\xc6\x96\x7d\x81\x2d\x8d\x97\xf7"
"\xc5\x68\x77\x84\x32\x2b\xcc\x85"
"\x74\x96\xf0\x12\x77\x61\xb9\xeb"
"\x71\xaa\x82\xcb\x1c\xdb\x89\xc8"
"\xc6\xb5\xe3\x5c\x7d\x39\x07\x24"
"\xda\x39\x87\x45\xc0\x2b\xbb\x01"
"\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce"
"\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6"
"\xc5\x55\xa9\x66\x2f\xe1\xc8\x32"
"\xa6\x5d\xa4\x3a\x98\x73\xe8\x45"
"\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6"
"\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4"
"\x21\xc4\xc2\x75\x67\x89\x37\x0a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xe3\x5a\x38\x0f\x4d\x92\x3a\x74"
"\x15\xb1\x50\x8c\x9a\xd8\x99\x1d"
"\x82\xec\xf1\x5f\x03\x6d\x02\x58"
"\x90\x67\xfc\xdd\x8d\xe1\x38\x08"
"\x7b\xc9\x9b\x4b\x04\x09\x50\x15"
"\xce\xab\xda\x33\x30\x20\x12\xfa"
"\x83\xc4\xa6\x9a\x2e\x7d\x90\xd9"
"\xa6\xa6\x67\x43\xb4\xa7\xa8\x5c"
"\xbb\x6a\x49\x2b\x8b\xf8\xd0\x22"
"\xe5\x9e\xba\xe8\x8c\x67\xb8\x5b"
"\x60\xbc\xf5\xa4\x95\x4e\x66\xe5"
"\x6d\x8e\xa9\xf6\x65\x2e\x04\xf5"
"\xba\xb5\xdb\x88\xc2\xf6\x7a\x4b"
"\x89\x58\x7c\x9a\xae\x26\xe8\xb7"
"\xb7\x28\xcc\xd6\xcc\xa5\x98\x4d"
"\xb9\x91\xcb\xb4\xe4\x8b\x96\x47"
"\x5f\x03\x8b\xdd\x94\xd1\xee\x12"
"\xa7\x83\x80\xf2\xc1\x15\x74\x4f"
"\x49\xf9\xb0\x7e\x6f\xdc\x73\x2f"
"\xe2\xcf\xe0\x1b\x34\xa5\xa0\x52"
"\xfb\x3c\x5d\x85\x91\xe6\x6d\x98"
"\x04\xd6\xdd\x4c\x00\x64\xd9\x54"
"\x5c\x3c\x08\x1d\x4c\x06\x9f\xb8"
"\x1c\x4d\x8d\xdc\xa4\x3c\xb9\x3b"
"\x9e\x85\xce\xc3\xa8\x4a\x0c\xd9"
"\x04\xc3\x6f\x17\x66\xa9\x1f\x59"
"\xd9\xe2\x19\x36\xa3\x88\xb8\x0b"
"\x0f\x4a\x4d\xf8\xc8\x6f\xd5\x43"
"\xeb\xa0\xab\x1f\x61\xc0\x06\xeb"
"\x93\xb7\xb8\x6f\x0d\xbd\x07\x49"
"\xb3\xac\x5d\xcf\x31\xa0\x27\x26"
"\x21\xbe\x94\x2e\x19\xea\xf4\xee"
"\xb5\x13\x89\xf7\x94\x0b\xef\x59"
"\x44\xc5\x78\x8b\x3c\x3b\x71\x20"
"\xf9\x35\x0c\x70\x74\xdc\x5b\xc2"
"\xb4\x11\x0e\x2c\x61\xa1\x52\x46"
"\x18\x11\x16\xc6\x86\x44\xa7\xaf"
"\xd5\x0c\x7d\xa6\x9e\x25\x2d\x1b"
"\x9a\x8f\x0f\xf8\x6a\x61\xa0\xea"
"\x3f\x0e\x90\xd6\x8f\x83\x30\x64"
"\xb5\x51\x2d\x08\x3c\xcd\x99\x36"
"\x96\xd4\xb1\xb5\x48\x30\xca\x48"
"\xf7\x11\xa8\xf5\x97\x8a\x6a\x6d"
"\x12\x33\x2f\xc0\xe8\xda\xec\x8a"
"\xe1\x88\x72\x63\xde\x20\xa3\xe1"
"\x8e\xac\x84\x37\x35\xf5\xf7\x3f"
"\x00\x02\x0e\xe4\xc1\x53\x68\x3f"
"\xaa\xd5\xac\x52\x3d\x20\x2f\x4d"
"\x7c\x83\xd0\xbd\xaa\x97\x35\x36"
"\x98\x88\x59\x5d\xe7\x24\xe3\x90"
"\x9d\x30\x47\xa7\xc3\x60\x35\xf4"
"\xd5\xdb\x0e\x4d\x44\xc1\x81\x8b"
"\xfd\xbd\xc3\x2b\xba\x68\xfe\x8d"
"\x49\x5a\x3c\x8a\xa3\x01\xae\x25"
"\x42\xab\xd2\x87\x1b\x35\xd6\xd2"
"\xd7\x70\x1c\x1f\x72\xd1\xe1\x39"
"\x1c\x58\xa2\xb4\xd0\x78\x55\x72"
"\x76\x59\xea\xd9\xd7\x6e\x63\x8b"
"\xcc\x9b\xa7\x74\x89\xfc\xa3\x68"
"\x86\x28\xd1\xbb\x54\x8d\x66\xad"
"\x2a\x92\xf9\x4e\x04\x3d\xae\xfd"
"\x1b\x2b\x7f\xc3\x2f\x1a\x78\x0a"
"\x5c\xc6\x84\xfe\x7c\xcb\x26\xfd"
"\xd9\x51\x0f\xd7\x94\x2f\xc5\xa7",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec serpent_xts_tv_template[] = {
/* Generated from AES-XTS test vectors */
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
{
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xe1\x08\xb8\x1d\x2c\xf5\x33\x64"
"\xc8\x12\x04\xc7\xb3\x70\xe8\xc4"
"\x6a\x31\xc5\xf3\x00\xca\xb9\x16"
"\xde\xe2\x77\x66\xf7\xfe\x62\x08",
.len = 32,
}, {
.key = "\x11\x11\x11\x11\x11\x11\x11\x11"
"\x11\x11\x11\x11\x11\x11\x11\x11"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x1a\x0a\x09\x5f\xcd\x07\x07\x98"
"\x41\x86\x12\xaf\xb3\xd7\x68\x13"
"\xed\x81\xcd\x06\x87\x43\x1a\xbb"
"\x13\x3d\xd6\x1e\x2b\xe1\x77\xbe",
.len = 32,
}, {
.key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
"\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xf9\x9b\x28\xb8\x5c\xaf\x8c\x61"
"\xb6\x1c\x81\x8f\x2c\x87\x60\x89"
"\x0d\x8d\x7a\xe8\x60\x48\xcc\x86"
"\xc1\x68\x45\xaa\x00\xe9\x24\xc5",
.len = 32,
}, {
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xfe\x47\x4a\xc8\x60\x7e\xb4\x8b"
"\x0d\x10\xf4\xb0\x0d\xba\xf8\x53"
"\x65\x6e\x38\x4b\xdb\xaa\xb1\x9e"
"\x28\xca\xb0\x22\xb3\x85\x75\xf4"
"\x00\x5c\x75\x14\x06\xd6\x25\x82"
"\xe6\xcb\x08\xf7\x29\x90\x23\x8e"
"\xa4\x68\x57\xe4\xf0\xd8\x32\xf3"
"\x80\x51\x67\xb5\x0b\x85\x69\xe8"
"\x19\xfe\xc4\xc7\x3e\xea\x90\xd3"
"\x8f\xa3\xf2\x0a\xac\x17\x4b\xa0"
"\x63\x5a\x16\x0f\xf0\xce\x66\x1f"
"\x2c\x21\x07\xf1\xa4\x03\xa3\x44"
"\x41\x61\x87\x5d\x6b\xb3\xef\xd4"
"\xfc\xaa\x32\x7e\x55\x58\x04\x41"
"\xc9\x07\x33\xc6\xa2\x68\xd6\x5a"
"\x55\x79\x4b\x6f\xcf\x89\xb9\x19"
"\xe5\x54\x13\x15\xb2\x1a\xfa\x15"
"\xc2\xf0\x06\x59\xfa\xa0\x25\x05"
"\x58\xfa\x43\x91\x16\x85\x40\xbb"
"\x0d\x34\x4d\xc5\x1e\x20\xd5\x08"
"\xcd\x22\x22\x41\x11\x9f\x6c\x7c"
"\x8d\x57\xc9\xba\x57\xe8\x2c\xf7"
"\xa0\x42\xa8\xde\xfc\xa3\xca\x98"
"\x4b\x43\xb1\xce\x4b\xbf\x01\x67"
"\x6e\x29\x60\xbd\x10\x14\x84\x82"
"\x83\x82\x0c\x63\x73\x92\x02\x7c"
"\x55\x37\x20\x80\x17\x51\xc8\xbc"
"\x46\x02\xcb\x38\x07\x6d\xe2\x85"
"\xaa\x29\xaf\x24\x58\x0d\xf0\x75"
"\x08\x0a\xa5\x34\x25\x16\xf3\x74"
"\xa7\x0b\x97\xbe\xc1\xa9\xdc\x29"
"\x1a\x0a\x56\xc1\x1a\x91\x97\x8c"
"\x0b\xc7\x16\xed\x5a\x22\xa6\x2e"
"\x8c\x2b\x4f\x54\x76\x47\x53\x8e"
"\xe8\x00\xec\x92\xb9\x55\xe6\xa2"
"\xf3\xe2\x4f\x6a\x66\x60\xd0\x87"
"\xe6\xd1\xcc\xe3\x6a\xc5\x2d\x21"
"\xcc\x9d\x6a\xb6\x75\xaa\xe2\x19"
"\x21\x9f\xa1\x5e\x4c\xfd\x72\xf9"
"\x94\x4e\x63\xc7\xae\xfc\xed\x47"
"\xe2\xfe\x7a\x63\x77\xfe\x97\x82"
"\xb1\x10\x6e\x36\x1d\xe1\xc4\x80"
"\xec\x69\x41\xec\xa7\x8a\xe0\x2f"
"\xe3\x49\x26\xa2\x41\xb2\x08\x0f"
"\x28\xb4\xa7\x39\xa1\x99\x2d\x1e"
"\x43\x42\x35\xd0\xcf\xec\x77\x67"
"\xb2\x3b\x9e\x1c\x35\xde\x4f\x5e"
"\x73\x3f\x5d\x6f\x07\x4b\x2e\x50"
"\xab\x6c\x6b\xff\xea\x00\x67\xaa"
"\x0e\x82\x32\xdd\x3d\xb5\xe5\x76"
"\x2b\x77\x3f\xbe\x12\x75\xfb\x92"
"\xc6\x89\x67\x4d\xca\xf7\xd4\x50"
"\xc0\x74\x47\xcc\xd9\x0a\xd4\xc6"
"\x3b\x17\x2e\xe3\x35\xbb\x53\xb5"
"\x86\xad\x51\xcc\xd5\x96\xb8\xdc"
"\x03\x57\xe6\x98\x52\x2f\x61\x62"
"\xc4\x5c\x9c\x36\x71\x07\xfb\x94"
"\xe3\x02\xc4\x2b\x08\x75\xc7\x35"
"\xfb\x2e\x88\x7b\xbb\x67\x00\xe1"
"\xc9\xdd\x99\xb2\x13\x53\x1a\x4e"
"\x76\x87\x19\x04\x1a\x2f\x38\x3e"
"\xef\x91\x64\x1d\x18\x07\x4e\x31"
"\x88\x21\x7c\xb0\xa5\x12\x4c\x3c"
"\xb0\x20\xbd\xda\xdf\xf9\x7c\xdd",
.len = 512,
}, {
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x62\x49\x77\x57\x24\x70\x93\x69"
"\x99\x59\x57\x49\x66\x96\x76\x27"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95"
"\x02\x88\x41\x97\x16\x93\x99\x37"
"\x51\x05\x82\x09\x74\x94\x45\x92",
.klen = 64,
.iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x2b\xc9\xb4\x6b\x10\x94\xa9\x32"
"\xaa\xb0\x20\xc6\x44\x3d\x74\x1f"
"\x75\x01\xa7\xf6\xf5\xf7\x62\x1b"
"\x80\x1b\x82\xcb\x01\x59\x91\x7f"
"\x80\x3a\x98\xf0\xd2\xca\xc4\xc3"
"\x34\xfd\xe6\x11\xf9\x33\x45\x12"
"\x48\xc5\x8c\x25\xf1\xc5\xc5\x23"
"\xd3\x44\xb4\x73\xd5\x04\xc0\xb7"
"\xca\x2f\xf5\xcd\xc5\xb4\xdd\xb0"
"\xf4\x60\xe8\xfb\xc6\x9c\xc5\x78"
"\xcd\xec\x7d\xdc\x19\x9c\x72\x64"
"\x63\x0b\x38\x2e\x76\xdd\x2d\x36"
"\x49\xb0\x1d\xea\x78\x9e\x00\xca"
"\x20\xcc\x1b\x1e\x98\x74\xab\xed"
"\x79\xf7\xd0\x6c\xd8\x93\x80\x29"
"\xac\xa5\x5e\x34\xa9\xab\xa0\x55"
"\x9a\xea\xaa\x95\x4d\x7b\xfe\x46"
"\x26\x8a\xfd\x88\xa2\xa8\xa6\xae"
"\x25\x42\x17\xbf\x76\x8f\x1c\x3d"
"\xec\x9a\xda\x64\x96\xb5\x61\xff"
"\x99\xeb\x12\x96\x85\x82\x9d\xd5"
"\x81\x85\x14\xa8\x59\xac\x8c\x94"
"\xbb\x3b\x85\x2b\xdf\xb3\x0c\xba"
"\x82\xc6\x4d\xca\x86\xea\x53\x28"
"\x4c\xe0\x4e\x31\xe3\x73\x2f\x79"
"\x9d\x42\xe1\x03\xe3\x8b\xc4\xff"
"\x05\xca\x81\x7b\xda\xa2\xde\x63"
"\x3a\x10\xbe\xc2\xac\x32\xc4\x05"
"\x47\x7e\xef\x67\xe2\x5f\x5b\xae"
"\xed\xf1\x70\x34\x16\x9a\x07\x7b"
"\xf2\x25\x2b\xb0\xf8\x3c\x15\x9a"
"\xa6\x59\x55\x5f\xc1\xf4\x1e\xcd"
"\x93\x1f\x06\xba\xd4\x9a\x22\x69"
"\xfa\x8e\x95\x0d\xf3\x23\x59\x2c"
"\xfe\x00\xba\xf0\x0e\xbc\x6d\xd6"
"\x62\xf0\x7a\x0e\x83\x3e\xdb\x32"
"\xfd\x43\x7d\xda\x42\x51\x87\x43"
"\x9d\xf9\xef\xf4\x30\x97\xf8\x09"
"\x88\xfc\x3f\x93\x70\xc1\x4a\xec"
"\x27\x5f\x11\xac\x71\xc7\x48\x46"
"\x2f\xf9\xdf\x8d\x9f\xf7\x2e\x56"
"\x0d\x4e\xb0\x32\x76\xce\x86\x81"
"\xcd\xdf\xe4\x00\xbf\xfd\x5f\x24"
"\xaf\xf7\x9a\xde\xff\x18\xac\x14"
"\x90\xc5\x01\x39\x34\x0f\x24\xf3"
"\x13\x2f\x5e\x4f\x30\x9a\x36\x40"
"\xec\xea\xbc\xcd\x9e\x0e\x5b\x23"
"\x50\x88\x97\x40\x69\xb1\x37\xf5"
"\xc3\x15\xf9\x3f\xb7\x79\x64\xe8"
"\x7b\x10\x20\xb9\x2b\x46\x83\x5b"
"\xd8\x39\xfc\xe4\xfa\x88\x52\xf2"
"\x72\xb0\x97\x4e\x89\xb3\x48\x00"
"\xc1\x16\x73\x50\x77\xba\xa6\x65"
"\x20\x2d\xb0\x02\x27\x89\xda\x99"
"\x45\xfb\xe9\xd3\x1d\x39\x2f\xd6"
"\x2a\xda\x09\x12\x11\xaf\xe6\x57"
"\x01\x04\x8a\xff\x86\x8b\xac\xf8"
"\xee\xe4\x1c\x98\x5b\xcf\x6b\x76"
"\xa3\x0e\x33\x74\x40\x18\x39\x72"
"\x66\x50\x31\xfd\x70\xdf\xe8\x51"
"\x96\x21\x36\xb2\x9b\xfa\x85\xd1"
"\x30\x05\xc8\x92\x98\x80\xff\x7a"
"\xaf\x43\x0b\xc5\x20\x41\x92\x20"
"\xd4\xa0\x91\x98\x11\x5f\x4d\xb1",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* SM4 test vector taken from the draft RFC
* https://tools.ietf.org/html/draft-crypto-sm4-00#ref-GBT.32907-2016
*/
static const struct cipher_testvec sm4_tv_template[] = {
{ /* SM4 Appendix A: Example Calculations. Example 1. */
.key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
"\xFE\xDC\xBA\x98\x76\x54\x32\x10",
.klen = 16,
.ptext = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
"\xFE\xDC\xBA\x98\x76\x54\x32\x10",
.ctext = "\x68\x1E\xDF\x34\xD2\x06\x96\x5E"
"\x86\xB3\xE9\x4F\x53\x6E\x42\x46",
.len = 16,
}, { /*
* SM4 Appendix A: Example Calculations.
* Last 10 iterations of Example 2.
*/
.key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
"\xFE\xDC\xBA\x98\x76\x54\x32\x10",
.klen = 16,
.ptext = "\x99\x4a\xc3\xe7\xc3\x57\x89\x6a"
"\x81\xfc\xa8\xe\x38\x3e\xef\x80"
"\xb1\x98\xf2\xde\x3f\x4b\xae\xd1"
"\xf0\xf1\x30\x4c\x1\x27\x5a\x8f"
"\x45\xe1\x39\xb7\xae\xff\x1f\x27"
"\xad\x57\x15\xab\x31\x5d\xc\xef"
"\x8c\xc8\x80\xbd\x11\x98\xf3\x7b"
"\xa2\xdd\x14\x20\xf9\xe8\xbb\x82"
"\xf7\x32\xca\x4b\xa8\xf7\xb3\x4d"
"\x27\xd1\xcd\xe6\xb6\x65\x5a\x23"
"\xc2\xf3\x54\x84\x53\xe3\xb9\x20"
"\xa5\x37\x0\xbe\xe7\x7b\x48\xfb"
"\x21\x3d\x9e\x48\x1d\x9e\xf5\xbf"
"\x77\xd5\xb4\x4a\x53\x71\x94\x7a"
"\x88\xa6\x6e\x6\x93\xca\x43\xa5"
"\xc4\xf6\xcd\x53\x4b\x7b\x8e\xfe"
"\xb4\x28\x7c\x42\x29\x32\x5d\x88"
"\xed\xce\x0\x19\xe\x16\x2\x6e"
"\x87\xff\x2c\xac\xe8\xe7\xe9\xbf"
"\x31\x51\xec\x47\xc3\x51\x83\xc1",
.ctext = "\xb1\x98\xf2\xde\x3f\x4b\xae\xd1"
"\xf0\xf1\x30\x4c\x1\x27\x5a\x8f"
"\x45\xe1\x39\xb7\xae\xff\x1f\x27"
"\xad\x57\x15\xab\x31\x5d\xc\xef"
"\x8c\xc8\x80\xbd\x11\x98\xf3\x7b"
"\xa2\xdd\x14\x20\xf9\xe8\xbb\x82"
"\xf7\x32\xca\x4b\xa8\xf7\xb3\x4d"
"\x27\xd1\xcd\xe6\xb6\x65\x5a\x23"
"\xc2\xf3\x54\x84\x53\xe3\xb9\x20"
"\xa5\x37\x0\xbe\xe7\x7b\x48\xfb"
"\x21\x3d\x9e\x48\x1d\x9e\xf5\xbf"
"\x77\xd5\xb4\x4a\x53\x71\x94\x7a"
"\x88\xa6\x6e\x6\x93\xca\x43\xa5"
"\xc4\xf6\xcd\x53\x4b\x7b\x8e\xfe"
"\xb4\x28\x7c\x42\x29\x32\x5d\x88"
"\xed\xce\x0\x19\xe\x16\x2\x6e"
"\x87\xff\x2c\xac\xe8\xe7\xe9\xbf"
"\x31\x51\xec\x47\xc3\x51\x83\xc1"
"\x59\x52\x98\xc7\xc6\xfd\x27\x1f"
"\x4\x2\xf8\x4\xc3\x3d\x3f\x66",
.len = 160
}
};
/* Cast6 test vectors from RFC 2612 */
static const struct cipher_testvec cast6_tv_template[] = {
{
.key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c"
"\x0a\xf7\x56\x47\xf2\x9f\x61\x5d",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = zeroed_string,
.ctext = "\xc8\x42\xa0\x89\x72\xb4\x3d\x20"
"\x83\x6c\x91\xd1\xb7\x53\x0f\x6b",
.len = 16,
}, {
.key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c"
"\xbe\xd0\xac\x83\x94\x0a\xc2\x98"
"\xba\xc7\x7a\x77\x17\x94\x28\x63",
.klen = 24,
.ptext = zeroed_string,
.ctext = "\x1b\x38\x6c\x02\x10\xdc\xad\xcb"
"\xdd\x0e\x41\xaa\x08\xa7\xa7\xe8",
.len = 16,
}, {
.key = "\x23\x42\xbb\x9e\xfa\x38\x54\x2c"
"\xbe\xd0\xac\x83\x94\x0a\xc2\x98"
"\x8d\x7c\x47\xce\x26\x49\x08\x46"
"\x1c\xc1\xb5\x13\x7a\xe6\xb6\x04",
.klen = 32,
.ptext = zeroed_string,
.ctext = "\x4f\x6a\x20\x38\x28\x68\x97\xb9"
"\xc9\x87\x01\x36\x55\x33\x17\xfa",
.len = 16,
}, { /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xC3\x70\x22\x32\xF5\x80\xCB\x54"
"\xFC\x30\xE0\xF6\xEB\x39\x57\xA6"
"\xB6\xB9\xC5\xA4\x91\x55\x14\x97"
"\xC1\x20\xFF\x6C\x5C\xF0\x67\xEA"
"\x2F\xED\xD8\xC9\xFB\x38\x3F\xFE"
"\x93\xBE\xDC\x00\xD3\x7F\xAD\x4C"
"\x5A\x08\x92\xD1\x47\x0C\xFA\x6C"
"\xD0\x6A\x99\x10\x72\xF8\x47\x62"
"\x81\x42\xF8\xD8\xF5\xBB\x94\x08"
"\xAA\x97\xA2\x8B\x69\xB3\xD2\x7E"
"\xBC\xB5\x00\x0C\xE5\x44\x4B\x58"
"\xE8\x63\xDC\xB3\xC4\xE5\x23\x12"
"\x5A\x72\x85\x47\x8B\xEC\x9F\x26"
"\x84\xB6\xED\x10\x33\x63\x9B\x5F"
"\x4D\x53\xEE\x94\x45\x8B\x60\x58"
"\x86\x20\xF9\x1E\x82\x08\x3E\x58"
"\x60\x1B\x34\x19\x02\xBE\x4E\x09"
"\xBB\x7C\x15\xCC\x60\x27\x55\x7A"
"\x12\xB8\xD8\x08\x89\x3C\xA6\xF3"
"\xF1\xDD\xA7\x07\xA3\x12\x85\x28"
"\xE9\x57\xAC\x80\x0C\x5C\x0F\x3A"
"\x5D\xC2\x91\xC7\x90\xE4\x8C\x43"
"\x92\xE4\x7C\x26\x69\x4D\x83\x68"
"\x14\x96\x42\x47\xBD\xA9\xE4\x8A"
"\x33\x19\xEB\x54\x8E\x0D\x4B\x6E"
"\x91\x51\xB5\x36\x08\xDE\x1C\x06"
"\x03\xBD\xDE\x81\x26\xF7\x99\xC2"
"\xBA\xF7\x6D\x87\x0D\xE4\xA6\xCF"
"\xC1\xF5\x27\x05\xB8\x02\x57\x72"
"\xE6\x42\x13\x0B\xC6\x47\x05\x74"
"\x24\x15\xF7\x0D\xC2\x23\x9D\xB9"
"\x3C\x77\x18\x93\xBA\xB4\xFC\x8C"
"\x98\x82\x67\x67\xB4\xD7\xD3\x43"
"\x23\x08\x02\xB7\x9B\x99\x05\xFB"
"\xD3\xB5\x00\x0A\xA9\x9D\x66\xD6"
"\x2E\x49\x58\xD0\xA8\x57\x29\x7F"
"\x0A\x0E\x7D\xFC\x92\x83\xCC\x67"
"\xA2\xB1\x70\x3A\x8F\x87\x4A\x8D"
"\x17\xE2\x58\x2B\x88\x0D\x68\x62"
"\xBF\x35\xD1\x6F\xC0\xF0\x18\x62"
"\xB2\xC7\x2D\x58\xC7\x16\xDE\x08"
"\xEB\x84\x1D\x25\xA7\x38\x94\x06"
"\x93\x9D\xF8\xFE\x88\x71\xE7\x84"
"\x2C\xA0\x38\xA3\x1D\x48\xCF\x29"
"\x0B\xBC\xD8\x50\x99\x1A\x26\xFB"
"\x8E\x75\x3D\x73\xEB\x6A\xED\x29"
"\xE0\x8E\xED\xFC\xFE\x6F\xF6\xBA"
"\x41\xE2\x10\x4C\x01\x8B\x69\x2B"
"\x25\x3F\x4D\x70\x7B\x92\xD6\x3B"
"\xAC\xF9\x77\x18\xD9\x6A\x30\xA6"
"\x2E\xFA\x30\xFF\xC8\xD5\x1D\x06"
"\x59\x28\x1D\x86\x43\x04\x5D\x3B"
"\x99\x4C\x04\x5A\x21\x17\x8B\x76"
"\x8F\x72\xCB\xA1\x9C\x29\x4C\xC3"
"\x65\xA2\x58\x2A\xC5\x66\x24\xBF"
"\xBA\xE6\x0C\xDD\x34\x24\x74\xC8"
"\x84\x0A\x66\x2C\xBE\x8F\x32\xA9"
"\xE7\xE4\xA1\xD7\xDA\xAB\x23\x1E"
"\xEB\xEE\x6C\x94\x6F\x9C\x2E\xD1"
"\x49\x2C\xF3\xD4\x90\xCC\x93\x4C"
"\x84\x52\x6D\x68\xDE\xC6\x64\xB2"
"\x11\x74\x93\x57\xB4\x7E\xC6\x00",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec cast6_cbc_tv_template[] = {
{ /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xDF\x77\x68\x96\xC7\xBA\xF8\xE2"
"\x0E\x24\x99\x1A\xAA\xF3\xC6\x9F"
"\xA0\x73\xB3\x70\xC3\x68\x64\x70"
"\xAD\x33\x02\xFB\x88\x74\xAA\x78"
"\xC7\x47\x1A\x18\x61\x2D\xAC\x9F"
"\x7E\x6F\xDF\x05\x13\x76\xA6\x72"
"\xB7\x13\x09\x0F\x7D\x38\xDF\x25"
"\x4E\xFD\x50\x45\xFA\x35\x6A\xC0"
"\x57\x95\xE1\x21\x26\x10\x9A\x21"
"\xA1\x8A\x51\x05\xD1\xB1\x78\x35"
"\x98\xF5\xAE\xC0\xC1\x8B\x94\xFF"
"\xD0\x69\x3F\x42\xC2\x01\xA7\x9B"
"\x23\x16\x47\x72\x81\x13\x3A\x72"
"\xEC\xD9\x40\x88\x00\x9C\xB0\xA8"
"\x9C\xAC\xCE\x11\x73\x7B\x63\x3E"
"\xA3\x63\x98\x7D\x35\xE4\xD9\x83"
"\xE2\xD0\x52\x87\x0C\x1F\xB0\xB3"
"\x41\x1A\x93\x8D\x76\x31\x9F\xF2"
"\xFE\x09\xA3\x8F\x22\x6A\x3B\xB9"
"\x6C\x9E\xE4\xA1\xA0\xC4\xE7\xA1"
"\x21\x9C\x1A\xCA\x65\xDE\x44\x03"
"\x99\xF2\xD2\x39\xE3\x3F\x0F\x37"
"\x53\x50\x23\xA4\x81\x6E\xDA\xFB"
"\xF8\x7B\x01\xD7\xB2\x32\x9C\xB8"
"\xB1\x0E\x99\x17\xB5\x38\xF9\xD7"
"\x86\x2D\x6E\x94\x5C\x99\x9D\xB3"
"\xD3\x63\x4B\x2A\x7D\x44\x6A\xB2"
"\xC1\x03\xE6\x5A\x37\xD8\x64\x18"
"\xAA\x32\xCE\x29\xED\xC0\xA2\xCB"
"\x8D\xAF\xCD\xBE\x8F\xB6\xEC\xB4"
"\x89\x05\x81\x6E\x71\x4F\xC3\x28"
"\x10\xC1\x62\xC4\x41\xE9\xD2\x39"
"\xF3\x22\x39\x12\x2C\xC2\x95\x2D"
"\xBF\x93\x58\x4B\x04\xD1\x8D\x57"
"\xAE\xEB\x60\x03\x56\x35\xAD\x5A"
"\xE9\xC3\xFF\x4E\x31\xE1\x37\xF8"
"\x7D\xEE\x65\x8A\xB6\x88\x1A\x3E"
"\x07\x09\x82\xBA\xF0\x80\x8A\xD0"
"\xA0\x3F\x6A\xE9\x24\x87\x19\x65"
"\x73\x3F\x12\x91\x47\x54\xBA\x39"
"\x30\x5B\x1E\xE5\xC2\xF9\x3F\xEF"
"\xD6\x75\xF9\xB8\x7C\x8B\x05\x76"
"\xEE\xB7\x08\x25\x4B\xB6\x7B\x47"
"\x72\xC0\x4C\xD4\xDA\xE0\x75\xF1"
"\x7C\xE8\x94\x9E\x16\x6E\xB8\x12"
"\xA1\xC1\x6E\x3B\x1C\x59\x41\x2D"
"\x23\xFA\x7D\x77\xB8\x46\x75\xFE"
"\x4F\x10\xD3\x09\x60\xA1\x36\x96"
"\x5B\xC2\xDC\x6E\x84\x7D\x9B\x14"
"\x80\x21\x83\x58\x3C\x76\xFD\x28"
"\x1D\xF9\x93\x13\xD7\x0E\x62\x14"
"\x5A\xC5\x4E\x08\xA5\x56\xA4\x3C"
"\x68\x93\x44\x70\xDF\xCF\x4A\x51"
"\x0B\x81\x29\x41\xE5\x62\x4D\x36"
"\xB3\xEA\x94\xA6\xB9\xDD\x3F\x09"
"\x62\x34\xA0\x6A\x7E\x7D\xF5\xF6"
"\x01\x91\xB4\x27\xDA\x59\xD6\x17"
"\x56\x4D\x82\x62\x37\xA3\x48\x01"
"\x99\x91\x77\xB2\x08\x6B\x2C\x37"
"\xC5\x5C\xAD\xB6\x07\xB6\x84\xF3"
"\x4D\x59\x7D\xC5\x28\x69\xFA\x92"
"\x22\x46\x89\x2D\x0F\x2B\x08\x24",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec cast6_ctr_tv_template[] = {
{ /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x3A",
.ctext = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3"
"\x53\x9A\x5E\x1B\x2A\x1A\xC6\x0A"
"\x57",
.len = 17,
}, { /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x26\x0A\xF1\xE2\x3F\x8A\xEF\xA3"
"\x53\x9A\x5E\x1B\x2A\x1A\xC6\x0A"
"\x57\xA3\xEF\x47\x2A\xE8\x88\xA7"
"\x3C\xD0\xEC\xB9\x94\x50\x7D\x56"
"\xBC\xE1\xC1\xF5\xE1\xEE\x12\xF8"
"\x4F\x03\x82\x3A\x93\x6B\x4C\xD3"
"\xE3\xF3\xFA\xC2\x23\x55\x98\x20"
"\x49\x76\x9B\x6B\xC1\x23\xBF\xE5"
"\xD4\xC4\x2F\x61\xE1\x67\x2A\x30"
"\x6F\x29\xCA\x54\xF8\x1B\xA6\x7D"
"\x66\x45\xEE\xC8\x19\xBE\x50\xF0"
"\x5F\x65\xF8\x1E\x4D\x07\x87\xD9"
"\xD3\xD9\x1B\x09\x89\xFD\x42\xC5"
"\xDB\xEB\x86\xF1\x67\x04\x0F\x5C"
"\x81\xDF\x82\x12\xC7\x4C\x1B\x07"
"\xDE\xE6\xFA\x29\x86\xD1\xB0\xBA"
"\x3D\x6A\x69\x76\xEC\x0F\xB4\xE6"
"\xCD\xA7\xF8\xA8\xB8\xE0\x33\xF5"
"\x49\x61\x22\x52\x64\x8C\x46\x41"
"\x1F\x48\x5F\x4F\xA2\x89\x36\x17"
"\x20\xF8\x2F\x8F\x4B\xFA\xF2\xC0"
"\x1E\x18\xA2\xF8\xB7\x6D\x98\xE3"
"\x00\x14\x15\x59\xC1\x30\x64\xAF"
"\xA8\x01\x38\xAB\xD4\x8B\xEC\x7C"
"\x44\x9A\xC6\x2C\x2E\x2B\x2B\xF4"
"\x02\x37\xC4\x69\xEF\x36\xC1\xF3"
"\xA0\xFB\xFE\x29\xAD\x39\xCF\xD0"
"\x51\x73\xA3\x22\x42\x41\xAB\xD2"
"\x0F\x50\x14\xB9\x54\xD3\xD4\xFA"
"\xBF\xC9\xBB\xCE\xC4\x1D\x2D\xAF"
"\xC9\x3F\x07\x87\x42\x4B\x3A\x54"
"\x34\x8E\x37\xA3\x03\x6F\x65\x66"
"\xDB\x44\xC3\xE8\xD7\xDD\x7D\xDD"
"\x61\xB4\x2B\x80\xA3\x98\x13\xF5"
"\x5A\xD3\x34\x58\xC3\x6E\xF6\xB8"
"\x0A\xC6\x50\x01\x8E\xD5\x6C\x7D"
"\xFE\x16\xB6\xCF\xFC\x51\x40\xAE"
"\xB3\x15\xAC\x90\x6F\x0B\x28\x3A"
"\x60\x40\x38\x90\x20\x46\xC7\xB3"
"\x0B\x12\x6D\x3B\x15\x14\xF9\xF4"
"\x11\x41\x76\x6B\xB3\x60\x82\x3C"
"\x84\xFB\x08\x2E\x92\x25\xCB\x79"
"\x6F\x58\xC5\x94\x00\x00\x47\xB6"
"\x9E\xDC\x0F\x29\x70\x46\x20\x76"
"\x65\x75\x66\x5C\x00\x96\xB3\xE1"
"\x0B\xA7\x11\x8B\x2E\x61\x4E\x45"
"\x73\xFC\x91\xAB\x79\x41\x23\x14"
"\x13\xB6\x72\x6C\x46\xB3\x03\x11"
"\xE4\xF1\xEE\xC9\x7A\xCF\x96\x32"
"\xB6\xF0\x8B\x97\xB4\xCF\x82\xB7"
"\x15\x48\x44\x99\x09\xF6\xE0\xD7"
"\xBC\xF1\x5B\x91\x4F\x30\x22\xA2"
"\x45\xC4\x68\x55\xC2\xBE\xA7\xD2"
"\x12\x53\x35\x9C\xF9\xE7\x35\x5D"
"\x81\xE4\x86\x42\xC3\x58\xFB\xF0"
"\x38\x9B\x8E\x5A\xEF\x83\x33\x0F"
"\x00\x4E\x3F\x9F\xF5\x84\x62\xC4"
"\x19\x35\x88\x22\x45\x59\x0E\x8F"
"\xEC\x27\xDD\x4A\xA4\x1F\xBC\x41"
"\x9B\x66\x8D\x32\xBA\x81\x34\x87"
"\x0E\x74\x33\x30\x62\xB9\x89\xDF"
"\xF9\xC5\xDD\x27\xB3\x39\xCB\xCB",
.len = 496,
.also_non_np = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec cast6_lrw_tv_template[] = {
{ /* Generated from TF test vectors */
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac"
"\x70\x5d\xf6\x22\x94\xcd\xe5\x6c"
"\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8"
"\x50\x38\x1f\x71\x49\xb6\x57\xd6"
"\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90"
"\xfe\x2a\x62\x82\xae\x6d\x8b\xf6"
"\xad\x1e\x9e\x20\x5f\x38\xbe\x04"
"\xda\x10\x8e\xed\xa2\xa4\x87\xab"
"\xda\x6b\xb4\x0c\x75\xba\xd3\x7c"
"\xc9\xac\x42\x31\x95\x7c\xc9\x04"
"\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6"
"\x15\xd7\x3f\x4f\x2f\x66\x69\x03"
"\x9c\x1f\x54\x0f\xde\x1f\xf3\x65"
"\x4c\x96\x12\xed\x7c\x92\x03\x01"
"\x6f\xbc\x35\x93\xac\xf1\x27\xf1"
"\xb4\x96\x82\x5a\x5f\xb0\xa0\x50"
"\x89\xa4\x8e\x66\x44\x85\xcc\xfd"
"\x33\x14\x70\xe3\x96\xb2\xc3\xd3"
"\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5"
"\x2d\x64\x75\xdd\xb4\x54\xe6\x74"
"\x8c\xd3\x9d\x9e\x86\xab\x51\x53"
"\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40"
"\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5"
"\x76\x12\x73\x44\x1a\x56\xd7\x72"
"\x88\xcd\x21\x8c\x4c\x0f\xfe\xda"
"\x95\xe0\x3a\xa6\xa5\x84\x46\xcd"
"\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60"
"\x1a\xe2\x70\x85\x58\xc2\x1b\x09"
"\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9"
"\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8"
"\x51\x71\xd9\x3c\x6c\xf1\x56\xf8"
"\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10"
"\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1"
"\x90\x3e\x76\x4a\x74\xa4\x21\x2c"
"\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e"
"\x41\x09\x6a\x33\x7d\xf6\xdd\x3f"
"\x8d\x23\x31\x74\x84\xeb\x88\x6e"
"\xcc\xb9\xbc\x22\x83\x19\x07\x22"
"\xa5\x2d\xdf\xa5\xf3\x80\x85\x78"
"\x84\x39\x6a\x6d\x6a\x99\x4f\xa5"
"\x15\xfe\x46\xb0\xe4\x6c\xa5\x41"
"\x3c\xce\x8f\x42\x60\x71\xa7\x75"
"\x08\x40\x65\x8a\x82\xbf\xf5\x43"
"\x71\x96\xa9\x4d\x44\x8a\x20\xbe"
"\xfa\x4d\xbb\xc0\x7d\x31\x96\x65"
"\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9"
"\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4"
"\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a"
"\x62\x73\x65\xfd\x46\x63\x25\x3d"
"\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf"
"\x24\xf3\xb4\xac\x64\xba\xdf\x4b"
"\xc6\x96\x7d\x81\x2d\x8d\x97\xf7"
"\xc5\x68\x77\x84\x32\x2b\xcc\x85"
"\x74\x96\xf0\x12\x77\x61\xb9\xeb"
"\x71\xaa\x82\xcb\x1c\xdb\x89\xc8"
"\xc6\xb5\xe3\x5c\x7d\x39\x07\x24"
"\xda\x39\x87\x45\xc0\x2b\xbb\x01"
"\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce"
"\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6"
"\xc5\x55\xa9\x66\x2f\xe1\xc8\x32"
"\xa6\x5d\xa4\x3a\x98\x73\xe8\x45"
"\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6"
"\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4"
"\x21\xc4\xc2\x75\x67\x89\x37\x0a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x55\x25\x09\x8B\xB5\xD5\xF8\xBF"
"\x37\x4A\xFE\x3C\x47\xD8\xE6\xEB"
"\xCA\xA4\x9B\xB0\xAB\x6D\x64\xCA"
"\x58\xB6\x73\xF0\xD7\x52\x34\xEF"
"\xFB\x3E\x96\x81\xB7\x71\x34\xA4"
"\x55\x20\xBE\x39\x5A\x2B\xF9\xD1"
"\x65\x0B\xDA\xD3\x7E\xB3\xA6\xF7"
"\x2E\x0B\x5A\x52\xDB\x39\x8C\x9B"
"\x61\x17\x5F\xAF\xB6\x5A\xC8\x08"
"\xA7\xB7\x2A\x11\x7C\x97\x38\x9D"
"\x59\x0E\x66\x59\x5E\xD8\x8B\xCE"
"\x70\xE0\xC3\x42\xB0\x8C\x0F\xBA"
"\xB2\x0D\x81\xB6\xBE\x61\x1C\x2D"
"\x7E\xEA\x91\x25\xAC\xEC\xF8\x28"
"\x80\x1D\xF0\x30\xBA\x62\x77\x7D"
"\xDB\x15\x69\xDF\xFA\x2A\x81\x64"
"\x95\x5B\xA4\x7F\x3E\x4F\xE3\x30"
"\xB0\x5C\xC2\x05\xF8\xF0\x29\xE7"
"\x0A\xA0\x66\xB2\x5D\x0F\x39\x2B"
"\xB4\xB3\x00\xA9\xD0\xAB\x63\x61"
"\x5E\xDB\xFC\x11\x74\x25\x96\x65"
"\xE8\xE2\x34\x57\x77\x15\x5E\x70"
"\xFF\x10\x90\xC3\x64\xF0\x11\x0A"
"\x63\x3A\xD3\x55\x92\x15\x4B\x0C"
"\xC7\x08\x89\x17\x3B\x99\xAD\x63"
"\xE7\x06\xDF\x52\xBC\x15\x64\x45"
"\x9D\x7A\xFB\x69\xBC\x2D\x6E\xA9"
"\x35\xD9\xD8\xF5\x0C\xC4\xA2\x23"
"\x9C\x18\x8B\xA8\x8C\xFE\xF8\x0E"
"\xBD\xAB\x60\x1A\x51\x17\x54\x27"
"\xB6\xE8\xBE\x0F\xA9\xA5\x82\x19"
"\x2F\x6F\x20\xA7\x47\xED\x74\x6C"
"\x4E\xC1\xF8\x8C\x14\xF3\xBB\x1F"
"\xED\x4D\x8F\x7C\x37\xEF\x19\xA1"
"\x07\x16\xDE\x76\xCC\x5E\x94\x02"
"\xFB\xBF\xE4\x81\x50\xCE\xFC\x0F"
"\x9E\xCF\x3D\xF6\x67\x00\xBF\xA7"
"\x6E\x21\x58\x36\x06\xDE\xB3\xD4"
"\xA2\xFA\xD8\x4E\xE0\xB9\x7F\x23"
"\x51\x21\x2B\x32\x68\xAA\xF8\xA8"
"\x93\x08\xB5\x6D\xE6\x43\x2C\xB7"
"\x31\xB2\x0F\xD0\xA2\x51\xC0\x25"
"\x30\xC7\x10\x3F\x97\x27\x01\x8E"
"\xFA\xD8\x4F\x78\xD8\x2E\x1D\xEB"
"\xA1\x37\x52\x0F\x7B\x5E\x87\xA8"
"\x22\xE2\xE6\x92\xA7\x5F\x11\x32"
"\xCC\x93\x34\xFC\xD1\x7E\xAE\x54"
"\xBC\x6A\x1B\x91\xD1\x2E\x21\xEC"
"\x5D\xF1\xC4\xF1\x55\x20\xBF\xE5"
"\x96\x3D\x69\x91\x20\x4E\xF2\x61"
"\xDA\x77\xFE\xEE\xC3\x74\x57\x2A"
"\x78\x39\xB0\xE0\xCF\x12\x56\xD6"
"\x05\xDC\xF9\x19\x66\x44\x1D\xF9"
"\x82\x37\xD4\xC2\x60\xB6\x31\xDF"
"\x0C\xAF\xBC\x8B\x55\x9A\xC8\x2D"
"\xAB\xA7\x88\x7B\x41\xE8\x29\xC9"
"\x9B\x8D\xA7\x00\x86\x25\xB6\x14"
"\xF5\x13\x73\xD7\x4B\x6B\x83\xF3"
"\xAF\x96\x00\xE4\xB7\x3C\x65\xA6"
"\x15\xB7\x94\x7D\x4E\x70\x4C\x75"
"\xF3\xB4\x02\xA9\x17\x1C\x7A\x0A"
"\xC0\xD5\x33\x11\x56\xDE\xDC\xF5"
"\x8D\xD9\xCD\x3B\x22\x67\x18\xC7"
"\xC4\xF5\x99\x61\xBC\xBB\x5B\x46",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec cast6_xts_tv_template[] = {
{ /* Generated from TF test vectors */
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x62\x49\x77\x57\x24\x70\x93\x69"
"\x99\x59\x57\x49\x66\x96\x76\x27"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95"
"\x02\x88\x41\x97\x16\x93\x99\x37"
"\x51\x05\x82\x09\x74\x94\x45\x92",
.klen = 64,
.iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xDE\x6F\x22\xA5\xE8\x39\xE8\x78"
"\x88\x5A\x4F\x8D\x82\x76\x52\x6D"
"\xB2\x41\x16\xF4\x2B\xA6\xEB\xF6"
"\xE2\xC5\x62\x8D\x61\xA1\x01\xED"
"\xD9\x38\x01\xC1\x43\x63\x4E\x88"
"\xC9\x4B\x5A\x88\x80\xB7\x5C\x71"
"\x47\xEE\x11\xD8\xB7\x2D\x5D\x13"
"\x1A\xB1\x68\x5B\x61\xA7\xA9\x81"
"\x8B\x83\xA1\x6A\xAA\x36\xD6\xB6"
"\x60\x54\x09\x32\xFE\x6A\x76\x2E"
"\x28\xFF\xD5\xD6\xDD\x1D\x45\x7D"
"\xF0\x8B\xF3\x32\x4E\x6C\x12\xCB"
"\xB8\x25\x70\xF8\x40\xBC\x90\x1B"
"\x11\xC3\x59\xAF\xF0\x2F\x92\xDD"
"\xD3\x3B\xCF\x60\xA1\x78\x94\x57"
"\xAF\x76\xC1\x67\xA6\x3C\xCD\x98"
"\xB1\xF7\x27\xB9\xA3\xBD\x10\xEA"
"\xCD\x8B\xC2\xF2\x14\xF2\xB2\x67"
"\x05\xDD\x1D\x58\x6E\x2F\x95\x08"
"\x3A\xF8\x78\x76\x82\x56\xA7\xEC"
"\x51\x4B\x85\x77\xC2\x4C\x4A\x34"
"\x71\x38\x17\x91\x44\xE8\xFC\x65"
"\x99\x0D\x52\x91\xEE\xF8\xEF\x27"
"\x2A\x9E\x6E\x78\xC4\x26\x87\xF4"
"\x8A\xF0\x2D\x04\xE8\x14\x92\x5D"
"\x59\x22\x9B\x29\x5C\x18\xF0\xC3"
"\x47\xF3\x76\xD8\xE4\xF3\x1B\xD1"
"\x70\xA3\x0D\xB5\x70\x02\x1D\xA3"
"\x91\x3B\x49\x73\x18\xAB\xD4\xC9"
"\xC3\x1E\xEF\x1F\xFE\xD5\x59\x8A"
"\xD7\xF6\xC9\x71\x67\x79\xD7\x0E"
"\xBE\x1F\x8E\xEC\x55\x7E\x4F\x24"
"\xE6\x87\xEA\xFE\x96\x25\x67\x8E"
"\x93\x03\xFA\xFF\xCE\xAF\xB2\x3C"
"\x6F\xEB\x57\xFB\xD3\x28\x87\xA9"
"\xCE\xC2\xF5\x9C\xC6\x67\xB5\x97"
"\x49\xF7\x04\xCB\xEF\x84\x98\x33"
"\xAF\x38\xD3\x04\x1C\x24\x71\x38"
"\xC7\x71\xDD\x43\x0D\x12\x4A\x18"
"\xBA\xC4\xAF\xBA\xB2\x5B\xEB\x95"
"\x02\x43\x5D\xCE\x19\xCC\xCD\x66"
"\x91\x0B\x8C\x7F\x51\xC4\xBF\x3C"
"\x8B\xF1\xCC\xAA\x29\xD7\x87\xCB"
"\x3E\xC5\xF3\xC9\x75\xE8\xA3\x5B"
"\x30\x45\xA9\xB7\xAF\x80\x64\x6F"
"\x75\x4A\xA7\xC0\x6D\x19\x6B\xDE"
"\x17\xDE\x6D\xEA\x87\x9F\x95\xAE"
"\xF5\x3C\xEE\x54\xB8\x27\x84\xF8"
"\x97\xA3\xE1\x6F\x38\x24\x34\x88"
"\xCE\xBD\x32\x52\xE0\x00\x6C\x94"
"\xC9\xD7\x5D\x37\x81\x33\x2E\x7F"
"\x4F\x7E\x2E\x0D\x94\xBD\xEA\x59"
"\x34\x39\xA8\x35\x12\xB7\xBC\xAC"
"\xEA\x52\x9C\x78\x02\x6D\x92\x36"
"\xFB\x59\x2B\xA4\xEA\x7B\x1B\x83"
"\xE1\x4D\x5E\x2A\x7E\x92\xB1\x64"
"\xDE\xE0\x27\x4B\x0A\x6F\x4C\xE3"
"\xB0\xEB\x31\xE4\x69\x95\xAB\x35"
"\x8B\x2C\xF5\x6B\x7F\xF1\xA2\x82"
"\xF8\xD9\x47\x82\xA9\x82\x03\x91"
"\x69\x1F\xBE\x4C\xE7\xC7\x34\x2F"
"\x45\x72\x80\x17\x81\xBD\x9D\x62"
"\xA1\xAC\xE8\xCF\xC6\x74\xCF\xDC"
"\x22\x60\x4E\xE8\xA4\x5D\x85\xB9",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* AES test vectors.
*/
static const struct cipher_testvec aes_tv_template[] = {
{ /* From FIPS-197 */
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.klen = 16,
.ptext = "\x00\x11\x22\x33\x44\x55\x66\x77"
"\x88\x99\xaa\xbb\xcc\xdd\xee\xff",
.ctext = "\x69\xc4\xe0\xd8\x6a\x7b\x04\x30"
"\xd8\xcd\xb7\x80\x70\xb4\xc5\x5a",
.len = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x10\x11\x12\x13\x14\x15\x16\x17",
.klen = 24,
.ptext = "\x00\x11\x22\x33\x44\x55\x66\x77"
"\x88\x99\xaa\xbb\xcc\xdd\xee\xff",
.ctext = "\xdd\xa9\x7c\xa4\x86\x4c\xdf\xe0"
"\x6e\xaf\x70\xa0\xec\x0d\x71\x91",
.len = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.klen = 32,
.ptext = "\x00\x11\x22\x33\x44\x55\x66\x77"
"\x88\x99\xaa\xbb\xcc\xdd\xee\xff",
.ctext = "\x8e\xa2\xb7\xca\x51\x67\x45\xbf"
"\xea\xfc\x49\x90\x4b\x49\x60\x89",
.len = 16,
}, { /* Generated with Crypto++ */
.key = "\xA6\xC9\x83\xA6\xC9\xEC\x0F\x32"
"\x55\x0F\x32\x55\x78\x9B\xBE\x78"
"\x9B\xBE\xE1\x04\x27\xE1\x04\x27"
"\x4A\x6D\x90\x4A\x6D\x90\xB3\xD6",
.klen = 32,
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82\xEB"
"\x54\xE0\x49\xB2\x1B\xA7\x10\x79"
"\x05\x6E\xD7\x40\xCC\x35\x9E\x07"
"\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8"
"\x21\x8A\x16\x7F\xE8\x51\xDD\x46"
"\xAF\x18\xA4\x0D\x76\x02\x6B\xD4"
"\x3D\xC9\x32\x9B\x04\x90\xF9\x62"
"\xEE\x57\xC0\x29\xB5\x1E\x87\x13"
"\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1"
"\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F"
"\x98\x01\x8D\xF6\x5F\xEB\x54\xBD"
"\x26\xB2\x1B\x84\x10\x79\xE2\x4B"
"\xD7\x40\xA9\x12\x9E\x07\x70\xFC"
"\x65\xCE\x37\xC3\x2C\x95\x21\x8A"
"\xF3\x5C\xE8\x51\xBA\x23\xAF\x18"
"\x81\x0D\x76\xDF\x48\xD4\x3D\xA6"
"\x0F\x9B\x04\x6D\xF9\x62\xCB\x34"
"\xC0\x29\x92\x1E\x87\xF0\x59\xE5"
"\x4E\xB7\x20\xAC\x15\x7E\x0A\x73"
"\xDC\x45\xD1\x3A\xA3\x0C\x98\x01"
"\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F"
"\x1B\x84\xED\x56\xE2\x4B\xB4\x1D"
"\xA9\x12\x7B\x07\x70\xD9\x42\xCE"
"\x37\xA0\x09\x95\xFE\x67\xF3\x5C"
"\xC5\x2E\xBA\x23\x8C\x18\x81\xEA"
"\x53\xDF\x48\xB1\x1A\xA6\x0F\x78"
"\x04\x6D\xD6\x3F\xCB\x34\x9D\x06"
"\x92\xFB\x64\xF0\x59\xC2\x2B\xB7"
"\x20\x89\x15\x7E\xE7\x50\xDC\x45"
"\xAE\x17\xA3\x0C\x75\x01\x6A\xD3"
"\x3C\xC8\x31\x9A\x03\x8F\xF8\x61"
"\xED\x56\xBF\x28\xB4\x1D\x86\x12",
.ctext = "\x71\x73\xF7\xDB\x24\x93\x21\x6D"
"\x61\x1E\xBB\x63\x42\x79\xDB\x64"
"\x6F\x82\xC0\xCA\xA3\x9B\xFA\x0B"
"\xD9\x08\xC7\x4A\x90\xAE\x8F\x5F"
"\x5E\x06\xF0\x5F\x31\x51\x18\x37"
"\x45\xD7\xCA\x3A\xFD\x6C\x3F\xE1"
"\xDD\x8D\x22\x65\x2B\x00\x50\xCE"
"\xBA\x28\x67\xD7\xCE\x0E\x0D\xEA"
"\x78\x69\x7F\xAE\x8F\x8B\x69\x37"
"\x75\xE0\xDC\x96\xE0\xB7\xF4\x09"
"\xCB\x6D\xA2\xFB\xDA\xAF\x09\xF8"
"\x81\x82\x27\xFA\x45\x9C\x29\xA4"
"\x22\x8B\x78\x69\x5B\x46\xF9\x39"
"\x1B\xCC\xF9\x1D\x09\xEB\xBC\x5C"
"\x41\x72\x51\x97\x1D\x07\x49\xA0"
"\x1B\x8E\x65\x4B\xB2\x6A\x12\x03"
"\x6A\x60\x95\xAC\xBD\xAC\x1A\x64"
"\xDE\x5A\xA5\xF0\x83\x2F\xCB\xCA"
"\x22\x74\xA6\x6C\x9B\x73\xCE\x3F"
"\xE1\x8B\x22\x17\x59\x0C\x47\x89"
"\x33\xA1\xD6\x47\x03\x19\x4F\xA8"
"\x67\x69\xF0\x5B\xF0\x20\xAD\x06"
"\x27\x81\x92\xD8\xC5\xBA\x98\x12"
"\xBE\x24\xB5\x2F\x75\x02\xC2\xAD"
"\x12\x2F\x07\x32\xEE\x39\xAF\x64"
"\x05\x8F\xB3\xD4\xEB\x1B\x46\x6E"
"\xD9\x21\xF9\xC4\xB7\xC9\x45\x68"
"\xB4\xA1\x74\x9F\x82\x47\xEB\xCC"
"\xBD\x0A\x14\x95\x0F\x8B\xA8\x2F"
"\x4B\x1B\xA7\xBF\x82\xA6\x43\x0C"
"\xB9\x39\x4A\xA8\x10\x6F\x50\x7B"
"\x25\xFB\x26\x81\xE0\x2F\xF0\x96"
"\x8D\x8B\xAC\x92\x0F\xF6\xED\x64"
"\x63\x29\x4C\x8E\x18\x13\xC5\xBF"
"\xFC\xA0\xD9\xBF\x7C\x3A\x0E\x29"
"\x6F\xD1\x6C\x6F\xA5\xDA\xBF\xB1"
"\x30\xEA\x44\x2D\xC3\x8F\x16\xE1"
"\x66\xFA\xA3\x21\x3E\xFC\x13\xCA"
"\xF0\xF6\xF0\x59\xBD\x8F\x38\x50"
"\x31\xCB\x69\x3F\x96\x15\xD6\xF5"
"\xAE\xFF\xF6\xAA\x41\x85\x4C\x10"
"\x58\xE3\xF9\x44\xE6\x28\xDA\x9A"
"\xDC\x6A\x80\x34\x73\x97\x1B\xC5"
"\xCA\x26\x16\x77\x0E\x60\xAB\x89"
"\x0F\x04\x27\xBD\xCE\x3E\x71\xB4"
"\xA0\xD7\x22\x7E\xDB\xEB\x24\x70"
"\x42\x71\x51\x78\x70\xB3\xE0\x3D"
"\x84\x8E\x8D\x7B\xD0\x6D\xEA\x92"
"\x11\x08\x42\x4F\xE5\xAD\x26\x92"
"\xD2\x00\xAE\xA8\xE3\x4B\x37\x47"
"\x22\xC1\x95\xC1\x63\x7F\xCB\x03"
"\xF3\xE3\xD7\x9D\x60\xC7\xBC\xEA"
"\x35\xA2\xFD\x45\x52\x39\x13\x6F"
"\xC1\x53\xF3\x53\xDF\x33\x84\xD7"
"\xD2\xC8\x37\xB0\x75\xE3\x41\x46"
"\xB3\xC7\x83\x2E\x8A\xBB\xA4\xE5"
"\x7F\x3C\xFD\x8B\xEB\xEA\x63\xBD"
"\xB7\x46\xE7\xBF\x09\x9C\x0D\x0F"
"\x40\x86\x7F\x51\xE1\x11\x9C\xCB"
"\x88\xE6\x68\x47\xE3\x2B\xC5\xFF"
"\x09\x79\xA0\x43\x5C\x0D\x08\x58"
"\x17\xBB\xC0\x6B\x62\x3F\x56\xE9",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
static const struct cipher_testvec aes_cbc_tv_template[] = {
{ /* From RFC 3602 */
.key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06",
.klen = 16,
.iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.ptext = "Single block msg",
.ctext = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a",
.len = 16,
.also_non_np = 1,
.np = 8,
.tap = { 3, 2, 3, 2, 3, 1, 1, 1 },
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
"\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
.klen = 16,
.iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
crypto: speck - add support for the Speck block cipher Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-02-14 11:42:19 -07:00
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
"\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
"\x75\x86\x60\x2d\x25\x3c\xff\xf9"
"\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1",
.len = 32,
}, { /* From NIST SP800-38A */
.key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
"\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
"\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
.klen = 24,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
"\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
"\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
"\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
"\x57\x1b\x24\x20\x12\xfb\x7a\xe0"
"\x7f\xa9\xba\xac\x3d\xf1\x02\xe0"
"\x08\xb0\xe2\x79\x88\x59\x88\x81"
"\xd9\x20\xa9\xe6\x4f\x56\x15\xcd",
.len = 64,
}, {
.key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
crypto: speck - add support for the Speck block cipher Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-02-14 11:42:19 -07:00
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
crypto: speck - add support for the Speck block cipher Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-02-14 11:42:19 -07:00
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
"\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
"\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
"\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
"\x39\xf2\x33\x69\xa9\xd9\xba\xcf"
"\xa5\x30\xe2\x63\x04\x23\x14\x61"
"\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc"
"\xda\x6c\x19\x07\x8c\x6a\x9d\x1b",
.len = 64,
}, { /* Generated with Crypto++ */
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55"
"\x0F\x32\x55\x78\x9B\xBE\x78\x9B"
"\xBE\xE1\x04\x27\xE1\x04\x27\x4A"
"\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9",
crypto: speck - add support for the Speck block cipher Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-02-14 11:42:19 -07:00
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47"
"\xE2\x7D\x18\xD6\x71\x0C\xA7\x42",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82\xEB"
"\x54\xE0\x49\xB2\x1B\xA7\x10\x79"
"\x05\x6E\xD7\x40\xCC\x35\x9E\x07"
"\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8"
"\x21\x8A\x16\x7F\xE8\x51\xDD\x46"
"\xAF\x18\xA4\x0D\x76\x02\x6B\xD4"
"\x3D\xC9\x32\x9B\x04\x90\xF9\x62"
"\xEE\x57\xC0\x29\xB5\x1E\x87\x13"
"\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1"
"\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F"
"\x98\x01\x8D\xF6\x5F\xEB\x54\xBD"
"\x26\xB2\x1B\x84\x10\x79\xE2\x4B"
"\xD7\x40\xA9\x12\x9E\x07\x70\xFC"
"\x65\xCE\x37\xC3\x2C\x95\x21\x8A"
"\xF3\x5C\xE8\x51\xBA\x23\xAF\x18"
"\x81\x0D\x76\xDF\x48\xD4\x3D\xA6"
"\x0F\x9B\x04\x6D\xF9\x62\xCB\x34"
"\xC0\x29\x92\x1E\x87\xF0\x59\xE5"
"\x4E\xB7\x20\xAC\x15\x7E\x0A\x73"
"\xDC\x45\xD1\x3A\xA3\x0C\x98\x01"
"\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F"
"\x1B\x84\xED\x56\xE2\x4B\xB4\x1D"
"\xA9\x12\x7B\x07\x70\xD9\x42\xCE"
"\x37\xA0\x09\x95\xFE\x67\xF3\x5C"
"\xC5\x2E\xBA\x23\x8C\x18\x81\xEA"
"\x53\xDF\x48\xB1\x1A\xA6\x0F\x78"
"\x04\x6D\xD6\x3F\xCB\x34\x9D\x06"
"\x92\xFB\x64\xF0\x59\xC2\x2B\xB7"
"\x20\x89\x15\x7E\xE7\x50\xDC\x45"
"\xAE\x17\xA3\x0C\x75\x01\x6A\xD3"
"\x3C\xC8\x31\x9A\x03\x8F\xF8\x61"
"\xED\x56\xBF\x28\xB4\x1D\x86\x12",
.ctext = "\xEA\x65\x8A\x19\xB0\x66\xC1\x3F"
"\xCE\xF1\x97\x75\xC1\xFD\xB5\xAF"
"\x52\x65\xF7\xFF\xBC\xD8\x2D\x9F"
"\x2F\xB9\x26\x9B\x6F\x10\xB7\xB8"
"\x26\xA1\x02\x46\xA2\xAD\xC6\xC0"
"\x11\x15\xFF\x6D\x1E\x82\x04\xA6"
"\xB1\x74\xD1\x08\x13\xFD\x90\x7C"
"\xF5\xED\xD3\xDB\x5A\x0A\x0C\x2F"
"\x0A\x70\xF1\x88\x07\xCF\x21\x26"
"\x40\x40\x8A\xF5\x53\xF7\x24\x4F"
"\x83\x38\x43\x5F\x08\x99\xEB\xE3"
"\xDC\x02\x64\x67\x50\x6E\x15\xC3"
"\x01\x1A\xA0\x81\x13\x65\xA6\x73"
"\x71\xA6\x3B\x91\x83\x77\xBE\xFA"
"\xDB\x71\x73\xA6\xC1\xAE\x43\xC3"
"\x36\xCE\xD6\xEB\xF9\x30\x1C\x4F"
"\x80\x38\x5E\x9C\x6E\xAB\x98\x2F"
"\x53\xAF\xCF\xC8\x9A\xB8\x86\x43"
"\x3E\x86\xE7\xA1\xF4\x2F\x30\x40"
"\x03\xA8\x6C\x50\x42\x9F\x77\x59"
"\x89\xA0\xC5\xEC\x9A\xB8\xDD\x99"
"\x16\x24\x02\x07\x48\xAE\xF2\x31"
"\x34\x0E\xC3\x85\xFE\x1C\x95\x99"
"\x87\x58\x98\x8B\xE7\xC6\xC5\x70"
"\x73\x81\x07\x7C\x56\x2F\xD8\x1B"
"\xB7\xB9\x2B\xAB\xE3\x01\x87\x0F"
"\xD8\xBB\xC0\x0D\xAC\x2C\x2F\x98"
"\x3C\x0B\xA2\x99\x4A\x8C\xF7\x04"
"\xE0\xE0\xCF\xD1\x81\x5B\xFE\xF5"
"\x24\x04\xFD\xB8\xDF\x13\xD8\xCD"
"\xF1\xE3\x3D\x98\x50\x02\x77\x9E"
"\xBC\x22\xAB\xFA\xC2\x43\x1F\x66"
"\x20\x02\x23\xDA\xDF\xA0\x89\xF6"
"\xD8\xF3\x45\x24\x53\x6F\x16\x77"
"\x02\x3E\x7B\x36\x5F\xA0\x3B\x78"
"\x63\xA2\xBD\xB5\xA4\xCA\x1E\xD3"
"\x57\xBC\x0B\x9F\x43\x51\x28\x4F"
"\x07\x50\x6C\x68\x12\x07\xCF\xFA"
"\x6B\x72\x0B\xEB\xF8\x88\x90\x2C"
"\x7E\xF5\x91\xD1\x03\xD8\xD5\xBD"
"\x22\x39\x7B\x16\x03\x01\x69\xAF"
"\x3D\x38\x66\x28\x0C\xBE\x5B\xC5"
"\x03\xB4\x2F\x51\x8A\x56\x17\x2B"
"\x88\x42\x6D\x40\x68\x8F\xD0\x11"
"\x19\xF9\x1F\x43\x79\x95\x31\xFA"
"\x28\x7A\x3D\xF7\x66\xEB\xEF\xAC"
"\x06\xB2\x01\xAD\xDB\x68\xDB\xEC"
"\x8D\x53\x6E\x72\x68\xA3\xC7\x63"
"\x43\x2B\x78\xE0\x04\x29\x8F\x72"
"\xB2\x2C\xE6\x84\x03\x30\x6D\xCD"
"\x26\x92\x37\xE1\x2F\xBB\x8B\x9D"
"\xE4\x4C\xF6\x93\xBC\xD9\xAD\x44"
"\x52\x65\xC7\xB0\x0E\x3F\x0E\x61"
"\x56\x5D\x1C\x6D\xA7\x05\x2E\xBC"
"\x58\x08\x15\xAB\x12\xAB\x17\x4A"
"\x5E\x1C\xF2\xCD\xB8\xA2\xAE\xFB"
"\x9B\x2E\x0E\x85\x34\x80\x0E\x3F"
"\x4C\xB8\xDB\xCE\x1C\x90\xA1\x61"
"\x6C\x69\x09\x35\x9E\xD4\xF4\xAD"
"\xBC\x06\x41\xE3\x01\xB4\x4E\x0A"
"\xE0\x1F\x91\xF8\x82\x96\x2D\x65"
"\xA3\xAA\x13\xCC\x50\xFF\x7B\x02",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
crypto: speck - add support for the Speck block cipher Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-02-14 11:42:19 -07:00
},
};
static const struct cipher_testvec aes_cfb_tv_template[] = {
{ /* From NIST SP800-38A */
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.klen = 16,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
"\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
"\xc8\xa6\x45\x37\xa0\xb3\xa9\x3f"
"\xcd\xe3\xcd\xad\x9f\x1c\xe5\x8b"
"\x26\x75\x1f\x67\xa3\xcb\xb1\x40"
"\xb1\x80\x8c\xf1\x87\xa4\xf4\xdf"
"\xc0\x4b\x05\x35\x7c\x5d\x1c\x0e"
"\xea\xc4\xc6\x6f\x9f\xf7\xf2\xe6",
.len = 64,
}, {
.key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
"\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
"\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
.klen = 24,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\xcd\xc8\x0d\x6f\xdd\xf1\x8c\xab"
"\x34\xc2\x59\x09\xc9\x9a\x41\x74"
"\x67\xce\x7f\x7f\x81\x17\x36\x21"
"\x96\x1a\x2b\x70\x17\x1d\x3d\x7a"
"\x2e\x1e\x8a\x1d\xd5\x9b\x88\xb1"
"\xc8\xe6\x0f\xed\x1e\xfa\xc4\xc9"
"\xc0\x5f\x9f\x9c\xa9\x83\x4f\xa0"
"\x42\xae\x8f\xba\x58\x4b\x09\xff",
.len = 64,
}, {
.key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.klen = 32,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\xdc\x7e\x84\xbf\xda\x79\x16\x4b"
"\x7e\xcd\x84\x86\x98\x5d\x38\x60"
"\x39\xff\xed\x14\x3b\x28\xb1\xc8"
"\x32\x11\x3c\x63\x31\xe5\x40\x7b"
"\xdf\x10\x13\x24\x15\xe5\x4b\x92"
"\xa1\x3e\xd0\xa8\x26\x7a\xe2\xf9"
"\x75\xa3\x85\x74\x1a\xb9\xce\xf8"
"\x20\x31\x62\x3d\x55\xb1\xe4\x71",
.len = 64,
.also_non_np = 1,
.np = 2,
.tap = { 31, 33 },
}, { /* > 16 bytes, not a multiple of 16 bytes */
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.klen = 16,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae",
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
"\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
"\xc8",
.len = 17,
}, { /* < 16 bytes */
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.klen = 16,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f",
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad",
.len = 7,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_md5_ecb_cipher_null_enc_tv_template[] = {
{ /* Input data from RFC 2410 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 8 + 16 + 0,
.iv = "",
.input = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.ilen = 8,
.result = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xaa\x42\xfe\x43\x8d\xea\xa3\x5a"
"\xb9\x3d\x9f\xb1\xa3\x8e\x9b\xae",
.rlen = 8 + 16,
}, { /* Input data from RFC 2410 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 8 + 16 + 0,
.iv = "",
.input = "Network Security People Have A Strange Sense Of Humor",
.ilen = 53,
.result = "Network Security People Have A Strange Sense Of Humor"
"\x73\xa5\x3e\x1c\x08\x0e\x8a\x8a"
"\x8e\xb5\x5f\x90\x8e\xfe\x13\x23",
.rlen = 53 + 16,
},
};
static const struct aead_testvec hmac_md5_ecb_cipher_null_dec_tv_template[] = {
{
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 8 + 16 + 0,
.iv = "",
.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xaa\x42\xfe\x43\x8d\xea\xa3\x5a"
"\xb9\x3d\x9f\xb1\xa3\x8e\x9b\xae",
.ilen = 8 + 16,
.result = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.rlen = 8,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 8 + 16 + 0,
.iv = "",
.input = "Network Security People Have A Strange Sense Of Humor"
"\x73\xa5\x3e\x1c\x08\x0e\x8a\x8a"
"\x8e\xb5\x5f\x90\x8e\xfe\x13\x23",
.ilen = 53 + 16,
.result = "Network Security People Have A Strange Sense Of Humor",
.rlen = 53,
},
};
static const struct aead_testvec hmac_sha1_aes_cbc_enc_tv_temp[] = {
{ /* RFC 3602 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00"
"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06",
.klen = 8 + 20 + 16,
.iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.alen = 16,
.input = "Single block msg",
.ilen = 16,
.result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a"
"\x1b\x13\xcb\xaf\x89\x5e\xe1\x2c"
"\x13\xc5\x2e\xa3\xcc\xed\xdc\xb5"
"\x03\x71\xa2\x06",
.rlen = 16 + 20,
}, { /* RFC 3602 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x30\x31\x32\x33"
"\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
"\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
.klen = 8 + 20 + 16,
.iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.alen = 16,
.input = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.ilen = 32,
.result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
"\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
"\x75\x86\x60\x2d\x25\x3c\xff\xf9"
"\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
"\xad\x9b\x4c\x5c\x85\xe1\xda\xae"
"\xee\x81\x4e\xd7\xdb\x74\xcf\x58"
"\x65\x39\xf8\xde",
.rlen = 32 + 20,
}, { /* RFC 3602 Case 3 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55"
"\x6c\x3e\xa0\x47\x76\x30\xce\x21"
"\xa2\xce\x33\x4a\xa7\x46\xc2\xcd",
.klen = 8 + 20 + 16,
.iv = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.alen = 16,
.input = "This is a 48-byte message (exactly 3 AES blocks)",
.ilen = 48,
.result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
"\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
"\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
"\x50\x69\x39\x27\x67\x72\xf8\xd5"
"\x02\x1c\x19\x21\x6b\xad\x52\x5c"
"\x85\x79\x69\x5d\x83\xba\x26\x84"
"\xc2\xec\x0c\xf8\x7f\x05\xba\xca"
"\xff\xee\x4c\xd0\x93\xe6\x36\x7f"
"\x8d\x62\xf2\x1e",
.rlen = 48 + 20,
}, { /* RFC 3602 Case 4 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55"
"\x56\xe4\x7a\x38\xc5\x59\x89\x74"
"\xbc\x46\x90\x3d\xba\x29\x03\x49",
.klen = 8 + 20 + 16,
.iv = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.alen = 16,
.input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
.ilen = 64,
.result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
"\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
"\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
"\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
"\x35\x90\x7a\xa6\x32\xc3\xff\xdf"
"\x86\x8b\xb7\xb2\x9d\x3d\x46\xad"
"\x83\xce\x9f\x9a\x10\x2e\xe9\x9d"
"\x49\xa5\x3e\x87\xf4\xc3\xda\x55"
"\x1c\x45\x57\xa9\x56\xcb\xa9\x2d"
"\x18\xac\xf1\xc7\x5d\xd1\xcd\x0d"
"\x1d\xbe\xc6\xe9",
.rlen = 64 + 20,
}, { /* RFC 3602 Case 5 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55"
"\x90\xd3\x82\xb4\x10\xee\xba\x7a"
"\xd9\x38\xc4\x6c\xec\x1a\x82\xbf",
.klen = 8 + 20 + 16,
.iv = "\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.alen = 24,
.input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
"\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
.ilen = 80,
.result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
"\xa9\x45\x3e\x19\x4e\x12\x08\x49"
"\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
"\x33\x00\x13\xb4\x89\x8d\xc8\x56"
"\xa4\x69\x9e\x52\x3a\x55\xdb\x08"
"\x0b\x59\xec\x3a\x8e\x4b\x7e\x52"
"\x77\x5b\x07\xd1\xdb\x34\xed\x9c"
"\x53\x8a\xb5\x0c\x55\x1b\x87\x4a"
"\xa2\x69\xad\xd0\x47\xad\x2d\x59"
"\x13\xac\x19\xb7\xcf\xba\xd4\xa6"
"\x58\xc6\x84\x75\xe4\xe9\x6b\x0c"
"\xe1\xc5\x0b\x73\x4d\x82\x55\xa8"
"\x85\xe1\x59\xf7",
.rlen = 80 + 20,
}, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55"
"\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
"\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
"\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
.klen = 8 + 20 + 24,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
.input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ilen = 64,
.result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
"\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
"\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
"\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
"\x57\x1b\x24\x20\x12\xfb\x7a\xe0"
"\x7f\xa9\xba\xac\x3d\xf1\x02\xe0"
"\x08\xb0\xe2\x79\x88\x59\x88\x81"
"\xd9\x20\xa9\xe6\x4f\x56\x15\xcd"
"\x73\xe3\x19\x3f\x8b\xc9\xc6\xf4"
"\x5a\xf1\x5b\xa8\x98\x07\xc5\x36"
"\x47\x4c\xfc\x36",
.rlen = 64 + 20,
}, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x20" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55"
"\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.klen = 8 + 20 + 32,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
.input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ilen = 64,
.result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
"\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
"\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
"\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
"\x39\xf2\x33\x69\xa9\xd9\xba\xcf"
"\xa5\x30\xe2\x63\x04\x23\x14\x61"
"\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc"
"\xda\x6c\x19\x07\x8c\x6a\x9d\x1b"
"\xa3\xe8\x9b\x17\xe3\xf4\x7f\xde"
"\x1b\x9f\xc6\x81\x26\x43\x4a\x87"
"\x51\xee\xd6\x4e",
.rlen = 64 + 20,
},
};
static const struct aead_testvec hmac_sha1_ecb_cipher_null_enc_tv_temp[] = {
{ /* Input data from RFC 2410 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.klen = 8 + 20 + 0,
.iv = "",
.input = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.ilen = 8,
.result = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\x40\xc3\x0a\xa1\xc9\xa0\x28\xab"
"\x99\x5e\x19\x04\xd1\x72\xef\xb8"
"\x8c\x5e\xe4\x08",
.rlen = 8 + 20,
}, { /* Input data from RFC 2410 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.klen = 8 + 20 + 0,
.iv = "",
.input = "Network Security People Have A Strange Sense Of Humor",
.ilen = 53,
.result = "Network Security People Have A Strange Sense Of Humor"
"\x75\x6f\x42\x1e\xf8\x50\x21\xd2"
"\x65\x47\xee\x8e\x1a\xef\x16\xf6"
"\x91\x56\xe4\xd6",
.rlen = 53 + 20,
},
};
static const struct aead_testvec hmac_sha1_ecb_cipher_null_dec_tv_temp[] = {
{
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.klen = 8 + 20 + 0,
.iv = "",
.input = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\x40\xc3\x0a\xa1\xc9\xa0\x28\xab"
"\x99\x5e\x19\x04\xd1\x72\xef\xb8"
"\x8c\x5e\xe4\x08",
.ilen = 8 + 20,
.result = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.rlen = 8,
}, {
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x00" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.klen = 8 + 20 + 0,
.iv = "",
.input = "Network Security People Have A Strange Sense Of Humor"
"\x75\x6f\x42\x1e\xf8\x50\x21\xd2"
"\x65\x47\xee\x8e\x1a\xef\x16\xf6"
"\x91\x56\xe4\xd6",
.ilen = 53 + 20,
.result = "Network Security People Have A Strange Sense Of Humor",
.rlen = 53,
},
};
static const struct aead_testvec hmac_sha256_aes_cbc_enc_tv_temp[] = {
{ /* RFC 3602 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06",
.klen = 8 + 32 + 16,
.iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.alen = 16,
.input = "Single block msg",
.ilen = 16,
.result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a"
"\xcc\xde\x2d\x6a\xae\xf1\x0b\xcc"
"\x38\x06\x38\x51\xb4\xb8\xf3\x5b"
"\x5c\x34\xa6\xa3\x6e\x0b\x05\xe5"
"\x6a\x6d\x44\xaa\x26\xa8\x44\xa5",
.rlen = 16 + 32,
}, { /* RFC 3602 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
"\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
.klen = 8 + 32 + 16,
.iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.alen = 16,
.input = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.ilen = 32,
.result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
"\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
"\x75\x86\x60\x2d\x25\x3c\xff\xf9"
"\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
"\xf5\x33\x53\xf3\x68\x85\x2a\x99"
"\x0e\x06\x58\x8f\xba\xf6\x06\xda"
"\x49\x69\x0d\x5b\xd4\x36\x06\x62"
"\x35\x5e\x54\x58\x53\x4d\xdf\xbf",
.rlen = 32 + 32,
}, { /* RFC 3602 Case 3 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x6c\x3e\xa0\x47\x76\x30\xce\x21"
"\xa2\xce\x33\x4a\xa7\x46\xc2\xcd",
.klen = 8 + 32 + 16,
.iv = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.alen = 16,
.input = "This is a 48-byte message (exactly 3 AES blocks)",
.ilen = 48,
.result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
"\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
"\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
"\x50\x69\x39\x27\x67\x72\xf8\xd5"
"\x02\x1c\x19\x21\x6b\xad\x52\x5c"
"\x85\x79\x69\x5d\x83\xba\x26\x84"
"\x68\xb9\x3e\x90\x38\xa0\x88\x01"
"\xe7\xc6\xce\x10\x31\x2f\x9b\x1d"
"\x24\x78\xfb\xbe\x02\xe0\x4f\x40"
"\x10\xbd\xaa\xc6\xa7\x79\xe0\x1a",
.rlen = 48 + 32,
}, { /* RFC 3602 Case 4 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x56\xe4\x7a\x38\xc5\x59\x89\x74"
"\xbc\x46\x90\x3d\xba\x29\x03\x49",
.klen = 8 + 32 + 16,
.iv = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.alen = 16,
.input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
.ilen = 64,
.result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
"\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
"\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
"\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
"\x35\x90\x7a\xa6\x32\xc3\xff\xdf"
"\x86\x8b\xb7\xb2\x9d\x3d\x46\xad"
"\x83\xce\x9f\x9a\x10\x2e\xe9\x9d"
"\x49\xa5\x3e\x87\xf4\xc3\xda\x55"
"\x7a\x1b\xd4\x3c\xdb\x17\x95\xe2"
"\xe0\x93\xec\xc9\x9f\xf7\xce\xd8"
"\x3f\x54\xe2\x49\x39\xe3\x71\x25"
"\x2b\x6c\xe9\x5d\xec\xec\x2b\x64",
.rlen = 64 + 32,
}, { /* RFC 3602 Case 5 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x90\xd3\x82\xb4\x10\xee\xba\x7a"
"\xd9\x38\xc4\x6c\xec\x1a\x82\xbf",
.klen = 8 + 32 + 16,
.iv = "\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.alen = 24,
.input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
"\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
.ilen = 80,
.result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
"\xa9\x45\x3e\x19\x4e\x12\x08\x49"
"\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
"\x33\x00\x13\xb4\x89\x8d\xc8\x56"
"\xa4\x69\x9e\x52\x3a\x55\xdb\x08"
"\x0b\x59\xec\x3a\x8e\x4b\x7e\x52"
"\x77\x5b\x07\xd1\xdb\x34\xed\x9c"
"\x53\x8a\xb5\x0c\x55\x1b\x87\x4a"
"\xa2\x69\xad\xd0\x47\xad\x2d\x59"
"\x13\xac\x19\xb7\xcf\xba\xd4\xa6"
"\xbb\xd4\x0f\xbe\xa3\x3b\x4c\xb8"
"\x3a\xd2\xe1\x03\x86\xa5\x59\xb7"
"\x73\xc3\x46\x20\x2c\xb1\xef\x68"
"\xbb\x8a\x32\x7e\x12\x8c\x69\xcf",
.rlen = 80 + 32,
}, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
"\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
"\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
.klen = 8 + 32 + 24,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
.input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ilen = 64,
.result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
"\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
"\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
"\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
"\x57\x1b\x24\x20\x12\xfb\x7a\xe0"
"\x7f\xa9\xba\xac\x3d\xf1\x02\xe0"
"\x08\xb0\xe2\x79\x88\x59\x88\x81"
"\xd9\x20\xa9\xe6\x4f\x56\x15\xcd"
"\x2f\xee\x5f\xdb\x66\xfe\x79\x09"
"\x61\x81\x31\xea\x5b\x3d\x8e\xfb"
"\xca\x71\x85\x93\xf7\x85\x55\x8b"
"\x7a\xe4\x94\xca\x8b\xba\x19\x33",
.rlen = 64 + 32,
}, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x20" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.klen = 8 + 32 + 32,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
.input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ilen = 64,
.result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
"\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
"\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
"\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
"\x39\xf2\x33\x69\xa9\xd9\xba\xcf"
"\xa5\x30\xe2\x63\x04\x23\x14\x61"
"\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc"
"\xda\x6c\x19\x07\x8c\x6a\x9d\x1b"
"\x24\x29\xed\xc2\x31\x49\xdb\xb1"
"\x8f\x74\xbd\x17\x92\x03\xbe\x8f"
"\xf3\x61\xde\x1c\xe9\xdb\xcd\xd0"
"\xcc\xce\xe9\x85\x57\xcf\x6f\x5f",
.rlen = 64 + 32,
crypto: speck - add support for the Speck block cipher Add a generic implementation of Speck, including the Speck128 and Speck64 variants. Speck is a lightweight block cipher that can be much faster than AES on processors that don't have AES instructions. We are planning to offer Speck-XTS (probably Speck128/256-XTS) as an option for dm-crypt and fscrypt on Android, for low-end mobile devices with older CPUs such as ARMv7 which don't have the Cryptography Extensions. Currently, such devices are unencrypted because AES is not fast enough, even when the NEON bit-sliced implementation of AES is used. Other AES alternatives such as Twofish, Threefish, Camellia, CAST6, and Serpent aren't fast enough either; it seems that only a modern ARX cipher can provide sufficient performance on these devices. This is a replacement for our original proposal (https://patchwork.kernel.org/patch/10101451/) which was to offer ChaCha20 for these devices. However, the use of a stream cipher for disk/file encryption with no space to store nonces would have been much more insecure than we thought initially, given that it would be used on top of flash storage as well as potentially on top of F2FS, neither of which is guaranteed to overwrite data in-place. Speck has been somewhat controversial due to its origin. Nevertheless, it has a straightforward design (it's an ARX cipher), and it appears to be the leading software-optimized lightweight block cipher currently, with the most cryptanalysis. It's also easy to implement without side channels, unlike AES. Moreover, we only intend Speck to be used when the status quo is no encryption, due to AES not being fast enough. We've also considered a novel length-preserving encryption mode based on ChaCha20 and Poly1305. While theoretically attractive, such a mode would be a brand new crypto construction and would be more complicated and difficult to implement efficiently in comparison to Speck-XTS. There is confusion about the byte and word orders of Speck, since the original paper doesn't specify them. But we have implemented it using the orders the authors recommended in a correspondence with them. The test vectors are taken from the original paper but were mapped to byte arrays using the recommended byte and word orders. Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-02-14 11:42:19 -07:00
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha512_aes_cbc_enc_tv_temp[] = {
{ /* RFC 3602 Case 1 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06",
.klen = 8 + 64 + 16,
.iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.assoc = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.alen = 16,
.input = "Single block msg",
.ilen = 16,
.result = "\xe3\x53\x77\x9c\x10\x79\xae\xb8"
"\x27\x08\x94\x2d\xbe\x77\x18\x1a"
"\x3f\xdc\xad\x90\x03\x63\x5e\x68"
"\xc3\x13\xdd\xa4\x5c\x4d\x54\xa7"
"\x19\x6e\x03\x75\x2b\xa1\x62\xce"
"\xe0\xc6\x96\x75\xb2\x14\xca\x96"
"\xec\xbd\x50\x08\x07\x64\x1a\x49"
"\xe8\x9a\x7c\x06\x3d\xcb\xff\xb2"
"\xfa\x20\x89\xdd\x9c\xac\x9e\x16"
"\x18\x8a\xa0\x6d\x01\x6c\xa3\x3a",
.rlen = 16 + 64,
}, { /* RFC 3602 Case 2 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
"\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
.klen = 8 + 64 + 16,
.iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.assoc = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.alen = 16,
.input = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.ilen = 32,
.result = "\xd2\x96\xcd\x94\xc2\xcc\xcf\x8a"
"\x3a\x86\x30\x28\xb5\xe1\xdc\x0a"
"\x75\x86\x60\x2d\x25\x3c\xff\xf9"
"\x1b\x82\x66\xbe\xa6\xd6\x1a\xb1"
"\xda\xb2\x0c\xb2\x26\xc4\xd5\xef"
"\x60\x38\xa4\x5e\x9a\x8c\x1b\x41"
"\x03\x9f\xc4\x64\x7f\x01\x42\x9b"
"\x0e\x1b\xea\xef\xbc\x88\x19\x5e"
"\x31\x7e\xc2\x95\xfc\x09\x32\x0a"
"\x46\x32\x7c\x41\x9c\x59\x3e\xe9"
"\x8f\x9f\xd4\x31\xd6\x22\xbd\xf8"
"\xf7\x0a\x94\xe5\xa9\xc3\xf6\x9d",
.rlen = 32 + 64,
}, { /* RFC 3602 Case 3 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\x44\x55\x66\x77\x88\x99\xaa\xbb"
"\xcc\xdd\xee\xff\x11\x22\x33\x44"
"\x6c\x3e\xa0\x47\x76\x30\xce\x21"
"\xa2\xce\x33\x4a\xa7\x46\xc2\xcd",
.klen = 8 + 64 + 16,
.iv = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.assoc = "\xc7\x82\xdc\x4c\x09\x8c\x66\xcb"
"\xd9\xcd\x27\xd8\x25\x68\x2c\x81",
.alen = 16,
.input = "This is a 48-byte message (exactly 3 AES blocks)",
.ilen = 48,
.result = "\xd0\xa0\x2b\x38\x36\x45\x17\x53"
"\xd4\x93\x66\x5d\x33\xf0\xe8\x86"
"\x2d\xea\x54\xcd\xb2\x93\xab\xc7"
"\x50\x69\x39\x27\x67\x72\xf8\xd5"
"\x02\x1c\x19\x21\x6b\xad\x52\x5c"
"\x85\x79\x69\x5d\x83\xba\x26\x84"
"\x64\x19\x17\x5b\x57\xe0\x21\x0f"
"\xca\xdb\xa1\x26\x38\x14\xa2\x69"
"\xdb\x54\x67\x80\xc0\x54\xe0\xfd"
"\x3e\x91\xe7\x91\x7f\x13\x38\x44"
"\xb7\xb1\xd6\xc8\x7d\x48\x8d\x41"
"\x08\xea\x29\x6c\x74\x67\x3f\xb0"
"\xac\x7f\x5c\x1d\xf5\xee\x22\x66"
"\x27\xa6\xb6\x13\xba\xba\xf0\xc2",
.rlen = 48 + 64,
}, { /* RFC 3602 Case 4 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\x44\x55\x66\x77\x88\x99\xaa\xbb"
"\xcc\xdd\xee\xff\x11\x22\x33\x44"
"\x56\xe4\x7a\x38\xc5\x59\x89\x74"
"\xbc\x46\x90\x3d\xba\x29\x03\x49",
.klen = 8 + 64 + 16,
.iv = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.assoc = "\x8c\xe8\x2e\xef\xbe\xa0\xda\x3c"
"\x44\x69\x9e\xd7\xdb\x51\xb7\xd9",
.alen = 16,
.input = "\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf",
.ilen = 64,
.result = "\xc3\x0e\x32\xff\xed\xc0\x77\x4e"
"\x6a\xff\x6a\xf0\x86\x9f\x71\xaa"
"\x0f\x3a\xf0\x7a\x9a\x31\xa9\xc6"
"\x84\xdb\x20\x7e\xb0\xef\x8e\x4e"
"\x35\x90\x7a\xa6\x32\xc3\xff\xdf"
"\x86\x8b\xb7\xb2\x9d\x3d\x46\xad"
"\x83\xce\x9f\x9a\x10\x2e\xe9\x9d"
"\x49\xa5\x3e\x87\xf4\xc3\xda\x55"
"\x82\xcd\x42\x28\x21\x20\x15\xcc"
"\xb7\xb2\x48\x40\xc7\x64\x41\x3a"
"\x61\x32\x82\x85\xcf\x27\xed\xb4"
"\xe4\x68\xa2\xf5\x79\x26\x27\xb2"
"\x51\x67\x6a\xc4\xf0\x66\x55\x50"
"\xbc\x6f\xed\xd5\x8d\xde\x23\x7c"
"\x62\x98\x14\xd7\x2f\x37\x8d\xdf"
"\xf4\x33\x80\xeb\x8e\xb4\xa4\xda",
.rlen = 64 + 64,
}, { /* RFC 3602 Case 5 */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x10" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\x44\x55\x66\x77\x88\x99\xaa\xbb"
"\xcc\xdd\xee\xff\x11\x22\x33\x44"
"\x90\xd3\x82\xb4\x10\xee\xba\x7a"
"\xd9\x38\xc4\x6c\xec\x1a\x82\xbf",
.klen = 8 + 64 + 16,
.iv = "\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\xe9\x6e\x8c\x08\xab\x46\x57\x63"
"\xfd\x09\x8d\x45\xdd\x3f\xf8\x93",
.alen = 24,
.input = "\x08\x00\x0e\xbd\xa7\x0a\x00\x00"
"\x8e\x9c\x08\x3d\xb9\x5b\x07\x00"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0e\x01",
.ilen = 80,
.result = "\xf6\x63\xc2\x5d\x32\x5c\x18\xc6"
"\xa9\x45\x3e\x19\x4e\x12\x08\x49"
"\xa4\x87\x0b\x66\xcc\x6b\x99\x65"
"\x33\x00\x13\xb4\x89\x8d\xc8\x56"
"\xa4\x69\x9e\x52\x3a\x55\xdb\x08"
"\x0b\x59\xec\x3a\x8e\x4b\x7e\x52"
"\x77\x5b\x07\xd1\xdb\x34\xed\x9c"
"\x53\x8a\xb5\x0c\x55\x1b\x87\x4a"
"\xa2\x69\xad\xd0\x47\xad\x2d\x59"
"\x13\xac\x19\xb7\xcf\xba\xd4\xa6"
"\x74\x84\x94\xe2\xd7\x7a\xf9\xbf"
"\x00\x8a\xa2\xd5\xb7\xf3\x60\xcf"
"\xa0\x47\xdf\x4e\x09\xf4\xb1\x7f"
"\x14\xd9\x3d\x53\x8e\x12\xb3\x00"
"\x4c\x0a\x4e\x32\x40\x43\x88\xce"
"\x92\x26\xc1\x76\x20\x11\xeb\xba"
"\x62\x4f\x9a\x62\x25\xc3\x75\x80"
"\xb7\x0a\x17\xf5\xd7\x94\xb4\x14",
.rlen = 80 + 64,
}, { /* NIST SP800-38A F.2.3 CBC-AES192.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\x44\x55\x66\x77\x88\x99\xaa\xbb"
"\xcc\xdd\xee\xff\x11\x22\x33\x44"
"\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
"\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
"\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
.klen = 8 + 64 + 24,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
.input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ilen = 64,
.result = "\x4f\x02\x1d\xb2\x43\xbc\x63\x3d"
"\x71\x78\x18\x3a\x9f\xa0\x71\xe8"
"\xb4\xd9\xad\xa9\xad\x7d\xed\xf4"
"\xe5\xe7\x38\x76\x3f\x69\x14\x5a"
"\x57\x1b\x24\x20\x12\xfb\x7a\xe0"
"\x7f\xa9\xba\xac\x3d\xf1\x02\xe0"
"\x08\xb0\xe2\x79\x88\x59\x88\x81"
"\xd9\x20\xa9\xe6\x4f\x56\x15\xcd"
"\x77\x4b\x69\x9d\x3a\x0d\xb4\x99"
"\x8f\xc6\x8e\x0e\x72\x58\xe3\x56"
"\xbb\x21\xd2\x7d\x93\x11\x17\x91"
"\xc4\x83\xfd\x0a\xea\x71\xfe\x77"
"\xae\x6f\x0a\xa5\xf0\xcf\xe1\x35"
"\xba\x03\xd5\x32\xfa\x5f\x41\x58"
"\x8d\x43\x98\xa7\x94\x16\x07\x02"
"\x0f\xb6\x81\x50\x28\x95\x2e\x75",
.rlen = 64 + 64,
}, { /* NIST SP800-38A F.2.5 CBC-AES256.Encrypt */
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x20" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\x44\x55\x66\x77\x88\x99\xaa\xbb"
"\xcc\xdd\xee\xff\x11\x22\x33\x44"
"\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.klen = 8 + 64 + 32,
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.alen = 16,
.input = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ilen = 64,
.result = "\xf5\x8c\x4c\x04\xd6\xe5\xf1\xba"
"\x77\x9e\xab\xfb\x5f\x7b\xfb\xd6"
"\x9c\xfc\x4e\x96\x7e\xdb\x80\x8d"
"\x67\x9f\x77\x7b\xc6\x70\x2c\x7d"
"\x39\xf2\x33\x69\xa9\xd9\xba\xcf"
"\xa5\x30\xe2\x63\x04\x23\x14\x61"
"\xb2\xeb\x05\xe2\xc3\x9b\xe9\xfc"
"\xda\x6c\x19\x07\x8c\x6a\x9d\x1b"
"\xb2\x27\x69\x7f\x45\x64\x79\x2b"
"\xb7\xb8\x4c\xd4\x75\x94\x68\x40"
"\x2a\xea\x91\xc7\x3f\x7c\xed\x7b"
"\x95\x2c\x9b\xa8\xf5\xe5\x52\x8d"
"\x6b\xe1\xae\xf1\x74\xfa\x0d\x0c"
"\xe3\x8d\x64\xc3\x8d\xff\x7c\x8c"
"\xdb\xbf\xa0\xb4\x01\xa2\xa8\xa2"
"\x2c\xb1\x62\x2c\x10\xca\xf1\x21",
.rlen = 64 + 64,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha1_des_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x08" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24",
.klen = 8 + 20 + 8,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
"\x4d\x85\x6e\x2f\xa3\x69\xf5\x82"
"\x3a\x6f\x25\xcb\x7d\x58\x1f\x9b"
"\xaa\x9c\x11\xd5\x76\x67\xce\xde"
"\x56\xd7\x5a\x80\x69\xea\x3a\x02"
"\xf0\xc7\x7c\xe3\xcb\x40\xe5\x52"
"\xd1\x10\x92\x78\x0b\x8e\x5b\xf1"
"\xe3\x26\x1f\xe1\x15\x41\xc7\xba"
"\x99\xdb\x08\x51\x1c\xd3\x01\xf4"
"\x87\x47\x39\xb8\xd2\xdd\xbd\xfb"
"\x66\x13\xdf\x1c\x01\x44\xf0\x7a"
"\x1a\x6b\x13\xf5\xd5\x0b\xb8\xba"
"\x53\xba\xe1\x76\xe3\x82\x07\x86"
"\x95\x16\x20\x09\xf5\x95\x19\xfd"
"\x3c\xc7\xe0\x42\xc0\x14\x69\xfa"
"\x5c\x44\xa9\x37",
.rlen = 128 + 20,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha224_des_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x08" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24",
.klen = 8 + 24 + 8,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
"\x4d\x85\x6e\x2f\xa3\x69\xf5\x82"
"\x3a\x6f\x25\xcb\x7d\x58\x1f\x9b"
"\xaa\x9c\x11\xd5\x76\x67\xce\xde"
"\x56\xd7\x5a\x80\x69\xea\x3a\x02"
"\xf0\xc7\x7c\xe3\xcb\x40\xe5\x52"
"\xd1\x10\x92\x78\x0b\x8e\x5b\xf1"
"\xe3\x26\x1f\xe1\x15\x41\xc7\xba"
"\x99\xdb\x08\x51\x1c\xd3\x01\xf4"
"\x87\x47\x39\xb8\xd2\xdd\xbd\xfb"
"\x66\x13\xdf\x1c\x01\x44\xf0\x7a"
"\x1a\x6b\x13\xf5\xd5\x0b\xb8\xba"
"\x53\xba\xe1\x76\xe3\x82\x07\x86"
"\x9c\x2d\x7e\xee\x20\x34\x55\x0a"
"\xce\xb5\x4e\x64\x53\xe7\xbf\x91"
"\xab\xd4\xd9\xda\xc9\x12\xae\xf7",
.rlen = 128 + 24,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha256_des_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x08" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24",
.klen = 8 + 32 + 8,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
"\x4d\x85\x6e\x2f\xa3\x69\xf5\x82"
"\x3a\x6f\x25\xcb\x7d\x58\x1f\x9b"
"\xaa\x9c\x11\xd5\x76\x67\xce\xde"
"\x56\xd7\x5a\x80\x69\xea\x3a\x02"
"\xf0\xc7\x7c\xe3\xcb\x40\xe5\x52"
"\xd1\x10\x92\x78\x0b\x8e\x5b\xf1"
"\xe3\x26\x1f\xe1\x15\x41\xc7\xba"
"\x99\xdb\x08\x51\x1c\xd3\x01\xf4"
"\x87\x47\x39\xb8\xd2\xdd\xbd\xfb"
"\x66\x13\xdf\x1c\x01\x44\xf0\x7a"
"\x1a\x6b\x13\xf5\xd5\x0b\xb8\xba"
"\x53\xba\xe1\x76\xe3\x82\x07\x86"
"\xc6\x58\xa1\x60\x70\x91\x39\x36"
"\x50\xf6\x5d\xab\x4b\x51\x4e\x5e"
"\xde\x63\xde\x76\x52\xde\x9f\xba"
"\x90\xcf\x15\xf2\xbb\x6e\x84\x00",
.rlen = 128 + 32,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha384_des_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x08" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24",
.klen = 8 + 48 + 8,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
"\x4d\x85\x6e\x2f\xa3\x69\xf5\x82"
"\x3a\x6f\x25\xcb\x7d\x58\x1f\x9b"
"\xaa\x9c\x11\xd5\x76\x67\xce\xde"
"\x56\xd7\x5a\x80\x69\xea\x3a\x02"
"\xf0\xc7\x7c\xe3\xcb\x40\xe5\x52"
"\xd1\x10\x92\x78\x0b\x8e\x5b\xf1"
"\xe3\x26\x1f\xe1\x15\x41\xc7\xba"
"\x99\xdb\x08\x51\x1c\xd3\x01\xf4"
"\x87\x47\x39\xb8\xd2\xdd\xbd\xfb"
"\x66\x13\xdf\x1c\x01\x44\xf0\x7a"
"\x1a\x6b\x13\xf5\xd5\x0b\xb8\xba"
"\x53\xba\xe1\x76\xe3\x82\x07\x86"
"\xa8\x8e\x9c\x74\x8c\x2b\x99\xa0"
"\xc8\x8c\xef\x25\x07\x83\x11\x3a"
"\x31\x8d\xbe\x3b\x6a\xd7\x96\xfe"
"\x5e\x67\xb5\x74\xe7\xe7\x85\x61"
"\x6a\x95\x26\x75\xcc\x53\x89\xf3"
"\x74\xc9\x2a\x76\x20\xa2\x64\x62",
.rlen = 128 + 48,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha512_des_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x08" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\x44\x55\x66\x77\x88\x99\xaa\xbb"
"\xcc\xdd\xee\xff\x11\x22\x33\x44"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24",
.klen = 8 + 64 + 8,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x70\xd6\xde\x64\x87\x17\xf1\xe8"
"\x54\x31\x85\x37\xed\x6b\x01\x8d"
"\xe3\xcc\xe0\x1d\x5e\xf3\xfe\xf1"
"\x41\xaa\x33\x91\xa7\x7d\x99\x88"
"\x4d\x85\x6e\x2f\xa3\x69\xf5\x82"
"\x3a\x6f\x25\xcb\x7d\x58\x1f\x9b"
"\xaa\x9c\x11\xd5\x76\x67\xce\xde"
"\x56\xd7\x5a\x80\x69\xea\x3a\x02"
"\xf0\xc7\x7c\xe3\xcb\x40\xe5\x52"
"\xd1\x10\x92\x78\x0b\x8e\x5b\xf1"
"\xe3\x26\x1f\xe1\x15\x41\xc7\xba"
"\x99\xdb\x08\x51\x1c\xd3\x01\xf4"
"\x87\x47\x39\xb8\xd2\xdd\xbd\xfb"
"\x66\x13\xdf\x1c\x01\x44\xf0\x7a"
"\x1a\x6b\x13\xf5\xd5\x0b\xb8\xba"
"\x53\xba\xe1\x76\xe3\x82\x07\x86"
"\xc6\x2c\x73\x88\xb0\x9d\x5f\x3e"
"\x5b\x78\xca\x0e\xab\x8a\xa3\xbb"
"\xd9\x1d\xc3\xe3\x05\xac\x76\xfb"
"\x58\x83\xda\x67\xfb\x21\x24\xa2"
"\xb1\xa7\xd7\x66\xa6\x8d\xa6\x93"
"\x97\xe2\xe3\xb8\xaa\x48\x85\xee"
"\x8c\xf6\x07\x95\x1f\xa6\x6c\x96"
"\x99\xc7\x5c\x8d\xd8\xb5\x68\x7b",
.rlen = 128 + 64,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha1_des3_ede_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
"\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
"\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
.klen = 8 + 20 + 24,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
"\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
"\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
"\x76\xd1\xda\x0c\x94\x67\xbb\x04"
"\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
"\x22\x64\x47\xaa\x8f\x75\x13\xbf"
"\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
"\x71\x63\x2e\x89\x7b\x1e\x12\xca"
"\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
"\xd6\xf9\x21\x31\x62\x44\x45\xa6"
"\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
"\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
"\x6b\xfa\xb1\x91\x13\xb0\xd9\x19"
"\x67\x6d\xb1\xf5\xb8\x10\xdc\xc6"
"\x75\x86\x96\x6b\xb1\xc5\xe4\xcf"
"\xd1\x60\x91\xb3",
.rlen = 128 + 20,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha224_des3_ede_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
"\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
"\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
.klen = 8 + 24 + 24,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
"\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
"\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
"\x76\xd1\xda\x0c\x94\x67\xbb\x04"
"\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
"\x22\x64\x47\xaa\x8f\x75\x13\xbf"
"\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
"\x71\x63\x2e\x89\x7b\x1e\x12\xca"
"\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
"\xd6\xf9\x21\x31\x62\x44\x45\xa6"
"\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
"\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
"\x6b\xfa\xb1\x91\x13\xb0\xd9\x19"
"\x15\x24\x7f\x5a\x45\x4a\x66\xce"
"\x2b\x0b\x93\x99\x2f\x9d\x0c\x6c"
"\x56\x1f\xe1\xa6\x41\xb2\x4c\xd0",
.rlen = 128 + 24,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha256_des3_ede_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
"\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
"\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
.klen = 8 + 32 + 24,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
"\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
"\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
"\x76\xd1\xda\x0c\x94\x67\xbb\x04"
"\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
"\x22\x64\x47\xaa\x8f\x75\x13\xbf"
"\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
"\x71\x63\x2e\x89\x7b\x1e\x12\xca"
"\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
"\xd6\xf9\x21\x31\x62\x44\x45\xa6"
"\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
"\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
"\x6b\xfa\xb1\x91\x13\xb0\xd9\x19"
"\x73\xb0\xea\x9f\xe8\x18\x80\xd6"
"\x56\x38\x44\xc0\xdb\xe3\x4f\x71"
"\xf7\xce\xd1\xd3\xf8\xbd\x3e\x4f"
"\xca\x43\x95\xdf\x80\x61\x81\xa9",
.rlen = 128 + 32,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec hmac_sha384_des3_ede_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
"\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
"\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
.klen = 8 + 48 + 24,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
"\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
"\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
"\x76\xd1\xda\x0c\x94\x67\xbb\x04"
"\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
"\x22\x64\x47\xaa\x8f\x75\x13\xbf"
"\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
"\x71\x63\x2e\x89\x7b\x1e\x12\xca"
"\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
"\xd6\xf9\x21\x31\x62\x44\x45\xa6"
"\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
"\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
"\x6b\xfa\xb1\x91\x13\xb0\xd9\x19"
"\x6d\x77\xfc\x80\x9d\x8a\x9c\xb7"
"\x70\xe7\x93\xbf\x73\xe6\x9f\x83"
"\x99\x62\x23\xe6\x5b\xd0\xda\x18"
"\xa4\x32\x8a\x0b\x46\xd7\xf0\x39"
"\x36\x5d\x13\x2f\x86\x10\x78\xd6"
"\xd6\xbe\x5c\xb9\x15\x89\xf9\x1b",
.rlen = 128 + 48,
},
};
static const struct aead_testvec hmac_sha512_des3_ede_cbc_enc_tv_temp[] = {
{ /*Generated with cryptopp*/
#ifdef __LITTLE_ENDIAN
.key = "\x08\x00" /* rta length */
"\x01\x00" /* rta type */
#else
.key = "\x00\x08" /* rta length */
"\x00\x01" /* rta type */
#endif
"\x00\x00\x00\x18" /* enc key length */
"\x11\x22\x33\x44\x55\x66\x77\x88"
"\x99\xaa\xbb\xcc\xdd\xee\xff\x11"
"\x22\x33\x44\x55\x66\x77\x88\x99"
"\xaa\xbb\xcc\xdd\xee\xff\x11\x22"
"\x33\x44\x55\x66\x77\x88\x99\xaa"
"\xbb\xcc\xdd\xee\xff\x11\x22\x33"
"\x44\x55\x66\x77\x88\x99\xaa\xbb"
"\xcc\xdd\xee\xff\x11\x22\x33\x44"
"\xE9\xC0\xFF\x2E\x76\x0B\x64\x24"
"\x44\x4D\x99\x5A\x12\xD6\x40\xC0"
"\xEA\xC2\x84\xE8\x14\x95\xDB\xE8",
.klen = 8 + 64 + 24,
.iv = "\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x01"
"\x7D\x33\x88\x93\x0F\x93\xB2\x42",
.alen = 16,
.input = "\x6f\x54\x20\x6f\x61\x4d\x79\x6e"
"\x53\x20\x63\x65\x65\x72\x73\x74"
"\x54\x20\x6f\x6f\x4d\x20\x6e\x61"
"\x20\x79\x65\x53\x72\x63\x74\x65"
"\x20\x73\x6f\x54\x20\x6f\x61\x4d"
"\x79\x6e\x53\x20\x63\x65\x65\x72"
"\x73\x74\x54\x20\x6f\x6f\x4d\x20"
"\x6e\x61\x20\x79\x65\x53\x72\x63"
"\x74\x65\x20\x73\x6f\x54\x20\x6f"
"\x61\x4d\x79\x6e\x53\x20\x63\x65"
"\x65\x72\x73\x74\x54\x20\x6f\x6f"
"\x4d\x20\x6e\x61\x20\x79\x65\x53"
"\x72\x63\x74\x65\x20\x73\x6f\x54"
"\x20\x6f\x61\x4d\x79\x6e\x53\x20"
"\x63\x65\x65\x72\x73\x74\x54\x20"
"\x6f\x6f\x4d\x20\x6e\x61\x0a\x79",
.ilen = 128,
.result = "\x0e\x2d\xb6\x97\x3c\x56\x33\xf4"
"\x67\x17\x21\xc7\x6e\x8a\xd5\x49"
"\x74\xb3\x49\x05\xc5\x1c\xd0\xed"
"\x12\x56\x5c\x53\x96\xb6\x00\x7d"
"\x90\x48\xfc\xf5\x8d\x29\x39\xcc"
"\x8a\xd5\x35\x18\x36\x23\x4e\xd7"
"\x76\xd1\xda\x0c\x94\x67\xbb\x04"
"\x8b\xf2\x03\x6c\xa8\xcf\xb6\xea"
"\x22\x64\x47\xaa\x8f\x75\x13\xbf"
"\x9f\xc2\xc3\xf0\xc9\x56\xc5\x7a"
"\x71\x63\x2e\x89\x7b\x1e\x12\xca"
"\xe2\x5f\xaf\xd8\xa4\xf8\xc9\x7a"
"\xd6\xf9\x21\x31\x62\x44\x45\xa6"
"\xd6\xbc\x5a\xd3\x2d\x54\x43\xcc"
"\x9d\xde\xa5\x70\xe9\x42\x45\x8a"
"\x6b\xfa\xb1\x91\x13\xb0\xd9\x19"
"\x41\xb5\x1f\xbb\xbd\x4e\xb8\x32"
"\x22\x86\x4e\x57\x1b\x2a\xd8\x6e"
"\xa9\xfb\xc8\xf3\xbf\x2d\xae\x2b"
"\x3b\xbc\x41\xe8\x38\xbb\xf1\x60"
"\x4c\x68\xa9\x4e\x8c\x73\xa7\xc0"
"\x2a\x74\xd4\x65\x12\xcb\x55\xf2"
"\xd5\x02\x6d\xe6\xaf\xc9\x2f\xf2"
"\x57\xaa\x85\xf7\xf3\x6a\xcb\xdb",
.rlen = 128 + 64,
},
};
static const struct cipher_testvec aes_lrw_tv_template[] = {
/* from http://grouper.ieee.org/groups/1619/email/pdf00017.pdf */
{ /* LRW-32-AES 1 */
.key = "\x45\x62\xac\x25\xf8\x28\x17\x6d"
"\x4c\x26\x84\x14\xb5\x68\x01\x85"
"\x25\x8e\x2a\x05\xe7\x3e\x9d\x03"
"\xee\x5a\x83\x0c\xcc\x09\x4c\x87",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\xf1\xb2\x73\xcd\x65\xa3\xdf\x5f"
"\xe9\x5d\x48\x92\x54\x63\x4e\xb8",
.len = 16,
}, { /* LRW-32-AES 2 */
.key = "\x59\x70\x47\x14\xf5\x57\x47\x8c"
"\xd7\x79\xe8\x0f\x54\x88\x79\x44"
"\x0d\x48\xf0\xb7\xb1\x5a\x53\xea"
"\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x02",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x00\xc8\x2b\xae\x95\xbb\xcd\xe5"
"\x27\x4f\x07\x69\xb2\x60\xe1\x36",
.len = 16,
}, { /* LRW-32-AES 3 */
.key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50"
"\x30\xfe\x69\xe2\x37\x7f\x98\x47"
"\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6"
"\xb0\x0d\x0d\x1b\xae\x85\x87\x1f",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x76\x32\x21\x83\xed\x8f\xf1\x82"
"\xf9\x59\x62\x03\x69\x0e\x5e\x01",
.len = 16,
}, { /* LRW-32-AES 4 */
.key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15"
"\x25\x83\xf7\x3c\x1f\x01\x28\x74"
"\xca\xc6\xbc\x35\x4d\x4a\x65\x54"
"\x90\xae\x61\xcf\x7b\xae\xbd\xcc"
"\xad\xe4\x94\xc5\x4a\x29\xae\x70",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x9c\x0f\x15\x2f\x55\xa2\xd8\xf0"
"\xd6\x7b\x8f\x9e\x28\x22\xbc\x41",
.len = 16,
}, { /* LRW-32-AES 5 */
.key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff"
"\xf8\x86\xce\xac\x93\xc5\xad\xc6"
"\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd"
"\x52\x13\xb2\xb7\xf0\xff\x11\xd8"
"\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\xd4\x27\x6a\x7f\x14\x91\x3d\x65"
"\xc8\x60\x48\x02\x87\xe3\x34\x06",
.len = 16,
}, { /* LRW-32-AES 6 */
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\xbd\x06\xb8\xe1\xdb\x98\x89\x9e"
"\xc4\x98\xe4\x91\xcf\x1c\x70\x2b",
.len = 16,
}, { /* LRW-32-AES 7 */
.key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d"
"\xd4\x70\x98\x0b\xc7\x95\x84\xc8"
"\xb2\xfb\x64\xce\x60\x97\x87\x8d"
"\x17\xfc\xe4\x5a\x49\xe8\x30\xb7"
"\x6e\x78\x17\xe7\x2d\x5e\x12\xd4"
"\x60\x64\x04\x7a\xf1\x2f\x9e\x0c",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x5b\x90\x8e\xc1\xab\xdd\x67\x5f"
"\x3d\x69\x8a\x95\x53\xc8\x9c\xe5",
.len = 16,
}, {
/* http://www.mail-archive.com/stds-p1619@listserv.ieee.org/msg00173.html */
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac"
"\x70\x5d\xf6\x22\x94\xcd\xe5\x6c"
"\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8"
"\x50\x38\x1f\x71\x49\xb6\x57\xd6"
"\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90"
"\xfe\x2a\x62\x82\xae\x6d\x8b\xf6"
"\xad\x1e\x9e\x20\x5f\x38\xbe\x04"
"\xda\x10\x8e\xed\xa2\xa4\x87\xab"
"\xda\x6b\xb4\x0c\x75\xba\xd3\x7c"
"\xc9\xac\x42\x31\x95\x7c\xc9\x04"
"\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6"
"\x15\xd7\x3f\x4f\x2f\x66\x69\x03"
"\x9c\x1f\x54\x0f\xde\x1f\xf3\x65"
"\x4c\x96\x12\xed\x7c\x92\x03\x01"
"\x6f\xbc\x35\x93\xac\xf1\x27\xf1"
"\xb4\x96\x82\x5a\x5f\xb0\xa0\x50"
"\x89\xa4\x8e\x66\x44\x85\xcc\xfd"
"\x33\x14\x70\xe3\x96\xb2\xc3\xd3"
"\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5"
"\x2d\x64\x75\xdd\xb4\x54\xe6\x74"
"\x8c\xd3\x9d\x9e\x86\xab\x51\x53"
"\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40"
"\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5"
"\x76\x12\x73\x44\x1a\x56\xd7\x72"
"\x88\xcd\x21\x8c\x4c\x0f\xfe\xda"
"\x95\xe0\x3a\xa6\xa5\x84\x46\xcd"
"\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60"
"\x1a\xe2\x70\x85\x58\xc2\x1b\x09"
"\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9"
"\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8"
"\x51\x71\xd9\x3c\x6c\xf1\x56\xf8"
"\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10"
"\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1"
"\x90\x3e\x76\x4a\x74\xa4\x21\x2c"
"\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e"
"\x41\x09\x6a\x33\x7d\xf6\xdd\x3f"
"\x8d\x23\x31\x74\x84\xeb\x88\x6e"
"\xcc\xb9\xbc\x22\x83\x19\x07\x22"
"\xa5\x2d\xdf\xa5\xf3\x80\x85\x78"
"\x84\x39\x6a\x6d\x6a\x99\x4f\xa5"
"\x15\xfe\x46\xb0\xe4\x6c\xa5\x41"
"\x3c\xce\x8f\x42\x60\x71\xa7\x75"
"\x08\x40\x65\x8a\x82\xbf\xf5\x43"
"\x71\x96\xa9\x4d\x44\x8a\x20\xbe"
"\xfa\x4d\xbb\xc0\x7d\x31\x96\x65"
"\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9"
"\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4"
"\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a"
"\x62\x73\x65\xfd\x46\x63\x25\x3d"
"\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf"
"\x24\xf3\xb4\xac\x64\xba\xdf\x4b"
"\xc6\x96\x7d\x81\x2d\x8d\x97\xf7"
"\xc5\x68\x77\x84\x32\x2b\xcc\x85"
"\x74\x96\xf0\x12\x77\x61\xb9\xeb"
"\x71\xaa\x82\xcb\x1c\xdb\x89\xc8"
"\xc6\xb5\xe3\x5c\x7d\x39\x07\x24"
"\xda\x39\x87\x45\xc0\x2b\xbb\x01"
"\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce"
"\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6"
"\xc5\x55\xa9\x66\x2f\xe1\xc8\x32"
"\xa6\x5d\xa4\x3a\x98\x73\xe8\x45"
"\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6"
"\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4"
"\x21\xc4\xc2\x75\x67\x89\x37\x0a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x1a\x1d\xa9\x30\xad\xf9\x2f\x9b"
"\xb6\x1d\xae\xef\xf0\x2f\xf8\x5a"
"\x39\x3c\xbf\x2a\xb2\x45\xb2\x23"
"\x1b\x63\x3c\xcf\xaa\xbe\xcf\x4e"
"\xfa\xe8\x29\xc2\x20\x68\x2b\x3c"
"\x2e\x8b\xf7\x6e\x25\xbd\xe3\x3d"
"\x66\x27\xd6\xaf\xd6\x64\x3e\xe3"
"\xe8\x58\x46\x97\x39\x51\x07\xde"
"\xcb\x37\xbc\xa9\xc0\x5f\x75\xc3"
"\x0e\x84\x23\x1d\x16\xd4\x1c\x59"
"\x9c\x1a\x02\x55\xab\x3a\x97\x1d"
"\xdf\xdd\xc7\x06\x51\xd7\x70\xae"
"\x23\xc6\x8c\xf5\x1e\xa0\xe5\x82"
"\xb8\xb2\xbf\x04\xa0\x32\x8e\x68"
"\xeb\xaf\x6e\x2d\x94\x22\x2f\xce"
"\x4c\xb5\x59\xe2\xa2\x2f\xa0\x98"
"\x1a\x97\xc6\xd4\xb5\x00\x59\xf2"
"\x84\x14\x72\xb1\x9a\x6e\xa3\x7f"
"\xea\x20\xe7\xcb\x65\x77\x3a\xdf"
"\xc8\x97\x67\x15\xc2\x2a\x27\xcc"
"\x18\x55\xa1\x24\x0b\x24\x24\xaf"
"\x5b\xec\x68\xb8\xc8\xf5\xba\x63"
"\xff\xed\x89\xce\xd5\x3d\x88\xf3"
"\x25\xef\x05\x7c\x3a\xef\xeb\xd8"
"\x7a\x32\x0d\xd1\x1e\x58\x59\x99"
"\x90\x25\xb5\x26\xb0\xe3\x2b\x6c"
"\x4c\xa9\x8b\x84\x4f\x5e\x01\x50"
"\x41\x30\x58\xc5\x62\x74\x52\x1d"
"\x45\x24\x6a\x42\x64\x4f\x97\x1c"
"\xa8\x66\xb5\x6d\x79\xd4\x0d\x48"
"\xc5\x5f\xf3\x90\x32\xdd\xdd\xe1"
"\xe4\xa9\x9f\xfc\xc3\x52\x5a\x46"
"\xe4\x81\x84\x95\x36\x59\x7a\x6b"
"\xaa\xb3\x60\xad\xce\x9f\x9f\x28"
"\xe0\x01\x75\x22\xc4\x4e\xa9\x62"
"\x5c\x62\x0d\x00\xcb\x13\xe8\x43"
"\x72\xd4\x2d\x53\x46\xb5\xd1\x16"
"\x22\x18\xdf\x34\x33\xf5\xd6\x1c"
"\xb8\x79\x78\x97\x94\xff\x72\x13"
"\x4c\x27\xfc\xcb\xbf\x01\x53\xa6"
"\xb4\x50\x6e\xde\xdf\xb5\x43\xa4"
"\x59\xdf\x52\xf9\x7c\xe0\x11\x6f"
"\x2d\x14\x8e\x24\x61\x2c\xe1\x17"
"\xcc\xce\x51\x0c\x19\x8a\x82\x30"
"\x94\xd5\x3d\x6a\x53\x06\x5e\xbd"
"\xb7\xeb\xfa\xfd\x27\x51\xde\x85"
"\x1e\x86\x53\x11\x53\x94\x00\xee"
"\x2b\x8c\x08\x2a\xbf\xdd\xae\x11"
"\xcb\x1e\xa2\x07\x9a\x80\xcf\x62"
"\x9b\x09\xdc\x95\x3c\x96\x8e\xb1"
"\x09\xbd\xe4\xeb\xdb\xca\x70\x7a"
"\x9e\xfa\x31\x18\x45\x3c\x21\x33"
"\xb0\xb3\x2b\xea\xf3\x71\x2d\xe1"
"\x03\xad\x1b\x48\xd4\x67\x27\xf0"
"\x62\xe4\x3d\xfb\x9b\x08\x76\xe7"
"\xdd\x2b\x01\x39\x04\x5a\x58\x7a"
"\xf7\x11\x90\xec\xbd\x51\x5c\x32"
"\x6b\xd7\x35\x39\x02\x6b\xf2\xa6"
"\xd0\x0d\x07\xe1\x06\xc4\x5b\x7d"
"\xe4\x6a\xd7\xee\x15\x1f\x83\xb4"
"\xa3\xa7\x5e\xc3\x90\xb7\xef\xd3"
"\xb7\x4f\xf8\x92\x4c\xb7\x3c\x29"
"\xcd\x7e\x2b\x5d\x43\xea\x42\xe7"
"\x74\x3f\x7d\x58\x88\x75\xde\x3e",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
}
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec aes_xts_tv_template[] = {
/* http://grouper.ieee.org/groups/1619/email/pdf00086.pdf */
{ /* XTS-AES 1 */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.fips_skip = 1,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\x91\x7c\xf6\x9e\xbd\x68\xb2\xec"
"\x9b\x9f\xe9\xa3\xea\xdd\xa6\x92"
"\xcd\x43\xd2\xf5\x95\x98\xed\x85"
"\x8c\x02\xc2\x65\x2f\xbf\x92\x2e",
.len = 32,
}, { /* XTS-AES 2 */
.key = "\x11\x11\x11\x11\x11\x11\x11\x11"
"\x11\x11\x11\x11\x11\x11\x11\x11"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
.ctext = "\xc4\x54\x18\x5e\x6a\x16\x93\x6e"
"\x39\x33\x40\x38\xac\xef\x83\x8b"
"\xfb\x18\x6f\xff\x74\x80\xad\xc4"
"\x28\x93\x82\xec\xd6\xd3\x94\xf0",
.len = 32,
}, { /* XTS-AES 3 */
.key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
"\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
.ctext = "\xaf\x85\x33\x6b\x59\x7a\xfc\x1a"
"\x90\x0b\x2e\xb2\x1e\xc9\x49\xd2"
"\x92\xdf\x4c\x04\x7e\x0b\x21\x53"
"\x21\x86\xa5\x97\x1a\x22\x7a\x89",
.len = 32,
}, { /* XTS-AES 4 */
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x31\x41\x59\x26\x53\x58\x97\x93"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x23\x84\x62\x64\x33\x83\x27\x95",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x27\xa7\x47\x9b\xef\xa1\xd4\x76"
"\x48\x9f\x30\x8c\xd4\xcf\xa6\xe2"
"\xa9\x6e\x4b\xbe\x32\x08\xff\x25"
"\x28\x7d\xd3\x81\x96\x16\xe8\x9c"
"\xc7\x8c\xf7\xf5\xe5\x43\x44\x5f"
"\x83\x33\xd8\xfa\x7f\x56\x00\x00"
"\x05\x27\x9f\xa5\xd8\xb5\xe4\xad"
"\x40\xe7\x36\xdd\xb4\xd3\x54\x12"
"\x32\x80\x63\xfd\x2a\xab\x53\xe5"
"\xea\x1e\x0a\x9f\x33\x25\x00\xa5"
"\xdf\x94\x87\xd0\x7a\x5c\x92\xcc"
"\x51\x2c\x88\x66\xc7\xe8\x60\xce"
"\x93\xfd\xf1\x66\xa2\x49\x12\xb4"
"\x22\x97\x61\x46\xae\x20\xce\x84"
"\x6b\xb7\xdc\x9b\xa9\x4a\x76\x7a"
"\xae\xf2\x0c\x0d\x61\xad\x02\x65"
"\x5e\xa9\x2d\xc4\xc4\xe4\x1a\x89"
"\x52\xc6\x51\xd3\x31\x74\xbe\x51"
"\xa1\x0c\x42\x11\x10\xe6\xd8\x15"
"\x88\xed\xe8\x21\x03\xa2\x52\xd8"
"\xa7\x50\xe8\x76\x8d\xef\xff\xed"
"\x91\x22\x81\x0a\xae\xb9\x9f\x91"
"\x72\xaf\x82\xb6\x04\xdc\x4b\x8e"
"\x51\xbc\xb0\x82\x35\xa6\xf4\x34"
"\x13\x32\xe4\xca\x60\x48\x2a\x4b"
"\xa1\xa0\x3b\x3e\x65\x00\x8f\xc5"
"\xda\x76\xb7\x0b\xf1\x69\x0d\xb4"
"\xea\xe2\x9c\x5f\x1b\xad\xd0\x3c"
"\x5c\xcf\x2a\x55\xd7\x05\xdd\xcd"
"\x86\xd4\x49\x51\x1c\xeb\x7e\xc3"
"\x0b\xf1\x2b\x1f\xa3\x5b\x91\x3f"
"\x9f\x74\x7a\x8a\xfd\x1b\x13\x0e"
"\x94\xbf\xf9\x4e\xff\xd0\x1a\x91"
"\x73\x5c\xa1\x72\x6a\xcd\x0b\x19"
"\x7c\x4e\x5b\x03\x39\x36\x97\xe1"
"\x26\x82\x6f\xb6\xbb\xde\x8e\xcc"
"\x1e\x08\x29\x85\x16\xe2\xc9\xed"
"\x03\xff\x3c\x1b\x78\x60\xf6\xde"
"\x76\xd4\xce\xcd\x94\xc8\x11\x98"
"\x55\xef\x52\x97\xca\x67\xe9\xf3"
"\xe7\xff\x72\xb1\xe9\x97\x85\xca"
"\x0a\x7e\x77\x20\xc5\xb3\x6d\xc6"
"\xd7\x2c\xac\x95\x74\xc8\xcb\xbc"
"\x2f\x80\x1e\x23\xe5\x6f\xd3\x44"
"\xb0\x7f\x22\x15\x4b\xeb\xa0\xf0"
"\x8c\xe8\x89\x1e\x64\x3e\xd9\x95"
"\xc9\x4d\x9a\x69\xc9\xf1\xb5\xf4"
"\x99\x02\x7a\x78\x57\x2a\xee\xbd"
"\x74\xd2\x0c\xc3\x98\x81\xc2\x13"
"\xee\x77\x0b\x10\x10\xe4\xbe\xa7"
"\x18\x84\x69\x77\xae\x11\x9f\x7a"
"\x02\x3a\xb5\x8c\xca\x0a\xd7\x52"
"\xaf\xe6\x56\xbb\x3c\x17\x25\x6a"
"\x9f\x6e\x9b\xf1\x9f\xdd\x5a\x38"
"\xfc\x82\xbb\xe8\x72\xc5\x53\x9e"
"\xdb\x60\x9e\xf4\xf7\x9c\x20\x3e"
"\xbb\x14\x0f\x2e\x58\x3c\xb2\xad"
"\x15\xb4\xaa\x5b\x65\x50\x16\xa8"
"\x44\x92\x77\xdb\xd4\x77\xef\x2c"
"\x8d\x6c\x01\x7d\xb7\x38\xb1\x8d"
"\xeb\x4a\x42\x7d\x19\x23\xce\x3f"
"\xf2\x62\x73\x57\x79\xa4\x18\xf2"
"\x0a\x28\x2d\xf9\x20\x14\x7b\xea"
"\xbe\x42\x1e\xe5\x31\x9d\x05\x68",
.len = 512,
}, { /* XTS-AES 10, XTS-AES-256, data unit 512 bytes */
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x62\x49\x77\x57\x24\x70\x93\x69"
"\x99\x59\x57\x49\x66\x96\x76\x27"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95"
"\x02\x88\x41\x97\x16\x93\x99\x37"
"\x51\x05\x82\x09\x74\x94\x45\x92",
.klen = 64,
.iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x1c\x3b\x3a\x10\x2f\x77\x03\x86"
"\xe4\x83\x6c\x99\xe3\x70\xcf\x9b"
"\xea\x00\x80\x3f\x5e\x48\x23\x57"
"\xa4\xae\x12\xd4\x14\xa3\xe6\x3b"
"\x5d\x31\xe2\x76\xf8\xfe\x4a\x8d"
"\x66\xb3\x17\xf9\xac\x68\x3f\x44"
"\x68\x0a\x86\xac\x35\xad\xfc\x33"
"\x45\xbe\xfe\xcb\x4b\xb1\x88\xfd"
"\x57\x76\x92\x6c\x49\xa3\x09\x5e"
"\xb1\x08\xfd\x10\x98\xba\xec\x70"
"\xaa\xa6\x69\x99\xa7\x2a\x82\xf2"
"\x7d\x84\x8b\x21\xd4\xa7\x41\xb0"
"\xc5\xcd\x4d\x5f\xff\x9d\xac\x89"
"\xae\xba\x12\x29\x61\xd0\x3a\x75"
"\x71\x23\xe9\x87\x0f\x8a\xcf\x10"
"\x00\x02\x08\x87\x89\x14\x29\xca"
"\x2a\x3e\x7a\x7d\x7d\xf7\xb1\x03"
"\x55\x16\x5c\x8b\x9a\x6d\x0a\x7d"
"\xe8\xb0\x62\xc4\x50\x0d\xc4\xcd"
"\x12\x0c\x0f\x74\x18\xda\xe3\xd0"
"\xb5\x78\x1c\x34\x80\x3f\xa7\x54"
"\x21\xc7\x90\xdf\xe1\xde\x18\x34"
"\xf2\x80\xd7\x66\x7b\x32\x7f\x6c"
"\x8c\xd7\x55\x7e\x12\xac\x3a\x0f"
"\x93\xec\x05\xc5\x2e\x04\x93\xef"
"\x31\xa1\x2d\x3d\x92\x60\xf7\x9a"
"\x28\x9d\x6a\x37\x9b\xc7\x0c\x50"
"\x84\x14\x73\xd1\xa8\xcc\x81\xec"
"\x58\x3e\x96\x45\xe0\x7b\x8d\x96"
"\x70\x65\x5b\xa5\xbb\xcf\xec\xc6"
"\xdc\x39\x66\x38\x0a\xd8\xfe\xcb"
"\x17\xb6\xba\x02\x46\x9a\x02\x0a"
"\x84\xe1\x8e\x8f\x84\x25\x20\x70"
"\xc1\x3e\x9f\x1f\x28\x9b\xe5\x4f"
"\xbc\x48\x14\x57\x77\x8f\x61\x60"
"\x15\xe1\x32\x7a\x02\xb1\x40\xf1"
"\x50\x5e\xb3\x09\x32\x6d\x68\x37"
"\x8f\x83\x74\x59\x5c\x84\x9d\x84"
"\xf4\xc3\x33\xec\x44\x23\x88\x51"
"\x43\xcb\x47\xbd\x71\xc5\xed\xae"
"\x9b\xe6\x9a\x2f\xfe\xce\xb1\xbe"
"\xc9\xde\x24\x4f\xbe\x15\x99\x2b"
"\x11\xb7\x7c\x04\x0f\x12\xbd\x8f"
"\x6a\x97\x5a\x44\xa0\xf9\x0c\x29"
"\xa9\xab\xc3\xd4\xd8\x93\x92\x72"
"\x84\xc5\x87\x54\xcc\xe2\x94\x52"
"\x9f\x86\x14\xdc\xd2\xab\xa9\x91"
"\x92\x5f\xed\xc4\xae\x74\xff\xac"
"\x6e\x33\x3b\x93\xeb\x4a\xff\x04"
"\x79\xda\x9a\x41\x0e\x44\x50\xe0"
"\xdd\x7a\xe4\xc6\xe2\x91\x09\x00"
"\x57\x5d\xa4\x01\xfc\x07\x05\x9f"
"\x64\x5e\x8b\x7e\x9b\xfd\xef\x33"
"\x94\x30\x54\xff\x84\x01\x14\x93"
"\xc2\x7b\x34\x29\xea\xed\xb4\xed"
"\x53\x76\x44\x1a\x77\xed\x43\x85"
"\x1a\xd7\x7f\x16\xf5\x41\xdf\xd2"
"\x69\xd5\x0d\x6a\x5f\x14\xfb\x0a"
"\xab\x1c\xbb\x4c\x15\x50\xbe\x97"
"\xf7\xab\x40\x66\x19\x3c\x4c\xaa"
"\x77\x3d\xad\x38\x01\x4b\xd2\x09"
"\x2f\xa7\x55\xc8\x24\xbb\x5e\x54"
"\xc4\xf3\x6f\xfd\xa9\xfc\xea\x70"
"\xb9\xc6\xe6\x93\xe1\x48\xc1\x51",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
}
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec aes_ctr_tv_template[] = {
{ /* From NIST Special Publication 800-38A, Appendix F.5 */
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\x87\x4d\x61\x91\xb6\x20\xe3\x26"
"\x1b\xef\x68\x64\x99\x0d\xb6\xce"
"\x98\x06\xf6\x6b\x79\x70\xfd\xff"
"\x86\x17\x18\x7b\xb9\xff\xfd\xff"
"\x5a\xe4\xdf\x3e\xdb\xd5\xd3\x5e"
"\x5b\x4f\x09\x02\x0d\xb0\x3e\xab"
"\x1e\x03\x1d\xda\x2f\xbe\x03\xd1"
"\x79\x21\x70\xa0\xf3\x00\x9c\xee",
.len = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8e\x73\xb0\xf7\xda\x0e\x64\x52"
"\xc8\x10\xf3\x2b\x80\x90\x79\xe5"
"\x62\xf8\xea\xd2\x52\x2c\x6b\x7b",
.klen = 24,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\x1a\xbc\x93\x24\x17\x52\x1c\xa2"
"\x4f\x2b\x04\x59\xfe\x7e\x6e\x0b"
"\x09\x03\x39\xec\x0a\xa6\xfa\xef"
"\xd5\xcc\xc2\xc6\xf4\xce\x8e\x94"
"\x1e\x36\xb2\x6b\xd1\xeb\xc6\x70"
"\xd1\xbd\x1d\x66\x56\x20\xab\xf7"
"\x4f\x78\xa7\xf6\xd2\x98\x09\x58"
"\x5a\x97\xda\xec\x58\xc6\xb0\x50",
.len = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x60\x3d\xeb\x10\x15\xca\x71\xbe"
"\x2b\x73\xae\xf0\x85\x7d\x77\x81"
"\x1f\x35\x2c\x07\x3b\x61\x08\xd7"
"\x2d\x98\x10\xa3\x09\x14\xdf\xf4",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\x60\x1e\xc3\x13\x77\x57\x89\xa5"
"\xb7\xa7\xf5\x04\xbb\xf3\xd2\x28"
"\xf4\x43\xe3\xca\x4d\x62\xb5\x9a"
"\xca\x84\xe9\x90\xca\xca\xf5\xc5"
"\x2b\x09\x30\xda\xa2\x3d\xe9\x4c"
"\xe8\x70\x17\xba\x2d\x84\x98\x8d"
"\xdf\xc9\xc5\x8d\xb6\x7a\xad\xa6"
"\x13\xc2\xdd\x08\x45\x79\x41\xa6",
.len = 64,
}, { /* Generated with Crypto++ */
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55"
"\x0F\x32\x55\x78\x9B\xBE\x78\x9B"
"\xBE\xE1\x04\x27\xE1\x04\x27\x4A"
"\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82\xEB"
"\x54\xE0\x49\xB2\x1B\xA7\x10\x79"
"\x05\x6E\xD7\x40\xCC\x35\x9E\x07"
"\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8"
"\x21\x8A\x16\x7F\xE8\x51\xDD\x46"
"\xAF\x18\xA4\x0D\x76\x02\x6B\xD4"
"\x3D\xC9\x32\x9B\x04\x90\xF9\x62"
"\xEE\x57\xC0\x29\xB5\x1E\x87\x13"
"\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1"
"\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F"
"\x98\x01\x8D\xF6\x5F\xEB\x54\xBD"
"\x26\xB2\x1B\x84\x10\x79\xE2\x4B"
"\xD7\x40\xA9\x12\x9E\x07\x70\xFC"
"\x65\xCE\x37\xC3\x2C\x95\x21\x8A"
"\xF3\x5C\xE8\x51\xBA\x23\xAF\x18"
"\x81\x0D\x76\xDF\x48\xD4\x3D\xA6"
"\x0F\x9B\x04\x6D\xF9\x62\xCB\x34"
"\xC0\x29\x92\x1E\x87\xF0\x59\xE5"
"\x4E\xB7\x20\xAC\x15\x7E\x0A\x73"
"\xDC\x45\xD1\x3A\xA3\x0C\x98\x01"
"\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F"
"\x1B\x84\xED\x56\xE2\x4B\xB4\x1D"
"\xA9\x12\x7B\x07\x70\xD9\x42\xCE"
"\x37\xA0\x09\x95\xFE\x67\xF3\x5C"
"\xC5\x2E\xBA\x23\x8C\x18\x81\xEA"
"\x53\xDF\x48\xB1\x1A\xA6\x0F\x78"
"\x04\x6D\xD6\x3F\xCB\x34\x9D\x06"
"\x92\xFB\x64\xF0\x59\xC2\x2B\xB7"
"\x20\x89\x15\x7E\xE7\x50\xDC\x45"
"\xAE\x17\xA3\x0C\x75\x01\x6A\xD3"
"\x3C\xC8\x31\x9A\x03\x8F\xF8\x61"
"\xED\x56\xBF\x28\xB4\x1D\x86\x12",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x04\xF3\xD3\x88\x17\xEF\xDC\xEF"
"\x8B\x04\xF8\x3A\x66\x8D\x1A\x53"
"\x57\x1F\x4B\x23\xE4\xA0\xAF\xF9"
"\x69\x95\x35\x98\x8D\x4D\x8C\xC1"
"\xF0\xB2\x7F\x80\xBB\x54\x28\xA2"
"\x7A\x1B\x9F\x77\xEC\x0E\x6E\xDE"
"\xF0\xEC\xB8\xE4\x20\x62\xEE\xDB"
"\x5D\xF5\xDD\xE3\x54\xFC\xDD\xEB"
"\x6A\xEE\x65\xA1\x21\xD6\xD7\x81"
"\x47\x61\x12\x4D\xC2\x8C\xFA\x78"
"\x1F\x28\x02\x01\xC3\xFC\x1F\xEC"
"\x0F\x10\x4F\xB3\x12\x45\xC6\x3B"
"\x7E\x08\xF9\x5A\xD0\x5D\x73\x2D"
"\x58\xA4\xE5\xCB\x1C\xB4\xCE\x74"
"\x32\x41\x1F\x31\x9C\x08\xA2\x5D"
"\x67\xEB\x72\x1D\xF8\xE7\x70\x54"
"\x34\x4B\x31\x69\x84\x66\x96\x44"
"\x56\xCC\x1E\xD9\xE6\x13\x6A\xB9"
"\x2D\x0A\x05\x45\x2D\x90\xCC\xDF"
"\x16\x5C\x5F\x79\x34\x52\x54\xFE"
"\xFE\xCD\xAD\x04\x2E\xAD\x86\x06"
"\x1F\x37\xE8\x28\xBC\xD3\x8F\x5B"
"\x92\x66\x87\x3B\x8A\x0A\x1A\xCC"
"\x6E\xAB\x9F\x0B\xFA\x5C\xE6\xFD"
"\x3C\x98\x08\x12\xEC\xAA\x9E\x11"
"\xCA\xB2\x1F\xCE\x5E\x5B\xB2\x72"
"\x9C\xCC\x5D\xC5\xE0\x32\xC0\x56"
"\xD5\x45\x16\xD2\xAF\x13\x66\xF7"
"\x8C\x67\xAC\x79\xB2\xAF\x56\x27"
"\x3F\xCC\xFE\xCB\x1E\xC0\x75\xF1"
"\xA7\xC9\xC3\x1D\x8E\xDD\xF9\xD4"
"\x42\xC8\x21\x08\x16\xF7\x01\xD7"
"\xAC\x8E\x3F\x1D\x56\xC1\x06\xE4"
"\x9C\x62\xD6\xA5\x6A\x50\x44\xB3"
"\x35\x1C\x82\xB9\x10\xF9\x42\xA1"
"\xFC\x74\x9B\x44\x4F\x25\x02\xE3"
"\x08\xF5\xD4\x32\x39\x08\x11\xE8"
"\xD2\x6B\x50\x53\xD4\x08\xD1\x6B"
"\x3A\x4A\x68\x7B\x7C\xCD\x46\x5E"
"\x0D\x07\x19\xDB\x67\xD7\x98\x91"
"\xD7\x17\x10\x9B\x7B\x8A\x9B\x33"
"\xAE\xF3\x00\xA6\xD4\x15\xD9\xEA"
"\x85\x99\x22\xE8\x91\x38\x70\x83"
"\x93\x01\x24\x6C\xFA\x9A\xB9\x07"
"\xEA\x8D\x3B\xD9\x2A\x43\x59\x16"
"\x2F\x69\xEE\x84\x36\x44\x76\x98"
"\xF3\x04\x2A\x7C\x74\x3D\x29\x2B"
"\x0D\xAD\x8F\x44\x82\x9E\x57\x8D"
"\xAC\xED\x18\x1F\x50\xA4\xF5\x98"
"\x1F\xBD\x92\x91\x1B\x2D\xA6\xD6"
"\xD2\xE3\x02\xAA\x92\x3B\xC6\xB3"
"\x1B\x39\x72\xD5\x26\xCA\x04\xE0"
"\xFC\x58\x78\xBB\xB1\x3F\xA1\x9C"
"\x42\x24\x3E\x2E\x22\xBB\x4B\xBA"
"\xF4\x52\x0A\xE6\xAE\x47\xB4\x7D"
"\x1D\xA8\xBE\x81\x1A\x75\xDA\xAC"
"\xA6\x25\x1E\xEF\x3A\xC0\x6C\x63"
"\xEF\xDC\xC9\x79\x10\x26\xE8\x61"
"\x29\xFC\xA4\x05\xDF\x7D\x5C\x63"
"\x10\x09\x9B\x46\x9B\xF2\x2C\x2B"
"\xFA\x3A\x05\x4C\xFA\xD1\xFF\xFE"
"\xF1\x4C\xE5\xB2\x91\x64\x0C\x51",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
}, { /* Generated with Crypto++ */
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xC9\x83\xA6\xC9\xEC\x0F\x32\x55"
"\x0F\x32\x55\x78\x9B\xBE\x78\x9B"
"\xBE\xE1\x04\x27\xE1\x04\x27\x4A"
"\x6D\x90\x4A\x6D\x90\xB3\xD6\xF9",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE7\x82\x1D\xB8\x53\x11\xAC\x47"
"\xE2\x7D\x18\xD6\x71\x0C\xA7\x42",
.ptext = "\x50\xB9\x22\xAE\x17\x80\x0C\x75"
"\xDE\x47\xD3\x3C\xA5\x0E\x9A\x03"
"\x6C\xF8\x61\xCA\x33\xBF\x28\x91"
"\x1D\x86\xEF\x58\xE4\x4D\xB6\x1F"
"\xAB\x14\x7D\x09\x72\xDB\x44\xD0"
"\x39\xA2\x0B\x97\x00\x69\xF5\x5E"
"\xC7\x30\xBC\x25\x8E\x1A\x83\xEC"
"\x55\xE1\x4A\xB3\x1C\xA8\x11\x7A"
"\x06\x6F\xD8\x41\xCD\x36\x9F\x08"
"\x94\xFD\x66\xF2\x5B\xC4\x2D\xB9"
"\x22\x8B\x17\x80\xE9\x52\xDE\x47"
"\xB0\x19\xA5\x0E\x77\x03\x6C\xD5"
"\x3E\xCA\x33\x9C\x05\x91\xFA\x63"
"\xEF\x58\xC1\x2A\xB6\x1F\x88\x14"
"\x7D\xE6\x4F\xDB\x44\xAD\x16\xA2"
"\x0B\x74\x00\x69\xD2\x3B\xC7\x30"
"\x99\x02\x8E\xF7\x60\xEC\x55\xBE"
"\x27\xB3\x1C\x85\x11\x7A\xE3\x4C"
"\xD8\x41\xAA\x13\x9F\x08\x71\xFD"
"\x66\xCF\x38\xC4\x2D\x96\x22\x8B"
"\xF4\x5D\xE9\x52\xBB\x24\xB0\x19"
"\x82\x0E\x77\xE0\x49\xD5\x3E\xA7"
"\x10\x9C\x05\x6E\xFA\x63\xCC\x35"
"\xC1\x2A\x93\x1F\x88\xF1\x5A\xE6"
"\x4F\xB8\x21\xAD\x16\x7F\x0B\x74"
"\xDD\x46\xD2\x3B\xA4\x0D\x99\x02"
"\x6B\xF7\x60\xC9\x32\xBE\x27\x90"
"\x1C\x85\xEE\x57\xE3\x4C\xB5\x1E"
"\xAA\x13\x7C\x08\x71\xDA\x43\xCF"
"\x38\xA1\x0A\x96\xFF\x68\xF4\x5D"
"\xC6\x2F\xBB\x24\x8D\x19\x82\xEB"
"\x54\xE0\x49\xB2\x1B\xA7\x10\x79"
"\x05\x6E\xD7\x40\xCC\x35\x9E\x07"
"\x93\xFC\x65\xF1\x5A\xC3\x2C\xB8"
"\x21\x8A\x16\x7F\xE8\x51\xDD\x46"
"\xAF\x18\xA4\x0D\x76\x02\x6B\xD4"
"\x3D\xC9\x32\x9B\x04\x90\xF9\x62"
"\xEE\x57\xC0\x29\xB5\x1E\x87\x13"
"\x7C\xE5\x4E\xDA\x43\xAC\x15\xA1"
"\x0A\x73\xFF\x68\xD1\x3A\xC6\x2F"
"\x98\x01\x8D\xF6\x5F\xEB\x54\xBD"
"\x26\xB2\x1B\x84\x10\x79\xE2\x4B"
"\xD7\x40\xA9\x12\x9E\x07\x70\xFC"
"\x65\xCE\x37\xC3\x2C\x95\x21\x8A"
"\xF3\x5C\xE8\x51\xBA\x23\xAF\x18"
"\x81\x0D\x76\xDF\x48\xD4\x3D\xA6"
"\x0F\x9B\x04\x6D\xF9\x62\xCB\x34"
"\xC0\x29\x92\x1E\x87\xF0\x59\xE5"
"\x4E\xB7\x20\xAC\x15\x7E\x0A\x73"
"\xDC\x45\xD1\x3A\xA3\x0C\x98\x01"
"\x6A\xF6\x5F\xC8\x31\xBD\x26\x8F"
"\x1B\x84\xED\x56\xE2\x4B\xB4\x1D"
"\xA9\x12\x7B\x07\x70\xD9\x42\xCE"
"\x37\xA0\x09\x95\xFE\x67\xF3\x5C"
"\xC5\x2E\xBA\x23\x8C\x18\x81\xEA"
"\x53\xDF\x48\xB1\x1A\xA6\x0F\x78"
"\x04\x6D\xD6\x3F\xCB\x34\x9D\x06"
"\x92\xFB\x64\xF0\x59\xC2\x2B\xB7"
"\x20\x89\x15\x7E\xE7\x50\xDC\x45"
"\xAE\x17\xA3\x0C\x75\x01\x6A\xD3"
"\x3C\xC8\x31\x9A\x03\x8F\xF8\x61"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xED\x56\xBF\x28\xB4\x1D\x86\x12"
"\x7B\xE4\x4D",
.ctext = "\xDA\x4E\x3F\xBC\xE8\xB6\x3A\xA2"
"\xD5\x4D\x84\x4A\xA9\x0C\xE1\xA5"
"\xB8\x73\xBC\xF9\xBB\x59\x2F\x44"
"\x8B\xAB\x82\x6C\xB4\x32\x9A\xDE"
"\x5A\x0B\xDB\x7A\x6B\xF2\x38\x9F"
"\x06\xF7\xF7\xFF\xFF\xC0\x8A\x2E"
"\x76\xEA\x06\x32\x23\xF3\x59\x2E"
"\x75\xDE\x71\x86\x3C\x98\x23\x44"
"\x5B\xF2\xFA\x6A\x00\xBB\xC1\xAD"
"\x58\xBD\x3E\x6F\x2E\xB4\x19\x04"
"\x70\x8B\x92\x55\x23\xE9\x6A\x3A"
"\x78\x7A\x1B\x10\x85\x52\x9C\x12"
"\xE4\x55\x81\x21\xCE\x53\xD0\x3B"
"\x63\x77\x2C\x74\xD1\xF5\x60\xF3"
"\xA1\xDE\x44\x3C\x8F\x4D\x2F\xDD"
"\x8A\xFE\x3C\x42\x8E\xD3\xF2\x8E"
"\xA8\x28\x69\x65\x31\xE1\x45\x83"
"\xE4\x49\xC4\x9C\xA7\x28\xAA\x21"
"\xCD\x5D\x0F\x15\xB7\x93\x07\x26"
"\xB0\x65\x6D\x91\x90\x23\x7A\xC6"
"\xDB\x68\xB0\xA1\x8E\xA4\x76\x4E"
"\xC6\x91\x83\x20\x92\x4D\x63\x7A"
"\x45\x18\x18\x74\x19\xAD\x71\x01"
"\x6B\x23\xAD\x9D\x4E\xE4\x6E\x46"
"\xC9\x73\x7A\xF9\x02\x95\xF4\x07"
"\x0E\x7A\xA6\xC5\xAE\xFA\x15\x2C"
"\x51\x71\xF1\xDC\x22\xB6\xAC\xD8"
"\x19\x24\x44\xBC\x0C\xFB\x3C\x2D"
"\xB1\x50\x47\x15\x0E\xDB\xB6\xD7"
"\xE8\x61\xE5\x95\x52\x1E\x3E\x49"
"\x70\xE9\x66\x04\x4C\xE1\xAF\xBD"
"\xDD\x15\x3B\x20\x59\x24\xFF\xB0"
"\x39\xAA\xE7\xBF\x23\xA3\x6E\xD5"
"\x15\xF0\x61\x4F\xAE\x89\x10\x58"
"\x5A\x33\x95\x52\x2A\xB5\x77\x9C"
"\xA5\x43\x80\x40\x27\x2D\xAE\xD9"
"\x3F\xE0\x80\x94\x78\x79\xCB\x7E"
"\xAD\x12\x44\x4C\xEC\x27\xB0\xEE"
"\x0B\x05\x2A\x82\x99\x58\xBB\x7A"
"\x8D\x6D\x9D\x8E\xE2\x8E\xE7\x93"
"\x2F\xB3\x09\x8D\x06\xD5\xEE\x70"
"\x16\xAE\x35\xC5\x52\x0F\x46\x1F"
"\x71\xF9\x5E\xF2\x67\xDC\x98\x2F"
"\xA3\x23\xAA\xD5\xD0\x49\xF4\xA6"
"\xF6\xB8\x32\xCD\xD6\x85\x73\x60"
"\x59\x20\xE7\x55\x0E\x91\xE2\x0C"
"\x3F\x1C\xEB\x3D\xDF\x52\x64\xF2"
"\x7D\x8B\x5D\x63\x16\xB9\xB2\x5D"
"\x5E\xAB\xB2\x97\xAB\x78\x44\xE7"
"\xC6\x72\x20\xC5\x90\x9B\xDC\x5D"
"\xB0\xEF\x44\xEF\x87\x31\x8D\xF4"
"\xFB\x81\x5D\xF7\x96\x96\xD4\x50"
"\x89\xA7\xF6\xB9\x67\x76\x40\x9E"
"\x9D\x40\xD5\x2C\x30\xB8\x01\x8F"
"\xE4\x7B\x71\x48\xA9\xA0\xA0\x1D"
"\x87\x52\xA4\x91\xA9\xD7\xA9\x51"
"\xD9\x59\xF7\xCC\x63\x22\xC1\x8D"
"\x84\x7B\xD8\x22\x32\x5C\x6F\x1D"
"\x6E\x9F\xFA\xDD\x49\x40\xDC\x37"
"\x14\x8C\xE1\x80\x1B\xDD\x36\x2A"
"\xD0\xE9\x54\x99\x5D\xBA\x3B\x11"
"\xD8\xFE\xC9\x5B\x5C\x25\xE5\x76"
"\xFB\xF2\x3F",
.len = 499,
.also_non_np = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.np = 2,
.tap = { 499 - 16, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec aes_ctr_rfc3686_tv_template[] = {
{ /* From RFC 3686 */
.key = "\xae\x68\x52\xf8\x12\x10\x67\xcc"
"\x4b\xf7\xa5\x76\x55\x77\xf3\x9e"
"\x00\x00\x00\x30",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "Single block msg",
.ctext = "\xe4\x09\x5d\x4f\xb7\xa7\xb3\x79"
"\x2d\x61\x75\xa3\x26\x13\x11\xb8",
.len = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7e\x24\x06\x78\x17\xfa\xe0\xd7"
"\x43\xd6\xce\x1f\x32\x53\x91\x63"
"\x00\x6c\xb6\xdb",
.klen = 20,
.iv = "\xc0\x54\x3b\x59\xda\x48\xd9\x0b",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x51\x04\xa1\x06\x16\x8a\x72\xd9"
"\x79\x0d\x41\xee\x8e\xda\xd3\x88"
"\xeb\x2e\x1e\xfc\x46\xda\x57\xc8"
"\xfc\xe6\x30\xdf\x91\x41\xbe\x28",
.len = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x16\xaf\x5b\x14\x5f\xc9\xf5\x79"
"\xc1\x75\xf9\x3e\x3b\xfb\x0e\xed"
"\x86\x3d\x06\xcc\xfd\xb7\x85\x15"
"\x00\x00\x00\x48",
.klen = 28,
.iv = "\x36\x73\x3c\x14\x7d\x6d\x93\xcb",
.ptext = "Single block msg",
.ctext = "\x4b\x55\x38\x4f\xe2\x59\xc9\xc8"
"\x4e\x79\x35\xa0\x03\xcb\xe9\x28",
.len = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7c\x5c\xb2\x40\x1b\x3d\xc3\x3c"
"\x19\xe7\x34\x08\x19\xe0\xf6\x9c"
"\x67\x8c\x3d\xb8\xe6\xf6\xa9\x1a"
"\x00\x96\xb0\x3b",
.klen = 28,
.iv = "\x02\x0c\x6e\xad\xc2\xcb\x50\x0d",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x45\x32\x43\xfc\x60\x9b\x23\x32"
"\x7e\xdf\xaa\xfa\x71\x31\xcd\x9f"
"\x84\x90\x70\x1c\x5a\xd4\xa7\x9c"
"\xfc\x1f\xe0\xff\x42\xf4\xfb\x00",
.len = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x77\x6b\xef\xf2\x85\x1d\xb0\x6f"
"\x4c\x8a\x05\x42\xc8\x69\x6f\x6c"
"\x6a\x81\xaf\x1e\xec\x96\xb4\xd3"
"\x7f\xc1\xd6\x89\xe6\xc1\xc1\x04"
"\x00\x00\x00\x60",
.klen = 36,
.iv = "\xdb\x56\x72\xc9\x7a\xa8\xf0\xb2",
.ptext = "Single block msg",
.ctext = "\x14\x5a\xd0\x1d\xbf\x82\x4e\xc7"
"\x56\x08\x63\xdc\x71\xe3\xe0\xc0",
.len = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf6\xd6\x6d\x6b\xd5\x2d\x59\xbb"
"\x07\x96\x36\x58\x79\xef\xf8\x86"
"\xc6\x6d\xd5\x1a\x5b\x6a\x99\x74"
"\x4b\x50\x59\x0c\x87\xa2\x38\x84"
"\x00\xfa\xac\x24",
.klen = 36,
.iv = "\xc1\x58\x5e\xf1\x5a\x43\xd8\x75",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xf0\x5e\x23\x1b\x38\x94\x61\x2c"
"\x49\xee\x00\x0b\x80\x4e\xb2\xa9"
"\xb8\x30\x6b\x50\x8f\x83\x9d\x6a"
"\x55\x30\x83\x1d\x93\x44\xaf\x1c",
.len = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
// generated using Crypto++
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x00\x00\x00\x00",
.klen = 32 + 4,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext =
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x03\x06\x09\x0c\x0f\x12\x15"
"\x18\x1b\x1e\x21\x24\x27\x2a\x2d"
"\x30\x33\x36\x39\x3c\x3f\x42\x45"
"\x48\x4b\x4e\x51\x54\x57\x5a\x5d"
"\x60\x63\x66\x69\x6c\x6f\x72\x75"
"\x78\x7b\x7e\x81\x84\x87\x8a\x8d"
"\x90\x93\x96\x99\x9c\x9f\xa2\xa5"
"\xa8\xab\xae\xb1\xb4\xb7\xba\xbd"
"\xc0\xc3\xc6\xc9\xcc\xcf\xd2\xd5"
"\xd8\xdb\xde\xe1\xe4\xe7\xea\xed"
"\xf0\xf3\xf6\xf9\xfc\xff\x02\x05"
"\x08\x0b\x0e\x11\x14\x17\x1a\x1d"
"\x20\x23\x26\x29\x2c\x2f\x32\x35"
"\x38\x3b\x3e\x41\x44\x47\x4a\x4d"
"\x50\x53\x56\x59\x5c\x5f\x62\x65"
"\x68\x6b\x6e\x71\x74\x77\x7a\x7d"
"\x80\x83\x86\x89\x8c\x8f\x92\x95"
"\x98\x9b\x9e\xa1\xa4\xa7\xaa\xad"
"\xb0\xb3\xb6\xb9\xbc\xbf\xc2\xc5"
"\xc8\xcb\xce\xd1\xd4\xd7\xda\xdd"
"\xe0\xe3\xe6\xe9\xec\xef\xf2\xf5"
"\xf8\xfb\xfe\x01\x04\x07\x0a\x0d"
"\x10\x13\x16\x19\x1c\x1f\x22\x25"
"\x28\x2b\x2e\x31\x34\x37\x3a\x3d"
"\x40\x43\x46\x49\x4c\x4f\x52\x55"
"\x58\x5b\x5e\x61\x64\x67\x6a\x6d"
"\x70\x73\x76\x79\x7c\x7f\x82\x85"
"\x88\x8b\x8e\x91\x94\x97\x9a\x9d"
"\xa0\xa3\xa6\xa9\xac\xaf\xb2\xb5"
"\xb8\xbb\xbe\xc1\xc4\xc7\xca\xcd"
"\xd0\xd3\xd6\xd9\xdc\xdf\xe2\xe5"
"\xe8\xeb\xee\xf1\xf4\xf7\xfa\xfd"
"\x00\x05\x0a\x0f\x14\x19\x1e\x23"
"\x28\x2d\x32\x37\x3c\x41\x46\x4b"
"\x50\x55\x5a\x5f\x64\x69\x6e\x73"
"\x78\x7d\x82\x87\x8c\x91\x96\x9b"
"\xa0\xa5\xaa\xaf\xb4\xb9\xbe\xc3"
"\xc8\xcd\xd2\xd7\xdc\xe1\xe6\xeb"
"\xf0\xf5\xfa\xff\x04\x09\x0e\x13"
"\x18\x1d\x22\x27\x2c\x31\x36\x3b"
"\x40\x45\x4a\x4f\x54\x59\x5e\x63"
"\x68\x6d\x72\x77\x7c\x81\x86\x8b"
"\x90\x95\x9a\x9f\xa4\xa9\xae\xb3"
"\xb8\xbd\xc2\xc7\xcc\xd1\xd6\xdb"
"\xe0\xe5\xea\xef\xf4\xf9\xfe\x03"
"\x08\x0d\x12\x17\x1c\x21\x26\x2b"
"\x30\x35\x3a\x3f\x44\x49\x4e\x53"
"\x58\x5d\x62\x67\x6c\x71\x76\x7b"
"\x80\x85\x8a\x8f\x94\x99\x9e\xa3"
"\xa8\xad\xb2\xb7\xbc\xc1\xc6\xcb"
"\xd0\xd5\xda\xdf\xe4\xe9\xee\xf3"
"\xf8\xfd\x02\x07\x0c\x11\x16\x1b"
"\x20\x25\x2a\x2f\x34\x39\x3e\x43"
"\x48\x4d\x52\x57\x5c\x61\x66\x6b"
"\x70\x75\x7a\x7f\x84\x89\x8e\x93"
"\x98\x9d\xa2\xa7\xac\xb1\xb6\xbb"
"\xc0\xc5\xca\xcf\xd4\xd9\xde\xe3"
"\xe8\xed\xf2\xf7\xfc\x01\x06\x0b"
"\x10\x15\x1a\x1f\x24\x29\x2e\x33"
"\x38\x3d\x42\x47\x4c\x51\x56\x5b"
"\x60\x65\x6a\x6f\x74\x79\x7e\x83"
"\x88\x8d\x92\x97\x9c\xa1\xa6\xab"
"\xb0\xb5\xba\xbf\xc4\xc9\xce\xd3"
"\xd8\xdd\xe2\xe7\xec\xf1\xf6\xfb"
"\x00\x07\x0e\x15\x1c\x23\x2a\x31"
"\x38\x3f\x46\x4d\x54\x5b\x62\x69"
"\x70\x77\x7e\x85\x8c\x93\x9a\xa1"
"\xa8\xaf\xb6\xbd\xc4\xcb\xd2\xd9"
"\xe0\xe7\xee\xf5\xfc\x03\x0a\x11"
"\x18\x1f\x26\x2d\x34\x3b\x42\x49"
"\x50\x57\x5e\x65\x6c\x73\x7a\x81"
"\x88\x8f\x96\x9d\xa4\xab\xb2\xb9"
"\xc0\xc7\xce\xd5\xdc\xe3\xea\xf1"
"\xf8\xff\x06\x0d\x14\x1b\x22\x29"
"\x30\x37\x3e\x45\x4c\x53\x5a\x61"
"\x68\x6f\x76\x7d\x84\x8b\x92\x99"
"\xa0\xa7\xae\xb5\xbc\xc3\xca\xd1"
"\xd8\xdf\xe6\xed\xf4\xfb\x02\x09"
"\x10\x17\x1e\x25\x2c\x33\x3a\x41"
"\x48\x4f\x56\x5d\x64\x6b\x72\x79"
"\x80\x87\x8e\x95\x9c\xa3\xaa\xb1"
"\xb8\xbf\xc6\xcd\xd4\xdb\xe2\xe9"
"\xf0\xf7\xfe\x05\x0c\x13\x1a\x21"
"\x28\x2f\x36\x3d\x44\x4b\x52\x59"
"\x60\x67\x6e\x75\x7c\x83\x8a\x91"
"\x98\x9f\xa6\xad\xb4\xbb\xc2\xc9"
"\xd0\xd7\xde\xe5\xec\xf3\xfa\x01"
"\x08\x0f\x16\x1d\x24\x2b\x32\x39"
"\x40\x47\x4e\x55\x5c\x63\x6a\x71"
"\x78\x7f\x86\x8d\x94\x9b\xa2\xa9"
"\xb0\xb7\xbe\xc5\xcc\xd3\xda\xe1"
"\xe8\xef\xf6\xfd\x04\x0b\x12\x19"
"\x20\x27\x2e\x35\x3c\x43\x4a\x51"
"\x58\x5f\x66\x6d\x74\x7b\x82\x89"
"\x90\x97\x9e\xa5\xac\xb3\xba\xc1"
"\xc8\xcf\xd6\xdd\xe4\xeb\xf2\xf9"
"\x00\x09\x12\x1b\x24\x2d\x36\x3f"
"\x48\x51\x5a\x63\x6c\x75\x7e\x87"
"\x90\x99\xa2\xab\xb4\xbd\xc6\xcf"
"\xd8\xe1\xea\xf3\xfc\x05\x0e\x17"
"\x20\x29\x32\x3b\x44\x4d\x56\x5f"
"\x68\x71\x7a\x83\x8c\x95\x9e\xa7"
"\xb0\xb9\xc2\xcb\xd4\xdd\xe6\xef"
"\xf8\x01\x0a\x13\x1c\x25\x2e\x37"
"\x40\x49\x52\x5b\x64\x6d\x76\x7f"
"\x88\x91\x9a\xa3\xac\xb5\xbe\xc7"
"\xd0\xd9\xe2\xeb\xf4\xfd\x06\x0f"
"\x18\x21\x2a\x33\x3c\x45\x4e\x57"
"\x60\x69\x72\x7b\x84\x8d\x96\x9f"
"\xa8\xb1\xba\xc3\xcc\xd5\xde\xe7"
"\xf0\xf9\x02\x0b\x14\x1d\x26\x2f"
"\x38\x41\x4a\x53\x5c\x65\x6e\x77"
"\x80\x89\x92\x9b\xa4\xad\xb6\xbf"
"\xc8\xd1\xda\xe3\xec\xf5\xfe\x07"
"\x10\x19\x22\x2b\x34\x3d\x46\x4f"
"\x58\x61\x6a\x73\x7c\x85\x8e\x97"
"\xa0\xa9\xb2\xbb\xc4\xcd\xd6\xdf"
"\xe8\xf1\xfa\x03\x0c\x15\x1e\x27"
"\x30\x39\x42\x4b\x54\x5d\x66\x6f"
"\x78\x81\x8a\x93\x9c\xa5\xae\xb7"
"\xc0\xc9\xd2\xdb\xe4\xed\xf6\xff"
"\x08\x11\x1a\x23\x2c\x35\x3e\x47"
"\x50\x59\x62\x6b\x74\x7d\x86\x8f"
"\x98\xa1\xaa\xb3\xbc\xc5\xce\xd7"
"\xe0\xe9\xf2\xfb\x04\x0d\x16\x1f"
"\x28\x31\x3a\x43\x4c\x55\x5e\x67"
"\x70\x79\x82\x8b\x94\x9d\xa6\xaf"
"\xb8\xc1\xca\xd3\xdc\xe5\xee\xf7"
"\x00\x0b\x16\x21\x2c\x37\x42\x4d"
"\x58\x63\x6e\x79\x84\x8f\x9a\xa5"
"\xb0\xbb\xc6\xd1\xdc\xe7\xf2\xfd"
"\x08\x13\x1e\x29\x34\x3f\x4a\x55"
"\x60\x6b\x76\x81\x8c\x97\xa2\xad"
"\xb8\xc3\xce\xd9\xe4\xef\xfa\x05"
"\x10\x1b\x26\x31\x3c\x47\x52\x5d"
"\x68\x73\x7e\x89\x94\x9f\xaa\xb5"
"\xc0\xcb\xd6\xe1\xec\xf7\x02\x0d"
"\x18\x23\x2e\x39\x44\x4f\x5a\x65"
"\x70\x7b\x86\x91\x9c\xa7\xb2\xbd"
"\xc8\xd3\xde\xe9\xf4\xff\x0a\x15"
"\x20\x2b\x36\x41\x4c\x57\x62\x6d"
"\x78\x83\x8e\x99\xa4\xaf\xba\xc5"
"\xd0\xdb\xe6\xf1\xfc\x07\x12\x1d"
"\x28\x33\x3e\x49\x54\x5f\x6a\x75"
"\x80\x8b\x96\xa1\xac\xb7\xc2\xcd"
"\xd8\xe3\xee\xf9\x04\x0f\x1a\x25"
"\x30\x3b\x46\x51\x5c\x67\x72\x7d"
"\x88\x93\x9e\xa9\xb4\xbf\xca\xd5"
"\xe0\xeb\xf6\x01\x0c\x17\x22\x2d"
"\x38\x43\x4e\x59\x64\x6f\x7a\x85"
"\x90\x9b\xa6\xb1\xbc\xc7\xd2\xdd"
"\xe8\xf3\xfe\x09\x14\x1f\x2a\x35"
"\x40\x4b\x56\x61\x6c\x77\x82\x8d"
"\x98\xa3\xae\xb9\xc4\xcf\xda\xe5"
"\xf0\xfb\x06\x11\x1c\x27\x32\x3d"
"\x48\x53\x5e\x69\x74\x7f\x8a\x95"
"\xa0\xab\xb6\xc1\xcc\xd7\xe2\xed"
"\xf8\x03\x0e\x19\x24\x2f\x3a\x45"
"\x50\x5b\x66\x71\x7c\x87\x92\x9d"
"\xa8\xb3\xbe\xc9\xd4\xdf\xea\xf5"
"\x00\x0d\x1a\x27\x34\x41\x4e\x5b"
"\x68\x75\x82\x8f\x9c\xa9\xb6\xc3"
"\xd0\xdd\xea\xf7\x04\x11\x1e\x2b"
"\x38\x45\x52\x5f\x6c\x79\x86\x93"
"\xa0\xad\xba\xc7\xd4\xe1\xee\xfb"
"\x08\x15\x22\x2f\x3c\x49\x56\x63"
"\x70\x7d\x8a\x97\xa4\xb1\xbe\xcb"
"\xd8\xe5\xf2\xff\x0c\x19\x26\x33"
"\x40\x4d\x5a\x67\x74\x81\x8e\x9b"
"\xa8\xb5\xc2\xcf\xdc\xe9\xf6\x03"
"\x10\x1d\x2a\x37\x44\x51\x5e\x6b"
"\x78\x85\x92\x9f\xac\xb9\xc6\xd3"
"\xe0\xed\xfa\x07\x14\x21\x2e\x3b"
"\x48\x55\x62\x6f\x7c\x89\x96\xa3"
"\xb0\xbd\xca\xd7\xe4\xf1\xfe\x0b"
"\x18\x25\x32\x3f\x4c\x59\x66\x73"
"\x80\x8d\x9a\xa7\xb4\xc1\xce\xdb"
"\xe8\xf5\x02\x0f\x1c\x29\x36\x43"
"\x50\x5d\x6a\x77\x84\x91\x9e\xab"
"\xb8\xc5\xd2\xdf\xec\xf9\x06\x13"
"\x20\x2d\x3a\x47\x54\x61\x6e\x7b"
"\x88\x95\xa2\xaf\xbc\xc9\xd6\xe3"
"\xf0\xfd\x0a\x17\x24\x31\x3e\x4b"
"\x58\x65\x72\x7f\x8c\x99\xa6\xb3"
"\xc0\xcd\xda\xe7\xf4\x01\x0e\x1b"
"\x28\x35\x42\x4f\x5c\x69\x76\x83"
"\x90\x9d\xaa\xb7\xc4\xd1\xde\xeb"
"\xf8\x05\x12\x1f\x2c\x39\x46\x53"
"\x60\x6d\x7a\x87\x94\xa1\xae\xbb"
"\xc8\xd5\xe2\xef\xfc\x09\x16\x23"
"\x30\x3d\x4a\x57\x64\x71\x7e\x8b"
"\x98\xa5\xb2\xbf\xcc\xd9\xe6\xf3"
"\x00\x0f\x1e\x2d\x3c\x4b\x5a\x69"
"\x78\x87\x96\xa5\xb4\xc3\xd2\xe1"
"\xf0\xff\x0e\x1d\x2c\x3b\x4a\x59"
"\x68\x77\x86\x95\xa4\xb3\xc2\xd1"
"\xe0\xef\xfe\x0d\x1c\x2b\x3a\x49"
"\x58\x67\x76\x85\x94\xa3\xb2\xc1"
"\xd0\xdf\xee\xfd\x0c\x1b\x2a\x39"
"\x48\x57\x66\x75\x84\x93\xa2\xb1"
"\xc0\xcf\xde\xed\xfc\x0b\x1a\x29"
"\x38\x47\x56\x65\x74\x83\x92\xa1"
"\xb0\xbf\xce\xdd\xec\xfb\x0a\x19"
"\x28\x37\x46\x55\x64\x73\x82\x91"
"\xa0\xaf\xbe\xcd\xdc\xeb\xfa\x09"
"\x18\x27\x36\x45\x54\x63\x72\x81"
"\x90\x9f\xae\xbd\xcc\xdb\xea\xf9"
"\x08\x17\x26\x35\x44\x53\x62\x71"
"\x80\x8f\x9e\xad\xbc\xcb\xda\xe9"
"\xf8\x07\x16\x25\x34\x43\x52\x61"
"\x70\x7f\x8e\x9d\xac\xbb\xca\xd9"
"\xe8\xf7\x06\x15\x24\x33\x42\x51"
"\x60\x6f\x7e\x8d\x9c\xab\xba\xc9"
"\xd8\xe7\xf6\x05\x14\x23\x32\x41"
"\x50\x5f\x6e\x7d\x8c\x9b\xaa\xb9"
"\xc8\xd7\xe6\xf5\x04\x13\x22\x31"
"\x40\x4f\x5e\x6d\x7c\x8b\x9a\xa9"
"\xb8\xc7\xd6\xe5\xf4\x03\x12\x21"
"\x30\x3f\x4e\x5d\x6c\x7b\x8a\x99"
"\xa8\xb7\xc6\xd5\xe4\xf3\x02\x11"
"\x20\x2f\x3e\x4d\x5c\x6b\x7a\x89"
"\x98\xa7\xb6\xc5\xd4\xe3\xf2\x01"
"\x10\x1f\x2e\x3d\x4c\x5b\x6a\x79"
"\x88\x97\xa6\xb5\xc4\xd3\xe2\xf1"
"\x00\x11\x22\x33\x44\x55\x66\x77"
"\x88\x99\xaa\xbb\xcc\xdd\xee\xff"
"\x10\x21\x32\x43\x54\x65\x76\x87"
"\x98\xa9\xba\xcb\xdc\xed\xfe\x0f"
"\x20\x31\x42\x53\x64\x75\x86\x97"
"\xa8\xb9\xca\xdb\xec\xfd\x0e\x1f"
"\x30\x41\x52\x63\x74\x85\x96\xa7"
"\xb8\xc9\xda\xeb\xfc\x0d\x1e\x2f"
"\x40\x51\x62\x73\x84\x95\xa6\xb7"
"\xc8\xd9\xea\xfb\x0c\x1d\x2e\x3f"
"\x50\x61\x72\x83\x94\xa5\xb6\xc7"
"\xd8\xe9\xfa\x0b\x1c\x2d\x3e\x4f"
"\x60\x71\x82\x93\xa4\xb5\xc6\xd7"
"\xe8\xf9\x0a\x1b\x2c\x3d\x4e\x5f"
"\x70\x81\x92\xa3\xb4\xc5\xd6\xe7"
"\xf8\x09\x1a\x2b\x3c\x4d\x5e\x6f"
"\x80\x91\xa2\xb3\xc4\xd5\xe6\xf7"
"\x08\x19\x2a\x3b\x4c\x5d\x6e\x7f"
"\x90\xa1\xb2\xc3\xd4\xe5\xf6\x07"
"\x18\x29\x3a\x4b\x5c\x6d\x7e\x8f"
"\xa0\xb1\xc2\xd3\xe4\xf5\x06\x17"
"\x28\x39\x4a\x5b\x6c\x7d\x8e\x9f"
"\xb0\xc1\xd2\xe3\xf4\x05\x16\x27"
"\x38\x49\x5a\x6b\x7c\x8d\x9e\xaf"
"\xc0\xd1\xe2\xf3\x04\x15\x26\x37"
"\x48\x59\x6a\x7b\x8c\x9d\xae\xbf"
"\xd0\xe1\xf2\x03\x14\x25\x36\x47"
"\x58\x69\x7a\x8b\x9c\xad\xbe\xcf"
"\xe0\xf1\x02\x13\x24\x35\x46\x57"
"\x68\x79\x8a\x9b\xac\xbd\xce\xdf"
"\xf0\x01\x12\x23\x34\x45\x56\x67"
"\x78\x89\x9a\xab\xbc\xcd\xde\xef"
"\x00\x13\x26\x39\x4c\x5f\x72\x85"
"\x98\xab\xbe\xd1\xe4\xf7\x0a\x1d"
"\x30\x43\x56\x69\x7c\x8f\xa2\xb5"
"\xc8\xdb\xee\x01\x14\x27\x3a\x4d"
"\x60\x73\x86\x99\xac\xbf\xd2\xe5"
"\xf8\x0b\x1e\x31\x44\x57\x6a\x7d"
"\x90\xa3\xb6\xc9\xdc\xef\x02\x15"
"\x28\x3b\x4e\x61\x74\x87\x9a\xad"
"\xc0\xd3\xe6\xf9\x0c\x1f\x32\x45"
"\x58\x6b\x7e\x91\xa4\xb7\xca\xdd"
"\xf0\x03\x16\x29\x3c\x4f\x62\x75"
"\x88\x9b\xae\xc1\xd4\xe7\xfa\x0d"
"\x20\x33\x46\x59\x6c\x7f\x92\xa5"
"\xb8\xcb\xde\xf1\x04\x17\x2a\x3d"
"\x50\x63\x76\x89\x9c\xaf\xc2\xd5"
"\xe8\xfb\x0e\x21\x34\x47\x5a\x6d"
"\x80\x93\xa6\xb9\xcc\xdf\xf2\x05"
"\x18\x2b\x3e\x51\x64\x77\x8a\x9d"
"\xb0\xc3\xd6\xe9\xfc\x0f\x22\x35"
"\x48\x5b\x6e\x81\x94\xa7\xba\xcd"
"\xe0\xf3\x06\x19\x2c\x3f\x52\x65"
"\x78\x8b\x9e\xb1\xc4\xd7\xea\xfd"
"\x10\x23\x36\x49\x5c\x6f\x82\x95"
"\xa8\xbb\xce\xe1\xf4\x07\x1a\x2d"
"\x40\x53\x66\x79\x8c\x9f\xb2\xc5"
"\xd8\xeb\xfe\x11\x24\x37\x4a\x5d"
"\x70\x83\x96\xa9\xbc\xcf\xe2\xf5"
"\x08\x1b\x2e\x41\x54\x67\x7a\x8d"
"\xa0\xb3\xc6\xd9\xec\xff\x12\x25"
"\x38\x4b\x5e\x71\x84\x97\xaa\xbd"
"\xd0\xe3\xf6\x09\x1c\x2f\x42\x55"
"\x68\x7b\x8e\xa1\xb4\xc7\xda\xed"
"\x00\x15\x2a\x3f\x54\x69\x7e\x93"
"\xa8\xbd\xd2\xe7\xfc\x11\x26\x3b"
"\x50\x65\x7a\x8f\xa4\xb9\xce\xe3"
"\xf8\x0d\x22\x37\x4c\x61\x76\x8b"
"\xa0\xb5\xca\xdf\xf4\x09\x1e\x33"
"\x48\x5d\x72\x87\x9c\xb1\xc6\xdb"
"\xf0\x05\x1a\x2f\x44\x59\x6e\x83"
"\x98\xad\xc2\xd7\xec\x01\x16\x2b"
"\x40\x55\x6a\x7f\x94\xa9\xbe\xd3"
"\xe8\xfd\x12\x27\x3c\x51\x66\x7b"
"\x90\xa5\xba\xcf\xe4\xf9\x0e\x23"
"\x38\x4d\x62\x77\x8c\xa1\xb6\xcb"
"\xe0\xf5\x0a\x1f\x34\x49\x5e\x73"
"\x88\x9d\xb2\xc7\xdc\xf1\x06\x1b"
"\x30\x45\x5a\x6f\x84\x99\xae\xc3"
"\xd8\xed\x02\x17\x2c\x41\x56\x6b"
"\x80\x95\xaa\xbf\xd4\xe9\xfe\x13"
"\x28\x3d\x52\x67\x7c\x91\xa6\xbb"
"\xd0\xe5\xfa\x0f\x24\x39\x4e\x63"
"\x78\x8d\xa2\xb7\xcc\xe1\xf6\x0b"
"\x20\x35\x4a\x5f\x74\x89\x9e\xb3"
"\xc8\xdd\xf2\x07\x1c\x31\x46\x5b"
"\x70\x85\x9a\xaf\xc4\xd9\xee\x03"
"\x18\x2d\x42\x57\x6c\x81\x96\xab"
"\xc0\xd5\xea\xff\x14\x29\x3e\x53"
"\x68\x7d\x92\xa7\xbc\xd1\xe6\xfb"
"\x10\x25\x3a\x4f\x64\x79\x8e\xa3"
"\xb8\xcd\xe2\xf7\x0c\x21\x36\x4b"
"\x60\x75\x8a\x9f\xb4\xc9\xde\xf3"
"\x08\x1d\x32\x47\x5c\x71\x86\x9b"
"\xb0\xc5\xda\xef\x04\x19\x2e\x43"
"\x58\x6d\x82\x97\xac\xc1\xd6\xeb"
"\x00\x17\x2e\x45\x5c\x73\x8a\xa1"
"\xb8\xcf\xe6\xfd\x14\x2b\x42\x59"
"\x70\x87\x9e\xb5\xcc\xe3\xfa\x11"
"\x28\x3f\x56\x6d\x84\x9b\xb2\xc9"
"\xe0\xf7\x0e\x25\x3c\x53\x6a\x81"
"\x98\xaf\xc6\xdd\xf4\x0b\x22\x39"
"\x50\x67\x7e\x95\xac\xc3\xda\xf1"
"\x08\x1f\x36\x4d\x64\x7b\x92\xa9"
"\xc0\xd7\xee\x05\x1c\x33\x4a\x61"
"\x78\x8f\xa6\xbd\xd4\xeb\x02\x19"
"\x30\x47\x5e\x75\x8c\xa3\xba\xd1"
"\xe8\xff\x16\x2d\x44\x5b\x72\x89"
"\xa0\xb7\xce\xe5\xfc\x13\x2a\x41"
"\x58\x6f\x86\x9d\xb4\xcb\xe2\xf9"
"\x10\x27\x3e\x55\x6c\x83\x9a\xb1"
"\xc8\xdf\xf6\x0d\x24\x3b\x52\x69"
"\x80\x97\xae\xc5\xdc\xf3\x0a\x21"
"\x38\x4f\x66\x7d\x94\xab\xc2\xd9"
"\xf0\x07\x1e\x35\x4c\x63\x7a\x91"
"\xa8\xbf\xd6\xed\x04\x1b\x32\x49"
"\x60\x77\x8e\xa5\xbc\xd3\xea\x01"
"\x18\x2f\x46\x5d\x74\x8b\xa2\xb9"
"\xd0\xe7\xfe\x15\x2c\x43\x5a\x71"
"\x88\x9f\xb6\xcd\xe4\xfb\x12\x29"
"\x40\x57\x6e\x85\x9c\xb3\xca\xe1"
"\xf8\x0f\x26\x3d\x54\x6b\x82\x99"
"\xb0\xc7\xde\xf5\x0c\x23\x3a\x51"
"\x68\x7f\x96\xad\xc4\xdb\xf2\x09"
"\x20\x37\x4e\x65\x7c\x93\xaa\xc1"
"\xd8\xef\x06\x1d\x34\x4b\x62\x79"
"\x90\xa7\xbe\xd5\xec\x03\x1a\x31"
"\x48\x5f\x76\x8d\xa4\xbb\xd2\xe9"
"\x00\x19\x32\x4b\x64\x7d\x96\xaf"
"\xc8\xe1\xfa\x13\x2c\x45\x5e\x77"
"\x90\xa9\xc2\xdb\xf4\x0d\x26\x3f"
"\x58\x71\x8a\xa3\xbc\xd5\xee\x07"
"\x20\x39\x52\x6b\x84\x9d\xb6\xcf"
"\xe8\x01\x1a\x33\x4c\x65\x7e\x97"
"\xb0\xc9\xe2\xfb\x14\x2d\x46\x5f"
"\x78\x91\xaa\xc3\xdc\xf5\x0e\x27"
"\x40\x59\x72\x8b\xa4\xbd\xd6\xef"
"\x08\x21\x3a\x53\x6c\x85\x9e\xb7"
"\xd0\xe9\x02\x1b\x34\x4d\x66\x7f"
"\x98\xb1\xca\xe3\xfc\x15\x2e\x47"
"\x60\x79\x92\xab\xc4\xdd\xf6\x0f"
"\x28\x41\x5a\x73\x8c\xa5\xbe\xd7"
"\xf0\x09\x22\x3b\x54\x6d\x86\x9f"
"\xb8\xd1\xea\x03\x1c\x35\x4e\x67"
"\x80\x99\xb2\xcb\xe4\xfd\x16\x2f"
"\x48\x61\x7a\x93\xac\xc5\xde\xf7"
"\x10\x29\x42\x5b\x74\x8d\xa6\xbf"
"\xd8\xf1\x0a\x23\x3c\x55\x6e\x87"
"\xa0\xb9\xd2\xeb\x04\x1d\x36\x4f"
"\x68\x81\x9a\xb3\xcc\xe5\xfe\x17"
"\x30\x49\x62\x7b\x94\xad\xc6\xdf"
"\xf8\x11\x2a\x43\x5c\x75\x8e\xa7"
"\xc0\xd9\xf2\x0b\x24\x3d\x56\x6f"
"\x88\xa1\xba\xd3\xec\x05\x1e\x37"
"\x50\x69\x82\x9b\xb4\xcd\xe6\xff"
"\x18\x31\x4a\x63\x7c\x95\xae\xc7"
"\xe0\xf9\x12\x2b\x44\x5d\x76\x8f"
"\xa8\xc1\xda\xf3\x0c\x25\x3e\x57"
"\x70\x89\xa2\xbb\xd4\xed\x06\x1f"
"\x38\x51\x6a\x83\x9c\xb5\xce\xe7"
"\x00\x1b\x36\x51\x6c\x87\xa2\xbd"
"\xd8\xf3\x0e\x29\x44\x5f\x7a\x95"
"\xb0\xcb\xe6\x01\x1c\x37\x52\x6d"
"\x88\xa3\xbe\xd9\xf4\x0f\x2a\x45"
"\x60\x7b\x96\xb1\xcc\xe7\x02\x1d"
"\x38\x53\x6e\x89\xa4\xbf\xda\xf5"
"\x10\x2b\x46\x61\x7c\x97\xb2\xcd"
"\xe8\x03\x1e\x39\x54\x6f\x8a\xa5"
"\xc0\xdb\xf6\x11\x2c\x47\x62\x7d"
"\x98\xb3\xce\xe9\x04\x1f\x3a\x55"
"\x70\x8b\xa6\xc1\xdc\xf7\x12\x2d"
"\x48\x63\x7e\x99\xb4\xcf\xea\x05"
"\x20\x3b\x56\x71\x8c\xa7\xc2\xdd"
"\xf8\x13\x2e\x49\x64\x7f\x9a\xb5"
"\xd0\xeb\x06\x21\x3c\x57\x72\x8d"
"\xa8\xc3\xde\xf9\x14\x2f\x4a\x65"
"\x80\x9b\xb6\xd1\xec\x07\x22\x3d"
"\x58\x73\x8e\xa9\xc4\xdf\xfa\x15"
"\x30\x4b\x66\x81\x9c\xb7\xd2\xed"
"\x08\x23\x3e\x59\x74\x8f\xaa\xc5"
"\xe0\xfb\x16\x31\x4c\x67\x82\x9d"
"\xb8\xd3\xee\x09\x24\x3f\x5a\x75"
"\x90\xab\xc6\xe1\xfc\x17\x32\x4d"
"\x68\x83\x9e\xb9\xd4\xef\x0a\x25"
"\x40\x5b\x76\x91\xac\xc7\xe2\xfd"
"\x18\x33\x4e\x69\x84\x9f\xba\xd5"
"\xf0\x0b\x26\x41\x5c\x77\x92\xad"
"\xc8\xe3\xfe\x19\x34\x4f\x6a\x85"
"\xa0\xbb\xd6\xf1\x0c\x27\x42\x5d"
"\x78\x93\xae\xc9\xe4\xff\x1a\x35"
"\x50\x6b\x86\xa1\xbc\xd7\xf2\x0d"
"\x28\x43\x5e\x79\x94\xaf\xca\xe5"
"\x00\x1d\x3a\x57\x74\x91\xae\xcb"
"\xe8\x05\x22\x3f\x5c\x79\x96\xb3"
"\xd0\xed\x0a\x27\x44\x61\x7e\x9b"
"\xb8\xd5\xf2\x0f\x2c\x49\x66\x83"
"\xa0\xbd\xda\xf7\x14\x31\x4e\x6b"
"\x88\xa5\xc2\xdf\xfc\x19\x36\x53"
"\x70\x8d\xaa\xc7\xe4\x01\x1e\x3b"
"\x58\x75\x92\xaf\xcc\xe9\x06\x23"
"\x40\x5d\x7a\x97\xb4\xd1\xee\x0b"
"\x28\x45\x62\x7f\x9c\xb9\xd6\xf3"
"\x10\x2d\x4a\x67\x84\xa1\xbe\xdb"
"\xf8\x15\x32\x4f\x6c\x89\xa6\xc3"
"\xe0\xfd\x1a\x37\x54\x71\x8e\xab"
"\xc8\xe5\x02\x1f\x3c\x59\x76\x93"
"\xb0\xcd\xea\x07\x24\x41\x5e\x7b"
"\x98\xb5\xd2\xef\x0c\x29\x46\x63"
"\x80\x9d\xba\xd7\xf4\x11\x2e\x4b"
"\x68\x85\xa2\xbf\xdc\xf9\x16\x33"
"\x50\x6d\x8a\xa7\xc4\xe1\xfe\x1b"
"\x38\x55\x72\x8f\xac\xc9\xe6\x03"
"\x20\x3d\x5a\x77\x94\xb1\xce\xeb"
"\x08\x25\x42\x5f\x7c\x99\xb6\xd3"
"\xf0\x0d\x2a\x47\x64\x81\x9e\xbb"
"\xd8\xf5\x12\x2f\x4c\x69\x86\xa3"
"\xc0\xdd\xfa\x17\x34\x51\x6e\x8b"
"\xa8\xc5\xe2\xff\x1c\x39\x56\x73"
"\x90\xad\xca\xe7\x04\x21\x3e\x5b"
"\x78\x95\xb2\xcf\xec\x09\x26\x43"
"\x60\x7d\x9a\xb7\xd4\xf1\x0e\x2b"
"\x48\x65\x82\x9f\xbc\xd9\xf6\x13"
"\x30\x4d\x6a\x87\xa4\xc1\xde\xfb"
"\x18\x35\x52\x6f\x8c\xa9\xc6\xe3"
"\x00\x1f\x3e\x5d\x7c\x9b\xba\xd9"
"\xf8\x17\x36\x55\x74\x93\xb2\xd1"
"\xf0\x0f\x2e\x4d\x6c\x8b\xaa\xc9"
"\xe8\x07\x26\x45\x64\x83\xa2\xc1"
"\xe0\xff\x1e\x3d\x5c\x7b\x9a\xb9"
"\xd8\xf7\x16\x35\x54\x73\x92\xb1"
"\xd0\xef\x0e\x2d\x4c\x6b\x8a\xa9"
"\xc8\xe7\x06\x25\x44\x63\x82\xa1"
"\xc0\xdf\xfe\x1d\x3c\x5b\x7a\x99"
"\xb8\xd7\xf6\x15\x34\x53\x72\x91"
"\xb0\xcf\xee\x0d\x2c\x4b\x6a\x89"
"\xa8\xc7\xe6\x05\x24\x43\x62\x81"
"\xa0\xbf\xde\xfd\x1c\x3b\x5a\x79"
"\x98\xb7\xd6\xf5\x14\x33\x52\x71"
"\x90\xaf\xce\xed\x0c\x2b\x4a\x69"
"\x88\xa7\xc6\xe5\x04\x23\x42\x61"
"\x80\x9f\xbe\xdd\xfc\x1b\x3a\x59"
"\x78\x97\xb6\xd5\xf4\x13\x32\x51"
"\x70\x8f\xae\xcd\xec\x0b\x2a\x49"
"\x68\x87\xa6\xc5\xe4\x03\x22\x41"
"\x60\x7f\x9e\xbd\xdc\xfb\x1a\x39"
"\x58\x77\x96\xb5\xd4\xf3\x12\x31"
"\x50\x6f\x8e\xad\xcc\xeb\x0a\x29"
"\x48\x67\x86\xa5\xc4\xe3\x02\x21"
"\x40\x5f\x7e\x9d\xbc\xdb\xfa\x19"
"\x38\x57\x76\x95\xb4\xd3\xf2\x11"
"\x30\x4f\x6e\x8d\xac\xcb\xea\x09"
"\x28\x47\x66\x85\xa4\xc3\xe2\x01"
"\x20\x3f\x5e\x7d\x9c\xbb\xda\xf9"
"\x18\x37\x56\x75\x94\xb3\xd2\xf1"
"\x10\x2f\x4e\x6d\x8c\xab\xca\xe9"
"\x08\x27\x46\x65\x84\xa3\xc2\xe1"
"\x00\x21\x42\x63",
.ctext =
"\xf0\x5c\x74\xad\x4e\xbc\x99\xe2"
"\xae\xff\x91\x3a\x44\xcf\x38\x32"
"\x1e\xad\xa7\xcd\xa1\x39\x95\xaa"
"\x10\xb1\xb3\x2e\x04\x31\x8f\x86"
"\xf2\x62\x74\x70\x0c\xa4\x46\x08"
"\xa8\xb7\x99\xa8\xe9\xd2\x73\x79"
"\x7e\x6e\xd4\x8f\x1e\xc7\x8e\x31"
"\x0b\xfa\x4b\xce\xfd\xf3\x57\x71"
"\xe9\x46\x03\xa5\x3d\x34\x00\xe2"
"\x18\xff\x75\x6d\x06\x2d\x00\xab"
"\xb9\x3e\x6c\x59\xc5\x84\x06\xb5"
"\x8b\xd0\x89\x9c\x4a\x79\x16\xc6"
"\x3d\x74\x54\xfa\x44\xcd\x23\x26"
"\x5c\xcf\x7e\x28\x92\x32\xbf\xdf"
"\xa7\x20\x3c\x74\x58\x2a\x9a\xde"
"\x61\x00\x1c\x4f\xff\x59\xc4\x22"
"\xac\x3c\xd0\xe8\x6c\xf9\x97\x1b"
"\x58\x9b\xad\x71\xe8\xa9\xb5\x0d"
"\xee\x2f\x04\x1f\x7f\xbc\x99\xee"
"\x84\xff\x42\x60\xdc\x3a\x18\xa5"
"\x81\xf9\xef\xdc\x7a\x0f\x65\x41"
"\x2f\xa3\xd3\xf9\xc2\xcb\xc0\x4d"
"\x8f\xd3\x76\x96\xad\x49\x6d\x38"
"\x3d\x39\x0b\x6c\x80\xb7\x54\x69"
"\xf0\x2c\x90\x02\x29\x0d\x1c\x12"
"\xad\x55\xc3\x8b\x68\xd9\xcc\xb3"
"\xb2\x64\x33\x90\x5e\xca\x4b\xe2"
"\xfb\x75\xdc\x63\xf7\x9f\x82\x74"
"\xf0\xc9\xaa\x7f\xe9\x2a\x9b\x33"
"\xbc\x88\x00\x7f\xca\xb2\x1f\x14"
"\xdb\xc5\x8e\x7b\x11\x3c\x3e\x08"
"\xf3\x83\xe8\xe0\x94\x86\x2e\x92"
"\x78\x6b\x01\xc9\xc7\x83\xba\x21"
"\x6a\x25\x15\x33\x4e\x45\x08\xec"
"\x35\xdb\xe0\x6e\x31\x51\x79\xa9"
"\x42\x44\x65\xc1\xa0\xf1\xf9\x2a"
"\x70\xd5\xb6\xc6\xc1\x8c\x39\xfc"
"\x25\xa6\x55\xd9\xdd\x2d\x4c\xec"
"\x49\xc6\xeb\x0e\xa8\x25\x2a\x16"
"\x1b\x66\x84\xda\xe2\x92\xe5\xc0"
"\xc8\x53\x07\xaf\x80\x84\xec\xfd"
"\xcd\xd1\x6e\xcd\x6f\x6a\xf5\x36"
"\xc5\x15\xe5\x25\x7d\x77\xd1\x1a"
"\x93\x36\xa9\xcf\x7c\xa4\x54\x4a"
"\x06\x51\x48\x4e\xf6\x59\x87\xd2"
"\x04\x02\xef\xd3\x44\xde\x76\x31"
"\xb3\x34\x17\x1b\x9d\x66\x11\x9f"
"\x1e\xcc\x17\xe9\xc7\x3c\x1b\xe7"
"\xcb\x50\x08\xfc\xdc\x2b\x24\xdb"
"\x65\x83\xd0\x3b\xe3\x30\xea\x94"
"\x6c\xe7\xe8\x35\x32\xc7\xdb\x64"
"\xb4\x01\xab\x36\x2c\x77\x13\xaf"
"\xf8\x2b\x88\x3f\x54\x39\xc4\x44"
"\xfe\xef\x6f\x68\x34\xbe\x0f\x05"
"\x16\x6d\xf6\x0a\x30\xe7\xe3\xed"
"\xc4\xde\x3c\x1b\x13\xd8\xdb\xfe"
"\x41\x62\xe5\x28\xd4\x8d\xa3\xc7"
"\x93\x97\xc6\x48\x45\x1d\x9f\x83"
"\xdf\x4b\x40\x3e\x42\x25\x87\x80"
"\x4c\x7d\xa8\xd4\x98\x23\x95\x75"
"\x41\x8c\xda\x41\x9b\xd4\xa7\x06"
"\xb5\xf1\x71\x09\x53\xbe\xca\xbf"
"\x32\x03\xed\xf0\x50\x1c\x56\x39"
"\x5b\xa4\x75\x18\xf7\x9b\x58\xef"
"\x53\xfc\x2a\x38\x23\x15\x75\xcd"
"\x45\xe5\x5a\x82\x55\xba\x21\xfa"
"\xd4\xbd\xc6\x94\x7c\xc5\x80\x12"
"\xf7\x4b\x32\xc4\x9a\x82\xd8\x28"
"\x8f\xd9\xc2\x0f\x60\x03\xbe\x5e"
"\x21\xd6\x5f\x58\xbf\x5c\xb1\x32"
"\x82\x8d\xa9\xe5\xf2\x66\x1a\xc0"
"\xa0\xbc\x58\x2f\x71\xf5\x2f\xed"
"\xd1\x26\xb9\xd8\x49\x5a\x07\x19"
"\x01\x7c\x59\xb0\xf8\xa4\xb7\xd3"
"\x7b\x1a\x8c\x38\xf4\x50\xa4\x59"
"\xb0\xcc\x41\x0b\x88\x7f\xe5\x31"
"\xb3\x42\xba\xa2\x7e\xd4\x32\x71"
"\x45\x87\x48\xa9\xc2\xf2\x89\xb3"
"\xe4\xa7\x7e\x52\x15\x61\xfa\xfe"
"\xc9\xdd\x81\xeb\x13\xab\xab\xc3"
"\x98\x59\xd8\x16\x3d\x14\x7a\x1c"
"\x3c\x41\x9a\x16\x16\x9b\xd2\xd2"
"\x69\x3a\x29\x23\xac\x86\x32\xa5"
"\x48\x9c\x9e\xf3\x47\x77\x81\x70"
"\x24\xe8\x85\xd2\xf5\xb5\xfa\xff"
"\x59\x6a\xd3\x50\x59\x43\x59\xde"
"\xd9\xf1\x55\xa5\x0c\xc3\x1a\x1a"
"\x18\x34\x0d\x1a\x63\x33\xed\x10"
"\xe0\x1d\x2a\x18\xd2\xc0\x54\xa8"
"\xca\xb5\x9a\xd3\xdd\xca\x45\x84"
"\x50\xe7\x0f\xfe\xa4\x99\x5a\xbe"
"\x43\x2d\x9a\xcb\x92\x3f\x5a\x1d"
"\x85\xd8\xc9\xdf\x68\xc9\x12\x80"
"\x56\x0c\xdc\x00\xdc\x3a\x7d\x9d"
"\xa3\xa2\xe8\x4d\xbf\xf9\x70\xa0"
"\xa4\x13\x4f\x6b\xaf\x0a\x89\x7f"
"\xda\xf0\xbf\x9b\xc8\x1d\xe5\xf8"
"\x2e\x8b\x07\xb5\x73\x1b\xcc\xa2"
"\xa6\xad\x30\xbc\x78\x3c\x5b\x10"
"\xfa\x5e\x62\x2d\x9e\x64\xb3\x33"
"\xce\xf9\x1f\x86\xe7\x8b\xa2\xb8"
"\xe8\x99\x57\x8c\x11\xed\x66\xd9"
"\x3c\x72\xb9\xc3\xe6\x4e\x17\x3a"
"\x6a\xcb\x42\x24\x06\xed\x3e\x4e"
"\xa3\xe8\x6a\x94\xda\x0d\x4e\xd5"
"\x14\x19\xcf\xb6\x26\xd8\x2e\xcc"
"\x64\x76\x38\x49\x4d\xfe\x30\x6d"
"\xe4\xc8\x8c\x7b\xc4\xe0\x35\xba"
"\x22\x6e\x76\xe1\x1a\xf2\x53\xc3"
"\x28\xa2\x82\x1f\x61\x69\xad\xc1"
"\x7b\x28\x4b\x1e\x6c\x85\x95\x9b"
"\x51\xb5\x17\x7f\x12\x69\x8c\x24"
"\xd5\xc7\x5a\x5a\x11\x54\xff\x5a"
"\xf7\x16\xc3\x91\xa6\xf0\xdc\x0a"
"\xb6\xa7\x4a\x0d\x7a\x58\xfe\xa5"
"\xf5\xcb\x8f\x7b\x0e\xea\x57\xe7"
"\xbd\x79\xd6\x1c\x88\x23\x6c\xf2"
"\x4d\x29\x77\x53\x35\x6a\x00\x8d"
"\xcd\xa3\x58\xbe\x77\x99\x18\xf8"
"\xe6\xe1\x8f\xe9\x37\x8f\xe3\xe2"
"\x5a\x8a\x93\x25\xaf\xf3\x78\x80"
"\xbe\xa6\x1b\xc6\xac\x8b\x1c\x91"
"\x58\xe1\x9f\x89\x35\x9d\x1d\x21"
"\x29\x9f\xf4\x99\x02\x27\x0f\xa8"
"\x4f\x79\x94\x2b\x33\x2c\xda\xa2"
"\x26\x39\x83\x94\xef\x27\xd8\x53"
"\x8f\x66\x0d\xe4\x41\x7d\x34\xcd"
"\x43\x7c\x95\x0a\x53\xef\x66\xda"
"\x7e\x9b\xf3\x93\xaf\xd0\x73\x71"
"\xba\x40\x9b\x74\xf8\xd7\xd7\x41"
"\x6d\xaf\x72\x9c\x8d\x21\x87\x3c"
"\xfd\x0a\x90\xa9\x47\x96\x9e\xd3"
"\x88\xee\x73\xcf\x66\x2f\x52\x56"
"\x6d\xa9\x80\x4c\xe2\x6f\x62\x88"
"\x3f\x0e\x54\x17\x48\x80\x5d\xd3"
"\xc3\xda\x25\x3d\xa1\xc8\xcb\x9f"
"\x9b\x70\xb3\xa1\xeb\x04\x52\xa1"
"\xf2\x22\x0f\xfc\xc8\x18\xfa\xf9"
"\x85\x9c\xf1\xac\xeb\x0c\x02\x46"
"\x75\xd2\xf5\x2c\xe3\xd2\x59\x94"
"\x12\xf3\x3c\xfc\xd7\x92\xfa\x36"
"\xba\x61\x34\x38\x7c\xda\x48\x3e"
"\x08\xc9\x39\x23\x5e\x02\x2c\x1a"
"\x18\x7e\xb4\xd9\xfd\x9e\x40\x02"
"\xb1\x33\x37\x32\xe7\xde\xd6\xd0"
"\x7c\x58\x65\x4b\xf8\x34\x27\x9c"
"\x44\xb4\xbd\xe9\xe9\x4c\x78\x7d"
"\x4b\x9f\xce\xb1\xcd\x47\xa5\x37"
"\xe5\x6d\xbd\xb9\x43\x94\x0a\xd4"
"\xd6\xf9\x04\x5f\xb5\x66\x6c\x1a"
"\x35\x12\xe3\x36\x28\x27\x36\x58"
"\x01\x2b\x79\xe4\xba\x6d\x10\x7d"
"\x65\xdf\x84\x95\xf4\xd5\xb6\x8f"
"\x2b\x9f\x96\x00\x86\x60\xf0\x21"
"\x76\xa8\x6a\x8c\x28\x1c\xb3\x6b"
"\x97\xd7\xb6\x53\x2a\xcc\xab\x40"
"\x9d\x62\x79\x58\x52\xe6\x65\xb7"
"\xab\x55\x67\x9c\x89\x7c\x03\xb0"
"\x73\x59\xc5\x81\xf5\x18\x17\x5c"
"\x89\xf3\x78\x35\x44\x62\x78\x72"
"\xd0\x96\xeb\x31\xe7\x87\x77\x14"
"\x99\x51\xf2\x59\x26\x9e\xb5\xa6"
"\x45\xfe\x6e\xbd\x07\x4c\x94\x5a"
"\xa5\x7d\xfc\xf1\x2b\x77\xe2\xfe"
"\x17\xd4\x84\xa0\xac\xb5\xc7\xda"
"\xa9\x1a\xb6\xf3\x74\x11\xb4\x9d"
"\xfb\x79\x2e\x04\x2d\x50\x28\x83"
"\xbf\xc6\x52\xd3\x34\xd6\xe8\x7a"
"\xb6\xea\xe7\xa8\x6c\x15\x1e\x2c"
"\x57\xbc\x48\x4e\x5f\x5c\xb6\x92"
"\xd2\x49\x77\x81\x6d\x90\x70\xae"
"\x98\xa1\x03\x0d\x6b\xb9\x77\x14"
"\xf1\x4e\x23\xd3\xf8\x68\xbd\xc2"
"\xfe\x04\xb7\x5c\xc5\x17\x60\x8f"
"\x65\x54\xa4\x7a\x42\xdc\x18\x0d"
"\xb5\xcf\x0f\xd3\xc7\x91\x66\x1b"
"\x45\x42\x27\x75\x50\xe5\xee\xb8"
"\x7f\x33\x2c\xba\x4a\x92\x4d\x2c"
"\x3c\xe3\x0d\x80\x01\xba\x0d\x29"
"\xd8\x3c\xe9\x13\x16\x57\xe6\xea"
"\x94\x52\xe7\x00\x4d\x30\xb0\x0f"
"\x35\xb8\xb8\xa7\xb1\xb5\x3b\x44"
"\xe1\x2f\xfd\x88\xed\x43\xe7\x52"
"\x10\x93\xb3\x8a\x30\x6b\x0a\xf7"
"\x23\xc6\x50\x9d\x4a\xb0\xde\xc3"
"\xdc\x9b\x2f\x01\x56\x36\x09\xc5"
"\x2f\x6b\xfe\xf1\xd8\x27\x45\x03"
"\x30\x5e\x5c\x5b\xb4\x62\x0e\x1a"
"\xa9\x21\x2b\x92\x94\x87\x62\x57"
"\x4c\x10\x74\x1a\xf1\x0a\xc5\x84"
"\x3b\x9e\x72\x02\xd7\xcc\x09\x56"
"\xbd\x54\xc1\xf0\xc3\xe3\xb3\xf8"
"\xd2\x0d\x61\xcb\xef\xce\x0d\x05"
"\xb0\x98\xd9\x8e\x4f\xf9\xbc\x93"
"\xa6\xea\xc8\xcf\x10\x53\x4b\xf1"
"\xec\xfc\x89\xf9\x64\xb0\x22\xbf"
"\x9e\x55\x46\x9f\x7c\x50\x8e\x84"
"\x54\x20\x98\xd7\x6c\x40\x1e\xdb"
"\x69\x34\x78\x61\x24\x21\x9c\x8a"
"\xb3\x62\x31\x8b\x6e\xf5\x2a\x35"
"\x86\x13\xb1\x6c\x64\x2e\x41\xa5"
"\x05\xf2\x42\xba\xd2\x3a\x0d\x8e"
"\x8a\x59\x94\x3c\xcf\x36\x27\x82"
"\xc2\x45\xee\x58\xcd\x88\xb4\xec"
"\xde\xb2\x96\x0a\xaf\x38\x6f\x88"
"\xd7\xd8\xe1\xdf\xb9\x96\xa9\x0a"
"\xb1\x95\x28\x86\x20\xe9\x17\x49"
"\xa2\x29\x38\xaa\xa5\xe9\x6e\xf1"
"\x19\x27\xc0\xd5\x2a\x22\xc3\x0b"
"\xdb\x7c\x73\x10\xb9\xba\x89\x76"
"\x54\xae\x7d\x71\xb3\x93\xf6\x32"
"\xe6\x47\x43\x55\xac\xa0\x0d\xc2"
"\x93\x27\x4a\x8e\x0e\x74\x15\xc7"
"\x0b\x85\xd9\x0c\xa9\x30\x7a\x3e"
"\xea\x8f\x85\x6d\x3a\x12\x4f\x72"
"\x69\x58\x7a\x80\xbb\xb5\x97\xf3"
"\xcf\x70\xd2\x5d\xdd\x4d\x21\x79"
"\x54\x4d\xe4\x05\xe8\xbd\xc2\x62"
"\xb1\x3b\x77\x1c\xd6\x5c\xf3\xa0"
"\x79\x00\xa8\x6c\x29\xd9\x18\x24"
"\x36\xa2\x46\xc0\x96\x65\x7f\xbd"
"\x2a\xed\x36\x16\x0c\xaa\x9f\xf4"
"\xc5\xb4\xe2\x12\xed\x69\xed\x4f"
"\x26\x2c\x39\x52\x89\x98\xe7\x2c"
"\x99\xa4\x9e\xa3\x9b\x99\x46\x7a"
"\x3a\xdc\xa8\x59\xa3\xdb\xc3\x3b"
"\x95\x0d\x3b\x09\x6e\xee\x83\x5d"
"\x32\x4d\xed\xab\xfa\x98\x14\x4e"
"\xc3\x15\x45\x53\x61\xc4\x93\xbd"
"\x90\xf4\x99\x95\x4c\xe6\x76\x92"
"\x29\x90\x46\x30\x92\x69\x7d\x13"
"\xf2\xa5\xcd\x69\x49\x44\xb2\x0f"
"\x63\x40\x36\x5f\x09\xe2\x78\xf8"
"\x91\xe3\xe2\xfa\x10\xf7\xc8\x24"
"\xa8\x89\x32\x5c\x37\x25\x1d\xb2"
"\xea\x17\x8a\x0a\xa9\x64\xc3\x7c"
"\x3c\x7c\xbd\xc6\x79\x34\xe7\xe2"
"\x85\x8e\xbf\xf8\xde\x92\xa0\xae"
"\x20\xc4\xf6\xbb\x1f\x38\x19\x0e"
"\xe8\x79\x9c\xa1\x23\xe9\x54\x7e"
"\x37\x2f\xe2\x94\x32\xaf\xa0\x23"
"\x49\xe4\xc0\xb3\xac\x00\x8f\x36"
"\x05\xc4\xa6\x96\xec\x05\x98\x4f"
"\x96\x67\x57\x1f\x20\x86\x1b\x2d"
"\x69\xe4\x29\x93\x66\x5f\xaf\x6b"
"\x88\x26\x2c\x67\x02\x4b\x52\xd0"
"\x83\x7a\x43\x1f\xc0\x71\x15\x25"
"\x77\x65\x08\x60\x11\x76\x4c\x8d"
"\xed\xa9\x27\xc6\xb1\x2a\x2c\x6a"
"\x4a\x97\xf5\xc6\xb7\x70\x42\xd3"
"\x03\xd1\x24\x95\xec\x6d\xab\x38"
"\x72\xce\xe2\x8b\x33\xd7\x51\x09"
"\xdc\x45\xe0\x09\x96\x32\xf3\xc4"
"\x84\xdc\x73\x73\x2d\x1b\x11\x98"
"\xc5\x0e\x69\x28\x94\xc7\xb5\x4d"
"\xc8\x8a\xd0\xaa\x13\x2e\x18\x74"
"\xdd\xd1\x1e\xf3\x90\xe8\xfc\x9a"
"\x72\x4a\x0e\xd1\xe4\xfb\x0d\x96"
"\xd1\x0c\x79\x85\x1b\x1c\xfe\xe1"
"\x62\x8f\x7a\x73\x32\xab\xc8\x18"
"\x69\xe3\x34\x30\xdf\x13\xa6\xe5"
"\xe8\x0e\x67\x7f\x81\x11\xb4\x60"
"\xc7\xbd\x79\x65\x50\xdc\xc4\x5b"
"\xde\x39\xa4\x01\x72\x63\xf3\xd1"
"\x64\x4e\xdf\xfc\x27\x92\x37\x0d"
"\x57\xcd\x11\x4f\x11\x04\x8e\x1d"
"\x16\xf7\xcd\x92\x9a\x99\x30\x14"
"\xf1\x7c\x67\x1b\x1f\x41\x0b\xe8"
"\x32\xe8\xb8\xc1\x4f\x54\x86\x4f"
"\xe5\x79\x81\x73\xcd\x43\x59\x68"
"\x73\x02\x3b\x78\x21\x72\x43\x00"
"\x49\x17\xf7\x00\xaf\x68\x24\x53"
"\x05\x0a\xc3\x33\xe0\x33\x3f\x69"
"\xd2\x84\x2f\x0b\xed\xde\x04\xf4"
"\x11\x94\x13\x69\x51\x09\x28\xde"
"\x57\x5c\xef\xdc\x9a\x49\x1c\x17"
"\x97\xf3\x96\xc1\x7f\x5d\x2e\x7d"
"\x55\xb8\xb3\x02\x09\xb3\x1f\xe7"
"\xc9\x8d\xa3\x36\x34\x8a\x77\x13"
"\x30\x63\x4c\xa5\xcd\xc3\xe0\x7e"
"\x05\xa1\x7b\x0c\xcb\x74\x47\x31"
"\x62\x03\x43\xf1\x87\xb4\xb0\x85"
"\x87\x8e\x4b\x25\xc7\xcf\xae\x4b"
"\x36\x46\x3e\x62\xbc\x6f\xeb\x5f"
"\x73\xac\xe6\x07\xee\xc1\xa1\xd6"
"\xc4\xab\xc9\xd6\x89\x45\xe1\xf1"
"\x04\x4e\x1a\x6f\xbb\x4f\x3a\xa3"
"\xa0\xcb\xa3\x0a\xd8\x71\x35\x55"
"\xe4\xbc\x2e\x04\x06\xe6\xff\x5b"
"\x1c\xc0\x11\x7c\xc5\x17\xf3\x38"
"\xcf\xe9\xba\x0f\x0e\xef\x02\xc2"
"\x8d\xc6\xbc\x4b\x67\x20\x95\xd7"
"\x2c\x45\x5b\x86\x44\x8c\x6f\x2e"
"\x7e\x9f\x1c\x77\xba\x6b\x0e\xa3"
"\x69\xdc\xab\x24\x57\x60\x47\xc1"
"\xd1\xa5\x9d\x23\xe6\xb1\x37\xfe"
"\x93\xd2\x4c\x46\xf9\x0c\xc6\xfb"
"\xd6\x9d\x99\x69\xab\x7a\x07\x0c"
"\x65\xe7\xc4\x08\x96\xe2\xa5\x01"
"\x3f\x46\x07\x05\x7e\xe8\x9a\x90"
"\x50\xdc\xe9\x7a\xea\xa1\x39\x6e"
"\x66\xe4\x6f\xa5\x5f\xb2\xd9\x5b"
"\xf5\xdb\x2a\x32\xf0\x11\x6f\x7c"
"\x26\x10\x8f\x3d\x80\xe9\x58\xf7"
"\xe0\xa8\x57\xf8\xdb\x0e\xce\x99"
"\x63\x19\x3d\xd5\xec\x1b\x77\x69"
"\x98\xf6\xe4\x5f\x67\x17\x4b\x09"
"\x85\x62\x82\x70\x18\xe2\x9a\x78"
"\xe2\x62\xbd\xb4\xf1\x42\xc6\xfb"
"\x08\xd0\xbd\xeb\x4e\x09\xf2\xc8"
"\x1e\xdc\x3d\x32\x21\x56\x9c\x4f"
"\x35\xf3\x61\x06\x72\x84\xc4\x32"
"\xf2\xf1\xfa\x0b\x2f\xc3\xdb\x02"
"\x04\xc2\xde\x57\x64\x60\x8d\xcf"
"\xcb\x86\x5d\x97\x3e\xb1\x9c\x01"
"\xd6\x28\x8f\x99\xbc\x46\xeb\x05"
"\xaf\x7e\xb8\x21\x2a\x56\x85\x1c"
"\xb3\x71\xa0\xde\xca\x96\xf1\x78"
"\x49\xa2\x99\x81\x80\x5c\x01\xf5"
"\xa0\xa2\x56\x63\xe2\x70\x07\xa5"
"\x95\xd6\x85\xeb\x36\x9e\xa9\x51"
"\x66\x56\x5f\x1d\x02\x19\xe2\xf6"
"\x4f\x73\x38\x09\x75\x64\x48\xe0"
"\xf1\x7e\x0e\xe8\x9d\xf9\xed\x94"
"\xfe\x16\x26\x62\x49\x74\xf4\xb0"
"\xd4\xa9\x6c\xb0\xfd\x53\xe9\x81"
"\xe0\x7a\xbf\xcf\xb5\xc4\x01\x81"
"\x79\x99\x77\x01\x3b\xe9\xa2\xb6"
"\xe6\x6a\x8a\x9e\x56\x1c\x8d\x1e"
"\x8f\x06\x55\x2c\x6c\xdc\x92\x87"
"\x64\x3b\x4b\x19\xa1\x13\x64\x1d"
"\x4a\xe9\xc0\x00\xb8\x95\xef\x6b"
"\x1a\x86\x6d\x37\x52\x02\xc2\xe0"
"\xc8\xbb\x42\x0c\x02\x21\x4a\xc9"
"\xef\xa0\x54\xe4\x5e\x16\x53\x81"
"\x70\x62\x10\xaf\xde\xb8\xb5\xd3"
"\xe8\x5e\x6c\xc3\x8a\x3e\x18\x07"
"\xf2\x2f\x7d\xa7\xe1\x3d\x4e\xb4"
"\x26\xa7\xa3\x93\x86\xb2\x04\x1e"
"\x53\x5d\x86\xd6\xde\x65\xca\xe3"
"\x4e\xc1\xcf\xef\xc8\x70\x1b\x83"
"\x13\xdd\x18\x8b\x0d\x76\xd2\xf6"
"\x37\x7a\x93\x7a\x50\x11\x9f\x96"
"\x86\x25\xfd\xac\xdc\xbe\x18\x93"
"\x19\x6b\xec\x58\x4f\xb9\x75\xa7"
"\xdd\x3f\x2f\xec\xc8\x5a\x84\xab"
"\xd5\xe4\x8a\x07\xf6\x4d\x23\xd6"
"\x03\xfb\x03\x6a\xea\x66\xbf\xd4"
"\xb1\x34\xfb\x78\xe9\x55\xdc\x7c"
"\x3d\x9c\xe5\x9a\xac\xc3\x7a\x80"
"\x24\x6d\xa0\xef\x25\x7c\xb7\xea"
"\xce\x4d\x5f\x18\x60\xce\x87\x22"
"\x66\x2f\xd5\xdd\xdd\x02\x21\x75"
"\x82\xa0\x1f\x58\xc6\xd3\x62\xf7"
"\x32\xd8\xaf\x1e\x07\x77\x51\x96"
"\xd5\x6b\x1e\x7e\x80\x02\xe8\x67"
"\xea\x17\x0b\x10\xd2\x3f\x28\x25"
"\x4f\x05\x77\x02\x14\x69\xf0\x2c"
"\xbe\x0c\xf1\x74\x30\xd1\xb9\x9b"
"\xfc\x8c\xbb\x04\x16\xd9\xba\xc3"
"\xbc\x91\x8a\xc4\x30\xa4\xb0\x12"
"\x4c\x21\x87\xcb\xc9\x1d\x16\x96"
"\x07\x6f\x23\x54\xb9\x6f\x79\xe5"
"\x64\xc0\x64\xda\xb1\xae\xdd\x60"
"\x6c\x1a\x9d\xd3\x04\x8e\x45\xb0"
"\x92\x61\xd0\x48\x81\xed\x5e\x1d"
"\xa0\xc9\xa4\x33\xc7\x13\x51\x5d"
"\x7f\x83\x73\xb6\x70\x18\x65\x3e"
"\x2f\x0e\x7a\x12\x39\x98\xab\xd8"
"\x7e\x6f\xa3\xd1\xba\x56\xad\xbd"
"\xf0\x03\x01\x1c\x85\x35\x9f\xeb"
"\x19\x63\xa1\xaf\xfe\x2d\x35\x50"
"\x39\xa0\x65\x7c\x95\x7e\x6b\xfe"
"\xc1\xac\x07\x7c\x98\x4f\xbe\x57"
"\xa7\x22\xec\xe2\x7e\x29\x09\x53"
"\xe8\xbf\xb4\x7e\x3f\x8f\xfc\x14"
"\xce\x54\xf9\x18\x58\xb5\xff\x44"
"\x05\x9d\xce\x1b\xb6\x82\x23\xc8"
"\x2e\xbc\x69\xbb\x4a\x29\x0f\x65"
"\x94\xf0\x63\x06\x0e\xef\x8c\xbd"
"\xff\xfd\xb0\x21\x6e\x57\x05\x75"
"\xda\xd5\xc4\xeb\x8d\x32\xf7\x50"
"\xd3\x6f\x22\xed\x5f\x8e\xa2\x5b"
"\x80\x8c\xc8\x78\x40\x24\x4b\x89"
"\x30\xce\x7a\x97\x0e\xc4\xaf\xef"
"\x9b\xb4\xcd\x66\x74\x14\x04\x2b"
"\xf7\xce\x0b\x1c\x6e\xc2\x78\x8c"
"\xca\xc5\xd0\x1c\x95\x4a\x91\x2d"
"\xa7\x20\xeb\x86\x52\xb7\x67\xd8"
"\x0c\xd6\x04\x14\xde\x51\x74\x75"
"\xe7\x11\xb4\x87\xa3\x3d\x2d\xad"
"\x4f\xef\xa0\x0f\x70\x00\x6d\x13"
"\x19\x1d\x41\x50\xe9\xd8\xf0\x32"
"\x71\xbc\xd3\x11\xf2\xac\xbe\xaf"
"\x75\x46\x65\x4e\x07\x34\x37\xa3"
"\x89\xfe\x75\xd4\x70\x4c\xc6\x3f"
"\x69\x24\x0e\x38\x67\x43\x8c\xde"
"\x06\xb5\xb8\xe7\xc4\xf0\x41\x8f"
"\xf0\xbd\x2f\x0b\xb9\x18\xf8\xde"
"\x64\xb1\xdb\xee\x00\x50\x77\xe1"
"\xc7\xff\xa6\xfa\xdd\x70\xf4\xe3"
"\x93\xe9\x77\x35\x3d\x4b\x2f\x2b"
"\x6d\x55\xf0\xfc\x88\x54\x4e\x89"
"\xc1\x8a\x23\x31\x2d\x14\x2a\xb8"
"\x1b\x15\xdd\x9e\x6e\x7b\xda\x05"
"\x91\x7d\x62\x64\x96\x72\xde\xfc"
"\xc1\xec\xf0\x23\x51\x6f\xdb\x5b"
"\x1d\x08\x57\xce\x09\xb8\xf6\xcd"
"\x8d\x95\xf2\x20\xbf\x0f\x20\x57"
"\x98\x81\x84\x4f\x15\x5c\x76\xe7"
"\x3e\x0a\x3a\x6c\xc4\x8a\xbe\x78"
"\x74\x77\xc3\x09\x4b\x5d\x48\xe4"
"\xc8\xcb\x0b\xea\x17\x28\xcf\xcf"
"\x31\x32\x44\xa4\xe5\x0e\x1a\x98"
"\x94\xc4\xf0\xff\xae\x3e\x44\xe8"
"\xa5\xb3\xb5\x37\x2f\xe8\xaf\x6f"
"\x28\xc1\x37\x5f\x31\xd2\xb9\x33"
"\xb1\xb2\x52\x94\x75\x2c\x29\x59"
"\x06\xc2\x25\xe8\x71\x65\x4e\xed"
"\xc0\x9c\xb1\xbb\x25\xdc\x6c\xe7"
"\x4b\xa5\x7a\x54\x7a\x60\xff\x7a"
"\xe0\x50\x40\x96\x35\x63\xe4\x0b"
"\x76\xbd\xa4\x65\x00\x1b\x57\x88"
"\xae\xed\x39\x88\x42\x11\x3c\xed"
"\x85\x67\x7d\xb9\x68\x82\xe9\x43"
"\x3c\x47\x53\xfa\xe8\xf8\x9f\x1f"
"\x9f\xef\x0f\xf7\x30\xd9\x30\x0e"
"\xb9\x9f\x69\x18\x2f\x7e\xf8\xf8"
"\xf8\x8c\x0f\xd4\x02\x4d\xea\xcd"
"\x0a\x9c\x6f\x71\x6d\x5a\x4c\x60"
"\xce\x20\x56\x32\xc6\xc5\x99\x1f"
"\x09\xe6\x4e\x18\x1a\x15\x13\xa8"
"\x7d\xb1\x6b\xc0\xb2\x6d\xf8\x26"
"\x66\xf8\x3d\x18\x74\x70\x66\x7a"
"\x34\x17\xde\xba\x47\xf1\x06\x18"
"\xcb\xaf\xeb\x4a\x1e\x8f\xa7\x77"
"\xe0\x3b\x78\x62\x66\xc9\x10\xea"
"\x1f\xb7\x29\x0a\x45\xa1\x1d\x1e"
"\x1d\xe2\x65\x61\x50\x9c\xd7\x05"
"\xf2\x0b\x5b\x12\x61\x02\xc8\xe5"
"\x63\x4f\x20\x0c\x07\x17\x33\x5e"
"\x03\x9a\x53\x0f\x2e\x55\xfe\x50"
"\x43\x7d\xd0\xb6\x7e\x5a\xda\xae"
"\x58\xef\x15\xa9\x83\xd9\x46\xb1"
"\x42\xaa\xf5\x02\x6c\xce\x92\x06"
"\x1b\xdb\x66\x45\x91\x79\xc2\x2d"
"\xe6\x53\xd3\x14\xfd\xbb\x44\x63"
"\xc6\xd7\x3d\x7a\x0c\x75\x78\x9d"
"\x5c\xa6\x39\xb3\xe5\x63\xca\x8b"
"\xfe\xd3\xef\x60\x83\xf6\x8e\x70"
"\xb6\x67\xc7\x77\xed\x23\xef\x4c"
"\xf0\xed\x2d\x07\x59\x6f\xc1\x01"
"\x34\x37\x08\xab\xd9\x1f\x09\xb1"
"\xce\x5b\x17\xff\x74\xf8\x9c\xd5"
"\x2c\x56\x39\x79\x0f\x69\x44\x75"
"\x58\x27\x01\xc4\xbf\xa7\xa1\x1d"
"\x90\x17\x77\x86\x5a\x3f\xd9\xd1"
"\x0e\xa0\x10\xf8\xec\x1e\xa5\x7f"
"\x5e\x36\xd1\xe3\x04\x2c\x70\xf7"
"\x8e\xc0\x98\x2f\x6c\x94\x2b\x41"
"\xb7\x60\x00\xb7\x2e\xb8\x02\x8d"
"\xb8\xb0\xd3\x86\xba\x1d\xd7\x90"
"\xd6\xb6\xe1\xfc\xd7\xd8\x28\x06"
"\x63\x9b\xce\x61\x24\x79\xc0\x70"
"\x52\xd0\xb6\xd4\x28\x95\x24\x87"
"\x03\x1f\xb7\x9a\xda\xa3\xfb\x52"
"\x5b\x68\xe7\x4c\x8c\x24\xe1\x42"
"\xf7\xd5\xfd\xad\x06\x32\x9f\xba"
"\xc1\xfc\xdd\xc6\xfc\xfc\xb3\x38"
"\x74\x56\x58\x40\x02\x37\x52\x2c"
"\x55\xcc\xb3\x9e\x7a\xe9\xd4\x38"
"\x41\x5e\x0c\x35\xe2\x11\xd1\x13"
"\xf8\xb7\x8d\x72\x6b\x22\x2a\xb0"
"\xdb\x08\xba\x35\xb9\x3f\xc8\xd3"
"\x24\x90\xec\x58\xd2\x09\xc7\x2d"
"\xed\x38\x80\x36\x72\x43\x27\x49"
"\x4a\x80\x8a\xa2\xe8\xd3\xda\x30"
"\x7d\xb6\x82\x37\x86\x92\x86\x3e"
"\x08\xb2\x28\x5a\x55\x44\x24\x7d"
"\x40\x48\x8a\xb6\x89\x58\x08\xa0"
"\xd6\x6d\x3a\x17\xbf\xf6\x54\xa2"
"\xf5\xd3\x8c\x0f\x78\x12\x57\x8b"
"\xd5\xc2\xfd\x58\x5b\x7f\x38\xe3"
"\xcc\xb7\x7c\x48\xb3\x20\xe8\x81"
"\x14\x32\x45\x05\xe0\xdb\x9f\x75"
"\x85\xb4\x6a\xfc\x95\xe3\x54\x22"
"\x12\xee\x30\xfe\xd8\x30\xef\x34"
"\x50\xab\x46\x30\x98\x2f\xb7\xc0"
"\x15\xa2\x83\xb6\xf2\x06\x21\xa2"
"\xc3\x26\x37\x14\xd1\x4d\xb5\x10"
"\x52\x76\x4d\x6a\xee\xb5\x2b\x15"
"\xb7\xf9\x51\xe8\x2a\xaf\xc7\xfa"
"\x77\xaf\xb0\x05\x4d\xd1\x68\x8e"
"\x74\x05\x9f\x9d\x93\xa5\x3e\x7f"
"\x4e\x5f\x9d\xcb\x09\xc7\x83\xe3"
"\x02\x9d\x27\x1f\xef\x85\x05\x8d"
"\xec\x55\x88\x0f\x0d\x7c\x4c\xe8"
"\xa1\x75\xa0\xd8\x06\x47\x14\xef"
"\xaa\x61\xcf\x26\x15\xad\xd8\xa3"
"\xaa\x75\xf2\x78\x4a\x5a\x61\xdf"
"\x8b\xc7\x04\xbc\xb2\x32\xd2\x7e"
"\x42\xee\xb4\x2f\x51\xff\x7b\x2e"
"\xd3\x02\xe8\xdc\x5d\x0d\x50\xdc"
"\xae\xb7\x46\xf9\xa8\xe6\xd0\x16"
"\xcc\xe6\x2c\x81\xc7\xad\xe9\xf0"
"\x05\x72\x6d\x3d\x0a\x7a\xa9\x02"
"\xac\x82\x93\x6e\xb6\x1c\x28\xfc"
"\x44\x12\xfb\x73\x77\xd4\x13\x39"
"\x29\x88\x8a\xf3\x5c\xa6\x36\xa0"
"\x2a\xed\x7e\xb1\x1d\xd6\x4c\x6b"
"\x41\x01\x18\x5d\x5d\x07\x97\xa6"
"\x4b\xef\x31\x18\xea\xac\xb1\x84"
"\x21\xed\xda\x86",
.len = 4100,
.np = 2,
.tap = { 4064, 36 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec aes_ofb_tv_template[] = {
/* From NIST Special Publication 800-38A, Appendix F.5 */
{
.key = "\x2b\x7e\x15\x16\x28\xae\xd2\xa6"
"\xab\xf7\x15\x88\x09\xcf\x4f\x3c",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x00\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.ptext = "\x6b\xc1\xbe\xe2\x2e\x40\x9f\x96"
"\xe9\x3d\x7e\x11\x73\x93\x17\x2a"
"\xae\x2d\x8a\x57\x1e\x03\xac\x9c"
"\x9e\xb7\x6f\xac\x45\xaf\x8e\x51"
"\x30\xc8\x1c\x46\xa3\x5c\xe4\x11"
"\xe5\xfb\xc1\x19\x1a\x0a\x52\xef"
"\xf6\x9f\x24\x45\xdf\x4f\x9b\x17"
"\xad\x2b\x41\x7b\xe6\x6c\x37\x10",
.ctext = "\x3b\x3f\xd9\x2e\xb7\x2d\xad\x20"
"\x33\x34\x49\xf8\xe8\x3c\xfb\x4a"
"\x77\x89\x50\x8d\x16\x91\x8f\x03\xf5"
"\x3c\x52\xda\xc5\x4e\xd8\x25"
"\x97\x40\x05\x1e\x9c\x5f\xec\xf6\x43"
"\x44\xf7\xa8\x22\x60\xed\xcc"
"\x30\x4c\x65\x28\xf6\x59\xc7\x78"
"\x66\xa5\x10\xd9\xc1\xd6\xae\x5e",
.len = 64,
}
};
static const struct aead_testvec aes_gcm_enc_tv_template[] = {
{ /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
.key = zeroed_string,
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x58\xe2\xfc\xce\xfa\x7e\x30\x61"
"\x36\x7f\x1d\x57\xa4\xe7\x45\x5a",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = zeroed_string,
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = zeroed_string,
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x03\x88\xda\xce\x60\xb6\xa3\x92"
"\xf3\x28\xc2\xb9\x71\xb2\xfe\x78"
"\xab\x6e\x47\xd4\x2c\xec\x13\xbd"
"\xf5\x3a\x67\xb2\x12\x57\xbd\xdf",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
.ilen = 64,
.result = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
"\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
"\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
"\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
"\x21\xd5\x14\xb2\x54\x66\x93\x1c"
"\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
"\x1b\xa3\x0b\x39\x6a\x0a\xac\x97"
"\x3d\x58\xe0\x91\x47\x3f\x59\x85"
"\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6"
"\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39",
.ilen = 60,
.assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xab\xad\xda\xd2",
.alen = 20,
.result = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
"\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
"\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
"\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
"\x21\xd5\x14\xb2\x54\x66\x93\x1c"
"\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
"\x1b\xa3\x0b\x39\x6a\x0a\xac\x97"
"\x3d\x58\xe0\x91"
"\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb"
"\x94\xfa\xe9\x5a\xe7\x12\x1a\x47",
.rlen = 76,
}, {
.key = zeroed_string,
.klen = 24,
.result = "\xcd\x33\xb2\x8a\xc7\x73\xf7\x4b"
"\xa0\x0e\xd1\xf3\x12\x57\x24\x35",
.rlen = 16,
}, {
.key = zeroed_string,
.klen = 24,
.input = zeroed_string,
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41"
"\x1c\x26\x7e\x43\x84\xb0\xf6\x00"
"\x2f\xf5\x8d\x80\x03\x39\x27\xab"
"\x8e\xf4\xd4\x58\x75\x14\xf0\xfb",
.rlen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\xfe\xff\xe9\x92\x86\x65\x73\x1c",
.klen = 24,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
.ilen = 64,
.result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
"\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
"\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
"\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
"\x7d\x77\x3d\x00\xc1\x44\xc5\x25"
"\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
"\x18\xe2\x44\x8b\x2f\xe3\x24\xd9"
"\xcc\xda\x27\x10\xac\xad\xe2\x56"
"\x99\x24\xa7\xc8\x58\x73\x36\xbf"
"\xb1\x18\x02\x4d\xb8\x67\x4a\x14",
.rlen = 80,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\xfe\xff\xe9\x92\x86\x65\x73\x1c",
.klen = 24,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39",
.ilen = 60,
.assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xab\xad\xda\xd2",
.alen = 20,
.result = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
"\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
"\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
"\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
"\x7d\x77\x3d\x00\xc1\x44\xc5\x25"
"\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
"\x18\xe2\x44\x8b\x2f\xe3\x24\xd9"
"\xcc\xda\x27\x10"
"\x25\x19\x49\x8e\x80\xf1\x47\x8f"
"\x37\xba\x55\xbd\x6d\x27\x61\x8c",
.rlen = 76,
.np = 2,
.tap = { 32, 28 },
.anp = 2,
.atap = { 8, 12 }
}, {
.key = zeroed_string,
.klen = 32,
.result = "\x53\x0f\x8a\xfb\xc7\x45\x36\xb9"
"\xa9\x63\xb4\xf1\xc4\xcb\x73\x8b",
.rlen = 16,
}
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec aes_gcm_dec_tv_template[] = {
{ /* From McGrew & Viega - http://citeseer.ist.psu.edu/656989.html */
.key = zeroed_string,
.klen = 32,
.input = "\xce\xa7\x40\x3d\x4d\x60\x6b\x6e"
"\x07\x4e\xc5\xd3\xba\xf3\x9d\x18"
"\xd0\xd1\xc8\xa7\x99\x99\x6b\xf0"
"\x26\x5b\x98\xb5\xd4\x8a\xb9\x19",
.ilen = 32,
.result = zeroed_string,
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 32,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07"
"\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
"\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9"
"\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
"\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d"
"\xa7\xb0\x8b\x10\x56\x82\x88\x38"
"\xc5\xf6\x1e\x63\x93\xba\x7a\x0a"
"\xbc\xc9\xf6\x62\x89\x80\x15\xad"
"\xb0\x94\xda\xc5\xd9\x34\x71\xbd"
"\xec\x1a\x50\x22\x70\xe3\xcc\x6c",
.ilen = 80,
.result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
.rlen = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 32,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\x52\x2d\xc1\xf0\x99\x56\x7d\x07"
"\xf4\x7f\x37\xa3\x2a\x84\x42\x7d"
"\x64\x3a\x8c\xdc\xbf\xe5\xc0\xc9"
"\x75\x98\xa2\xbd\x25\x55\xd1\xaa"
"\x8c\xb0\x8e\x48\x59\x0d\xbb\x3d"
"\xa7\xb0\x8b\x10\x56\x82\x88\x38"
"\xc5\xf6\x1e\x63\x93\xba\x7a\x0a"
"\xbc\xc9\xf6\x62"
"\x76\xfc\x6e\xce\x0f\x4e\x17\x68"
"\xcd\xdf\x88\x53\xbb\x2d\x55\x1b",
.ilen = 76,
.assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xab\xad\xda\xd2",
.alen = 20,
.result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39",
.rlen = 60,
.np = 2,
.tap = { 48, 28 },
.anp = 3,
.atap = { 8, 8, 4 }
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
"\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
"\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
"\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
"\x21\xd5\x14\xb2\x54\x66\x93\x1c"
"\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
"\x1b\xa3\x0b\x39\x6a\x0a\xac\x97"
"\x3d\x58\xe0\x91\x47\x3f\x59\x85"
"\x4d\x5c\x2a\xf3\x27\xcd\x64\xa6"
"\x2c\xf3\x5a\xbd\x2b\xa6\xfa\xb4",
.ilen = 80,
.result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
.rlen = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\x42\x83\x1e\xc2\x21\x77\x74\x24"
"\x4b\x72\x21\xb7\x84\xd0\xd4\x9c"
"\xe3\xaa\x21\x2f\x2c\x02\xa4\xe0"
"\x35\xc1\x7e\x23\x29\xac\xa1\x2e"
"\x21\xd5\x14\xb2\x54\x66\x93\x1c"
"\x7d\x8f\x6a\x5a\xac\x84\xaa\x05"
"\x1b\xa3\x0b\x39\x6a\x0a\xac\x97"
"\x3d\x58\xe0\x91"
"\x5b\xc9\x4f\xbc\x32\x21\xa5\xdb"
"\x94\xfa\xe9\x5a\xe7\x12\x1a\x47",
.ilen = 76,
.assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xab\xad\xda\xd2",
.alen = 20,
.result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39",
.rlen = 60,
}, {
.key = zeroed_string,
.klen = 24,
.input = "\x98\xe7\x24\x7c\x07\xf0\xfe\x41"
"\x1c\x26\x7e\x43\x84\xb0\xf6\x00"
"\x2f\xf5\x8d\x80\x03\x39\x27\xab"
"\x8e\xf4\xd4\x58\x75\x14\xf0\xfb",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = zeroed_string,
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\xfe\xff\xe9\x92\x86\x65\x73\x1c",
.klen = 24,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
"\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
"\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
"\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
"\x7d\x77\x3d\x00\xc1\x44\xc5\x25"
"\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
"\x18\xe2\x44\x8b\x2f\xe3\x24\xd9"
"\xcc\xda\x27\x10\xac\xad\xe2\x56"
"\x99\x24\xa7\xc8\x58\x73\x36\xbf"
"\xb1\x18\x02\x4d\xb8\x67\x4a\x14",
.ilen = 80,
.result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39\x1a\xaf\xd2\x55",
.rlen = 64,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\xfe\xff\xe9\x92\x86\x65\x73\x1c",
.klen = 24,
.iv = "\xca\xfe\xba\xbe\xfa\xce\xdb\xad"
"\xde\xca\xf8\x88",
.input = "\x39\x80\xca\x0b\x3c\x00\xe8\x41"
"\xeb\x06\xfa\xc4\x87\x2a\x27\x57"
"\x85\x9e\x1c\xea\xa6\xef\xd9\x84"
"\x62\x85\x93\xb4\x0c\xa1\xe1\x9c"
"\x7d\x77\x3d\x00\xc1\x44\xc5\x25"
"\xac\x61\x9d\x18\xc8\x4a\x3f\x47"
"\x18\xe2\x44\x8b\x2f\xe3\x24\xd9"
"\xcc\xda\x27\x10"
"\x25\x19\x49\x8e\x80\xf1\x47\x8f"
"\x37\xba\x55\xbd\x6d\x27\x61\x8c",
.ilen = 76,
.assoc = "\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xfe\xed\xfa\xce\xde\xad\xbe\xef"
"\xab\xad\xda\xd2",
.alen = 20,
.result = "\xd9\x31\x32\x25\xf8\x84\x06\xe5"
"\xa5\x59\x09\xc5\xaf\xf5\x26\x9a"
"\x86\xa7\xa9\x53\x15\x34\xf7\xda"
"\x2e\x4c\x30\x3d\x8a\x31\x8a\x72"
"\x1c\x3c\x0c\x95\x95\x68\x09\x53"
"\x2f\xcf\x0e\x24\x49\xa6\xb5\x25"
"\xb1\x6a\xed\xf5\xaa\x0d\xe6\x57"
"\xba\x63\x7b\x39",
.rlen = 60,
}
};
static const struct aead_testvec aes_gcm_rfc4106_enc_tv_template[] = {
{ /* Generated using Crypto++ */
.key = zeroed_string,
.klen = 20,
.iv = zeroed_string,
.input = zeroed_string,
.ilen = 16,
.assoc = zeroed_string,
.alen = 16,
.result = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92"
"\xF3\x28\xC2\xB9\x71\xB2\xFE\x78"
"\x97\xFE\x4C\x23\x37\x42\x01\xE0"
"\x81\x9F\x8D\xC5\xD7\x41\xA0\x1B",
.rlen = 32,
},{
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = zeroed_string,
.ilen = 16,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18"
"\x88\xB1\xC5\xBC\xC5\xB6\xD6\x28"
"\x6A\x9D\xDF\x11\x5E\xFE\x5E\x9D"
"\x2F\x70\x44\x92\xF7\xF2\xE3\xEF",
.rlen = 32,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = zeroed_string,
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 16,
.assoc = zeroed_string,
.alen = 16,
.result = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
"\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
"\x0B\x8F\x88\x69\x17\xE6\xB4\x3C"
"\xB1\x68\xFD\x14\x52\x64\x61\xB2",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = zeroed_string,
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
.result = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
"\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
"\x90\x92\xB7\xE3\x5F\xA3\x9A\x63"
"\x7E\xD7\x1F\xD8\xD3\x7C\x4B\xF5",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
"\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
"\x64\x50\xF9\x32\x13\xFB\x74\x61"
"\xF4\xED\x52\xD3\xC5\x10\x55\x3C",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 64,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
"\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
"\x98\x14\xA1\x42\x37\x80\xFD\x90"
"\x68\x12\x01\xA8\x91\x89\xB9\x83"
"\x5B\x11\x77\x12\x9B\xFF\x24\x89"
"\x94\x5F\x18\x12\xBA\x27\x09\x39"
"\x99\x96\x76\x42\x15\x1C\xCD\xCB"
"\xDC\xD3\xDA\x65\x73\xAF\x80\xCD"
"\xD2\xB6\xC2\x4A\x76\xC2\x92\x85"
"\xBD\xCF\x62\x98\x58\x14\xE5\xBD",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
.ilen = 192,
.assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
"\x89\xab\xcd\xef",
.alen = 20,
.result = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE"
"\xDE\x89\x3D\x42\xE7\xC9\x69\x8A"
"\x44\x6D\xC3\x88\x46\x2E\xC2\x01"
"\x5E\xF6\x0C\x39\xF0\xC4\xA5\x82"
"\xCD\xE8\x31\xCC\x0A\x4C\xE4\x44"
"\x41\xA9\x82\x6F\x22\xA1\x23\x1A"
"\xA8\xE3\x16\xFD\x31\x5C\x27\x31"
"\xF1\x7F\x01\x63\xA3\xAF\x70\xA1"
"\xCF\x07\x57\x41\x67\xD0\xC4\x42"
"\xDB\x18\xC6\x4C\x4C\xE0\x3D\x9F"
"\x05\x07\xFB\x13\x7D\x4A\xCA\x5B"
"\xF0\xBF\x64\x7E\x05\xB1\x72\xEE"
"\x7C\x3B\xD4\xCD\x14\x03\xB2\x2C"
"\xD3\xA9\xEE\xFA\x17\xFC\x9C\xDF"
"\xC7\x75\x40\xFF\xAE\xAD\x1E\x59"
"\x2F\x30\x24\xFB\xAD\x6B\x10\xFA"
"\x6C\x9F\x5B\xE7\x25\xD5\xD0\x25"
"\xAC\x4A\x4B\xDA\xFC\x7A\x85\x1B"
"\x7E\x13\x06\x82\x08\x17\xA4\x35"
"\xEC\xC5\x8D\x63\x96\x81\x0A\x8F"
"\xA3\x05\x38\x95\x20\x1A\x47\x04"
"\x6F\x6D\xDA\x8F\xEF\xC1\x76\x35"
"\x6B\xC7\x4D\x0F\x94\x12\xCA\x3E"
"\x2E\xD5\x03\x2E\x86\x7E\xAA\x3B"
"\x37\x08\x1C\xCF\xBA\x5D\x71\x46"
"\x80\x72\xB0\x4C\x82\x0D\x60\x3C",
.rlen = 208,
}, { /* From draft-mcgrew-gcm-test-01 */
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x2E\x44\x3B\x68",
.klen = 20,
.iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
.input = "\x45\x00\x00\x48\x69\x9A\x00\x00"
"\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
"\x38\xD3\x01\x00\x00\x01\x00\x00"
"\x00\x00\x00\x00\x04\x5F\x73\x69"
"\x70\x04\x5F\x75\x64\x70\x03\x73"
"\x69\x70\x09\x63\x79\x62\x65\x72"
"\x63\x69\x74\x79\x02\x64\x6B\x00"
"\x00\x21\x00\x01\x01\x02\x02\x01",
.ilen = 72,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x00\x49\x56\xED\x7E"
"\x3B\x24\x4C\xFE",
.alen = 20,
.result = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07"
"\xDC\x30\xDF\x52\x8D\xD2\x2B\x76"
"\x8D\x1B\x98\x73\x66\x96\xA6\xFD"
"\x34\x85\x09\xFA\x13\xCE\xAC\x34"
"\xCF\xA2\x43\x6F\x14\xA3\xF3\xCF"
"\x65\x92\x5B\xF1\xF4\xA1\x3C\x5D"
"\x15\xB2\x1E\x18\x84\xF5\xFF\x62"
"\x47\xAE\xAB\xB7\x86\xB9\x3B\xCE"
"\x61\xBC\x17\xD7\x68\xFD\x97\x32"
"\x45\x90\x18\x14\x8F\x6C\xBE\x72"
"\x2F\xD0\x47\x96\x56\x2D\xFD\xB4",
.rlen = 88,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xCA\xFE\xBA\xBE",
.klen = 20,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.input = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
"\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x98\x00\x35"
"\x00\x2A\x23\x43\xB2\xD0\x01\x00"
"\x00\x01\x00\x00\x00\x00\x00\x00"
"\x03\x73\x69\x70\x09\x63\x79\x62"
"\x65\x72\x63\x69\x74\x79\x02\x64"
"\x6B\x00\x00\x01\x00\x01\x00\x01",
.ilen = 64,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1"
"\x6E\x3A\x65\xBE\xEB\x8D\xF3\x04"
"\xA5\xA5\x89\x7D\x33\xAE\x53\x0F"
"\x1B\xA7\x6D\x5D\x11\x4D\x2A\x5C"
"\x3D\xE8\x18\x27\xC1\x0E\x9A\x4F"
"\x51\x33\x0D\x0E\xEC\x41\x66\x42"
"\xCF\xBB\x85\xA5\xB4\x7E\x48\xA4"
"\xEC\x3B\x9B\xA9\x5D\x91\x8B\xD1"
"\x83\xB7\x0D\x3A\xA8\xBC\x6E\xE4"
"\xC3\x09\xE9\xD8\x5A\x41\xAD\x4A",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x11\x22\x33\x44",
.klen = 36,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
.input = "\x45\x00\x00\x30\x69\xA6\x40\x00"
"\x80\x06\x26\x90\xC0\xA8\x01\x02"
"\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
"\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
"\x70\x02\x40\x00\x20\xBF\x00\x00"
"\x02\x04\x05\xB4\x01\x01\x04\x02"
"\x01\x02\x02\x01",
.ilen = 52,
.assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
"\x01\x02\x03\x04\x05\x06\x07\x08",
.alen = 16,
.result = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF"
"\x7A\x3B\xCD\x51\x01\x94\xE0\x0D"
"\x6A\x78\x10\x7F\x1B\x0B\x1C\xBF"
"\x06\xEF\xAE\x9D\x65\xA5\xD7\x63"
"\x74\x8A\x63\x79\x85\x77\x1D\x34"
"\x7F\x05\x45\x65\x9F\x14\xE9\x9D"
"\xEF\x84\x2D\x8E\xB3\x35\xF4\xEE"
"\xCF\xDB\xF8\x31\x82\x4B\x4C\x49"
"\x15\x95\x6C\x96",
.rlen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.input = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
"\x80\x01\xCB\x7A\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x07\x5C"
"\x02\x00\x44\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.ilen = 64,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
.result = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92"
"\x73\x29\x09\xC3\x31\xD5\x6D\x60"
"\xF6\x94\xAB\xAA\x41\x4B\x5E\x7F"
"\xF5\xFD\xCD\xFF\xF5\xE9\xA2\x84"
"\x45\x64\x76\x49\x27\x19\xFF\xB6"
"\x4D\xE7\xD9\xDC\xA1\xE1\xD8\x94"
"\xBC\x3B\xD5\x78\x73\xED\x4D\x18"
"\x1D\x19\xD4\xD5\xC8\xC1\x8A\xF3"
"\xF8\x21\xD4\x96\xEE\xB0\x96\xE9"
"\x8A\xD2\xB6\x9E\x47\x99\xC7\x1D",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
"\x80\x01\xCB\x7C\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x08\x5C"
"\x02\x00\x43\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.ilen = 64,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0"
"\xF2\x2C\xB1\x0D\x86\xDD\x83\xB0"
"\xFE\xC7\x56\x91\xCF\x1A\x04\xB0"
"\x0D\x11\x38\xEC\x9C\x35\x79\x17"
"\x65\xAC\xBD\x87\x01\xAD\x79\x84"
"\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9"
"\x17\x55\xE6\x66\x2B\x4C\x8D\x0D"
"\x1F\x5E\x22\x73\x95\x30\x32\x0A"
"\xE0\xD7\x31\xCC\x97\x8E\xCA\xFA"
"\xEA\xE8\x8F\x00\xE8\x0D\x6E\x48",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
"\x80\x01\x44\x1F\x40\x67\x93\xB6"
"\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
"\x01\x02\x02\x01",
.ilen = 28,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0"
"\xF2\x2C\x3E\x6E\x86\xDD\x83\x1E"
"\x1F\xC6\x57\x92\xCD\x1A\xF9\x13"
"\x0E\x13\x79\xED\x36\x9F\x07\x1F"
"\x35\xE0\x34\xBE\x95\xF1\x12\xE4"
"\xE7\xD0\x5D\x35",
.rlen = 44,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\xCA\xFE\xBA\xBE",
.klen = 28,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.input = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
"\x40\x06\x78\x80\x0A\x01\x03\x8F"
"\x0A\x01\x06\x12\x80\x23\x06\xB8"
"\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
"\x50\x10\x16\xD0\x75\x68\x00\x01",
.ilen = 40,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4"
"\x0E\x59\x8B\x81\x22\xDE\x02\x42"
"\x09\x38\xB3\xAB\x33\xF8\x28\xE6"
"\x87\xB8\x85\x8B\x5B\xFB\xDB\xD0"
"\x31\x5B\x27\x45\x21\x44\xCC\x77"
"\x95\x45\x7B\x96\x52\x03\x7F\x53"
"\x18\x02\x7B\x5B\x4C\xD7\xA6\x36",
.rlen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8\x88",
.klen = 20,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.input = "\x45\x00\x00\x49\x33\xBA\x00\x00"
"\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xDD\x7B\x80\x03\x02\xD5"
"\x00\x00\x4E\x20\x00\x1E\x8C\x18"
"\xD7\x5B\x81\xDC\x91\xBA\xA0\x47"
"\x6B\x91\xB9\x24\xB2\x80\x38\x9D"
"\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
"\x9B\x62\x66\xC0\x47\x22\xB1\x49"
"\x23\x01\x01\x01",
.ilen = 76,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.result = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A"
"\xB2\xA2\xEA\x90\x1F\x73\xD8\x14"
"\xE3\xE7\xF2\x43\xD9\x54\x12\xE1"
"\xC3\x49\xC1\xD2\xFB\xEC\x16\x8F"
"\x91\x90\xFE\xEB\xAF\x2C\xB0\x19"
"\x84\xE6\x58\x63\x96\x5D\x74\x72"
"\xB7\x9D\xA3\x45\xE0\xE7\x80\x19"
"\x1F\x0D\x2F\x0E\x0F\x49\x6C\x22"
"\x6F\x21\x27\xB2\x7D\xB3\x57\x24"
"\xE7\x84\x5D\x68\x65\x1F\x57\xE6"
"\x5F\x35\x4F\x75\xFF\x17\x01\x57"
"\x69\x62\x34\x36",
.rlen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C\x74",
.klen = 36,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.input = "\x45\x08\x00\x28\x73\x2C\x00\x00"
"\x40\x06\xE9\xF9\x0A\x01\x06\x12"
"\x0A\x01\x03\x8F\x06\xB8\x80\x23"
"\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
"\x50\x10\x1F\x64\x6D\x54\x00\x01",
.ilen = 40,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.result = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B"
"\x8D\x5E\xF3\x8B\xAD\x4D\xA5\x8D"
"\x1F\x27\x8F\xDE\x98\xEF\x67\x54"
"\x9D\x52\x4A\x30\x18\xD9\xA5\x7F"
"\xF4\xD3\xA3\x1C\xE6\x73\x11\x9E"
"\x45\x16\x26\xC2\x41\x57\x71\xE3"
"\xB7\xEE\xBC\xA6\x14\xC8\x9B\x35",
.rlen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x49\x33\x3E\x00\x00"
"\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xCB\x45\x80\x03\x02\x5B"
"\x00\x00\x01\xE0\x00\x1E\x8C\x18"
"\xD6\x57\x59\xD5\x22\x84\xA0\x35"
"\x2C\x71\x47\x5C\x88\x80\x39\x1C"
"\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
"\x5A\xE2\x70\xC0\x38\x99\x49\x39"
"\x15\x01\x01\x01",
.ilen = 76,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0"
"\x0D\x3C\xEB\xF3\x05\x41\x0D\xB8"
"\x3D\x77\x84\xB6\x07\x32\x3D\x22"
"\x0F\x24\xB0\xA9\x7D\x54\x18\x28"
"\x00\xCA\xDB\x0F\x68\xD9\x9E\xF0"
"\xE0\xC0\xC8\x9A\xE9\xBE\xA8\x88"
"\x4E\x52\xD6\x5B\xC1\xAF\xD0\x74"
"\x0F\x74\x24\x44\x74\x7B\x5B\x39"
"\xAB\x53\x31\x63\xAA\xD4\x55\x0E"
"\xE5\x16\x09\x75\xCD\xB6\x08\xC5"
"\x76\x91\x89\x60\x97\x63\xB8\xE1"
"\x8C\xAA\x81\xE2",
.rlen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C\x74",
.klen = 36,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.input = "\x63\x69\x73\x63\x6F\x01\x72\x75"
"\x6C\x65\x73\x01\x74\x68\x65\x01"
"\x6E\x65\x74\x77\x65\x01\x64\x65"
"\x66\x69\x6E\x65\x01\x74\x68\x65"
"\x74\x65\x63\x68\x6E\x6F\x6C\x6F"
"\x67\x69\x65\x73\x01\x74\x68\x61"
"\x74\x77\x69\x6C\x6C\x01\x64\x65"
"\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
"\x72\x72\x6F\x77\x01\x02\x02\x01",
.ilen = 72,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.result = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E"
"\xA1\x3D\x69\x73\xD3\x24\xC6\x9E"
"\x7B\x43\xF8\x26\xFB\x56\x83\x12"
"\x26\x50\x8B\xEB\xD2\xDC\xEB\x18"
"\xD0\xA6\xDF\x10\xE5\x48\x7D\xF0"
"\x74\x11\x3E\x14\xC6\x41\x02\x4E"
"\x3E\x67\x73\xD9\x1A\x62\xEE\x42"
"\x9B\x04\x3A\x10\xE3\xEF\xE6\xB0"
"\x12\xA4\x93\x63\x41\x23\x64\xF8"
"\xC0\xCA\xC5\x87\xF2\x49\xE5\x6B"
"\x11\xE2\x4F\x30\xE4\x4C\xCC\x76",
.rlen = 88,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
"\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
"\xD9\x66\x42\x67",
.klen = 20,
.iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.input = "\x01\x02\x02\x01",
.ilen = 4,
.assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
"\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F"
"\xE9\xB0\x82\x2B\xAC\x96\x1C\x45"
"\x04\xBE\xF2\x70",
.rlen = 20,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8\x88",
.klen = 20,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.input = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
"\x01\x6E\x6F\x74\x01\x74\x6F\x01"
"\x62\x65\x00\x01",
.ilen = 20,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.result = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38"
"\xCC\xDD\x14\xE2\xDD\xFC\xAA\x05"
"\x43\x33\x21\x64\x41\x25\x03\x52"
"\x43\x03\xED\x3C\x6C\x5F\x28\x38"
"\x43\xAF\x8C\x3E",
.rlen = 36,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
"\x6D\x61\x72\x69\x6A\x75\x61\x6E"
"\x61\x61\x6E\x64\x64\x6F\x69\x74"
"\x62\x65\x66\x6F\x72\x65\x69\x61"
"\x74\x75\x72\x6E",
.klen = 36,
.iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
.input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.ilen = 52,
.assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
"\x67\x65\x74\x6D",
.alen = 20,
.result = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC"
"\xE1\x76\x44\xAC\x8C\x78\xE2\x5D"
"\xD2\x4D\xED\xBB\x29\xEB\xF1\xB6"
"\x4A\x27\x4B\x39\xB4\x9C\x3A\x86"
"\x4C\xD3\xD7\x8C\xA4\xAE\x68\xA3"
"\x2B\x42\x45\x8F\xB5\x7D\xBE\x82"
"\x1D\xCC\x63\xB9\xD0\x93\x7B\xA2"
"\x94\x5F\x66\x93\x68\x66\x1A\x32"
"\x9F\xB4\xC0\x53",
.rlen = 68,
}, {
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.ilen = 52,
.assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0"
"\xF2\x2C\xA5\x4A\x06\x12\x10\xAD"
"\x3F\x6E\x57\x91\xCF\x1A\xCA\x21"
"\x0D\x11\x7C\xEC\x9C\x35\x79\x17"
"\x65\xAC\xBD\x87\x01\xAD\x79\x84"
"\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9"
"\x63\x21\x93\x06\x84\xEE\xCA\xDB"
"\x56\x91\x25\x46\xE7\xA9\x5C\x97"
"\x40\xD7\xCB\x05",
.rlen = 68,
}, {
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x22\x43\x3C\x64",
.klen = 20,
.iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
.input = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
"\x71\x72\x73\x74\x01\x02\x02\x01",
.ilen = 32,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x07\x48\x55\xEC\x7D"
"\x3A\x23\x4B\xFD",
.alen = 20,
.result = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C"
"\xD7\xC0\xF4\xAC\xC3\x6C\x4B\xFF"
"\x84\xB7\xD7\xB9\x8F\x0C\xA8\xB6"
"\xAC\xDA\x68\x94\xBC\x61\x90\x69"
"\xEF\x9C\xBC\x28\xFE\x1B\x56\xA7"
"\xC4\xE0\xD5\x8C\x86\xCD\x2B\xC0",
.rlen = 48,
}
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec aes_gcm_rfc4106_dec_tv_template[] = {
{ /* Generated using Crypto++ */
.key = zeroed_string,
.klen = 20,
.iv = zeroed_string,
.input = "\x03\x88\xDA\xCE\x60\xB6\xA3\x92"
"\xF3\x28\xC2\xB9\x71\xB2\xFE\x78"
"\x97\xFE\x4C\x23\x37\x42\x01\xE0"
"\x81\x9F\x8D\xC5\xD7\x41\xA0\x1B",
.ilen = 32,
.assoc = zeroed_string,
.alen = 16,
.result = zeroed_string,
.rlen = 16,
},{
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = "\xC0\x0D\x8B\x42\x0F\x8F\x34\x18"
"\x88\xB1\xC5\xBC\xC5\xB6\xD6\x28"
"\x6A\x9D\xDF\x11\x5E\xFE\x5E\x9D"
"\x2F\x70\x44\x92\xF7\xF2\xE3\xEF",
.ilen = 32,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = zeroed_string,
.rlen = 16,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = zeroed_string,
.input = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
"\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
"\x0B\x8F\x88\x69\x17\xE6\xB4\x3C"
"\xB1\x68\xFD\x14\x52\x64\x61\xB2",
.ilen = 32,
.assoc = zeroed_string,
.alen = 16,
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 16,
}, {
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = zeroed_string,
.input = "\x4B\xB1\xB5\xE3\x25\x71\x70\xDE"
"\x7F\xC9\x9C\xA5\x14\x19\xF2\xAC"
"\x90\x92\xB7\xE3\x5F\xA3\x9A\x63"
"\x7E\xD7\x1F\xD8\xD3\x7C\x4B\xF5",
.ilen = 32,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
"\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
"\x64\x50\xF9\x32\x13\xFB\x74\x61"
"\xF4\xED\x52\xD3\xC5\x10\x55\x3C",
.ilen = 32,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = "\xC1\x0C\x8A\x43\x0E\x8E\x35\x19"
"\x89\xB0\xC4\xBD\xC4\xB7\xD7\x29"
"\x98\x14\xA1\x42\x37\x80\xFD\x90"
"\x68\x12\x01\xA8\x91\x89\xB9\x83"
"\x5B\x11\x77\x12\x9B\xFF\x24\x89"
"\x94\x5F\x18\x12\xBA\x27\x09\x39"
"\x99\x96\x76\x42\x15\x1C\xCD\xCB"
"\xDC\xD3\xDA\x65\x73\xAF\x80\xCD"
"\xD2\xB6\xC2\x4A\x76\xC2\x92\x85"
"\xBD\xCF\x62\x98\x58\x14\xE5\xBD",
.ilen = 80,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
.input = "\xC1\x76\x33\x85\xE2\x9B\x5F\xDE"
"\xDE\x89\x3D\x42\xE7\xC9\x69\x8A"
"\x44\x6D\xC3\x88\x46\x2E\xC2\x01"
"\x5E\xF6\x0C\x39\xF0\xC4\xA5\x82"
"\xCD\xE8\x31\xCC\x0A\x4C\xE4\x44"
"\x41\xA9\x82\x6F\x22\xA1\x23\x1A"
"\xA8\xE3\x16\xFD\x31\x5C\x27\x31"
"\xF1\x7F\x01\x63\xA3\xAF\x70\xA1"
"\xCF\x07\x57\x41\x67\xD0\xC4\x42"
"\xDB\x18\xC6\x4C\x4C\xE0\x3D\x9F"
"\x05\x07\xFB\x13\x7D\x4A\xCA\x5B"
"\xF0\xBF\x64\x7E\x05\xB1\x72\xEE"
"\x7C\x3B\xD4\xCD\x14\x03\xB2\x2C"
"\xD3\xA9\xEE\xFA\x17\xFC\x9C\xDF"
"\xC7\x75\x40\xFF\xAE\xAD\x1E\x59"
"\x2F\x30\x24\xFB\xAD\x6B\x10\xFA"
"\x6C\x9F\x5B\xE7\x25\xD5\xD0\x25"
"\xAC\x4A\x4B\xDA\xFC\x7A\x85\x1B"
"\x7E\x13\x06\x82\x08\x17\xA4\x35"
"\xEC\xC5\x8D\x63\x96\x81\x0A\x8F"
"\xA3\x05\x38\x95\x20\x1A\x47\x04"
"\x6F\x6D\xDA\x8F\xEF\xC1\x76\x35"
"\x6B\xC7\x4D\x0F\x94\x12\xCA\x3E"
"\x2E\xD5\x03\x2E\x86\x7E\xAA\x3B"
"\x37\x08\x1C\xCF\xBA\x5D\x71\x46"
"\x80\x72\xB0\x4C\x82\x0D\x60\x3C",
.ilen = 208,
.assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
"\x89\xab\xcd\xef",
.alen = 20,
.result = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
.rlen = 192,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x2E\x44\x3B\x68",
.klen = 20,
.iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
.result = "\x45\x00\x00\x48\x69\x9A\x00\x00"
"\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
"\x38\xD3\x01\x00\x00\x01\x00\x00"
"\x00\x00\x00\x00\x04\x5F\x73\x69"
"\x70\x04\x5F\x75\x64\x70\x03\x73"
"\x69\x70\x09\x63\x79\x62\x65\x72"
"\x63\x69\x74\x79\x02\x64\x6B\x00"
"\x00\x21\x00\x01\x01\x02\x02\x01",
.rlen = 72,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x00\x49\x56\xED\x7E"
"\x3B\x24\x4C\xFE",
.alen = 20,
.input = "\xFE\xCF\x53\x7E\x72\x9D\x5B\x07"
"\xDC\x30\xDF\x52\x8D\xD2\x2B\x76"
"\x8D\x1B\x98\x73\x66\x96\xA6\xFD"
"\x34\x85\x09\xFA\x13\xCE\xAC\x34"
"\xCF\xA2\x43\x6F\x14\xA3\xF3\xCF"
"\x65\x92\x5B\xF1\xF4\xA1\x3C\x5D"
"\x15\xB2\x1E\x18\x84\xF5\xFF\x62"
"\x47\xAE\xAB\xB7\x86\xB9\x3B\xCE"
"\x61\xBC\x17\xD7\x68\xFD\x97\x32"
"\x45\x90\x18\x14\x8F\x6C\xBE\x72"
"\x2F\xD0\x47\x96\x56\x2D\xFD\xB4",
.ilen = 88,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xCA\xFE\xBA\xBE",
.klen = 20,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.result = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
"\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x98\x00\x35"
"\x00\x2A\x23\x43\xB2\xD0\x01\x00"
"\x00\x01\x00\x00\x00\x00\x00\x00"
"\x03\x73\x69\x70\x09\x63\x79\x62"
"\x65\x72\x63\x69\x74\x79\x02\x64"
"\x6B\x00\x00\x01\x00\x01\x00\x01",
.rlen = 64,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
.input = "\xDE\xB2\x2C\xD9\xB0\x7C\x72\xC1"
"\x6E\x3A\x65\xBE\xEB\x8D\xF3\x04"
"\xA5\xA5\x89\x7D\x33\xAE\x53\x0F"
"\x1B\xA7\x6D\x5D\x11\x4D\x2A\x5C"
"\x3D\xE8\x18\x27\xC1\x0E\x9A\x4F"
"\x51\x33\x0D\x0E\xEC\x41\x66\x42"
"\xCF\xBB\x85\xA5\xB4\x7E\x48\xA4"
"\xEC\x3B\x9B\xA9\x5D\x91\x8B\xD1"
"\x83\xB7\x0D\x3A\xA8\xBC\x6E\xE4"
"\xC3\x09\xE9\xD8\x5A\x41\xAD\x4A",
.ilen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x11\x22\x33\x44",
.klen = 36,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
.result = "\x45\x00\x00\x30\x69\xA6\x40\x00"
"\x80\x06\x26\x90\xC0\xA8\x01\x02"
"\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
"\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
"\x70\x02\x40\x00\x20\xBF\x00\x00"
"\x02\x04\x05\xB4\x01\x01\x04\x02"
"\x01\x02\x02\x01",
.rlen = 52,
.assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
"\x01\x02\x03\x04\x05\x06\x07\x08",
.alen = 16,
.input = "\xFF\x42\x5C\x9B\x72\x45\x99\xDF"
"\x7A\x3B\xCD\x51\x01\x94\xE0\x0D"
"\x6A\x78\x10\x7F\x1B\x0B\x1C\xBF"
"\x06\xEF\xAE\x9D\x65\xA5\xD7\x63"
"\x74\x8A\x63\x79\x85\x77\x1D\x34"
"\x7F\x05\x45\x65\x9F\x14\xE9\x9D"
"\xEF\x84\x2D\x8E\xB3\x35\xF4\xEE"
"\xCF\xDB\xF8\x31\x82\x4B\x4C\x49"
"\x15\x95\x6C\x96",
.ilen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.klen = 20,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.result = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
"\x80\x01\xCB\x7A\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x07\x5C"
"\x02\x00\x44\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.rlen = 64,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
.input = "\x46\x88\xDA\xF2\xF9\x73\xA3\x92"
"\x73\x29\x09\xC3\x31\xD5\x6D\x60"
"\xF6\x94\xAB\xAA\x41\x4B\x5E\x7F"
"\xF5\xFD\xCD\xFF\xF5\xE9\xA2\x84"
"\x45\x64\x76\x49\x27\x19\xFF\xB6"
"\x4D\xE7\xD9\xDC\xA1\xE1\xD8\x94"
"\xBC\x3B\xD5\x78\x73\xED\x4D\x18"
"\x1D\x19\xD4\xD5\xC8\xC1\x8A\xF3"
"\xF8\x21\xD4\x96\xEE\xB0\x96\xE9"
"\x8A\xD2\xB6\x9E\x47\x99\xC7\x1D",
.ilen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
"\x80\x01\xCB\x7C\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x08\x5C"
"\x02\x00\x43\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.rlen = 64,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\xFB\xA2\xCA\xA4\x85\x3C\xF9\xF0"
"\xF2\x2C\xB1\x0D\x86\xDD\x83\xB0"
"\xFE\xC7\x56\x91\xCF\x1A\x04\xB0"
"\x0D\x11\x38\xEC\x9C\x35\x79\x17"
"\x65\xAC\xBD\x87\x01\xAD\x79\x84"
"\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9"
"\x17\x55\xE6\x66\x2B\x4C\x8D\x0D"
"\x1F\x5E\x22\x73\x95\x30\x32\x0A"
"\xE0\xD7\x31\xCC\x97\x8E\xCA\xFA"
"\xEA\xE8\x8F\x00\xE8\x0D\x6E\x48",
.ilen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
"\x80\x01\x44\x1F\x40\x67\x93\xB6"
"\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
"\x01\x02\x02\x01",
.rlen = 28,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\xFB\xA2\xCA\x84\x5E\x5D\xF9\xF0"
"\xF2\x2C\x3E\x6E\x86\xDD\x83\x1E"
"\x1F\xC6\x57\x92\xCD\x1A\xF9\x13"
"\x0E\x13\x79\xED\x36\x9F\x07\x1F"
"\x35\xE0\x34\xBE\x95\xF1\x12\xE4"
"\xE7\xD0\x5D\x35",
.ilen = 44,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\xCA\xFE\xBA\xBE",
.klen = 28,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.result = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
"\x40\x06\x78\x80\x0A\x01\x03\x8F"
"\x0A\x01\x06\x12\x80\x23\x06\xB8"
"\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
"\x50\x10\x16\xD0\x75\x68\x00\x01",
.rlen = 40,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
.input = "\xA5\xB1\xF8\x06\x60\x29\xAE\xA4"
"\x0E\x59\x8B\x81\x22\xDE\x02\x42"
"\x09\x38\xB3\xAB\x33\xF8\x28\xE6"
"\x87\xB8\x85\x8B\x5B\xFB\xDB\xD0"
"\x31\x5B\x27\x45\x21\x44\xCC\x77"
"\x95\x45\x7B\x96\x52\x03\x7F\x53"
"\x18\x02\x7B\x5B\x4C\xD7\xA6\x36",
.ilen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8\x88",
.klen = 20,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.result = "\x45\x00\x00\x49\x33\xBA\x00\x00"
"\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xDD\x7B\x80\x03\x02\xD5"
"\x00\x00\x4E\x20\x00\x1E\x8C\x18"
"\xD7\x5B\x81\xDC\x91\xBA\xA0\x47"
"\x6B\x91\xB9\x24\xB2\x80\x38\x9D"
"\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
"\x9B\x62\x66\xC0\x47\x22\xB1\x49"
"\x23\x01\x01\x01",
.rlen = 76,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.input = "\x18\xA6\xFD\x42\xF7\x2C\xBF\x4A"
"\xB2\xA2\xEA\x90\x1F\x73\xD8\x14"
"\xE3\xE7\xF2\x43\xD9\x54\x12\xE1"
"\xC3\x49\xC1\xD2\xFB\xEC\x16\x8F"
"\x91\x90\xFE\xEB\xAF\x2C\xB0\x19"
"\x84\xE6\x58\x63\x96\x5D\x74\x72"
"\xB7\x9D\xA3\x45\xE0\xE7\x80\x19"
"\x1F\x0D\x2F\x0E\x0F\x49\x6C\x22"
"\x6F\x21\x27\xB2\x7D\xB3\x57\x24"
"\xE7\x84\x5D\x68\x65\x1F\x57\xE6"
"\x5F\x35\x4F\x75\xFF\x17\x01\x57"
"\x69\x62\x34\x36",
.ilen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C\x74",
.klen = 36,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.result = "\x45\x08\x00\x28\x73\x2C\x00\x00"
"\x40\x06\xE9\xF9\x0A\x01\x06\x12"
"\x0A\x01\x03\x8F\x06\xB8\x80\x23"
"\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
"\x50\x10\x1F\x64\x6D\x54\x00\x01",
.rlen = 40,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.input = "\xF2\xD6\x9E\xCD\xBD\x5A\x0D\x5B"
"\x8D\x5E\xF3\x8B\xAD\x4D\xA5\x8D"
"\x1F\x27\x8F\xDE\x98\xEF\x67\x54"
"\x9D\x52\x4A\x30\x18\xD9\xA5\x7F"
"\xF4\xD3\xA3\x1C\xE6\x73\x11\x9E"
"\x45\x16\x26\xC2\x41\x57\x71\xE3"
"\xB7\xEE\xBC\xA6\x14\xC8\x9B\x35",
.ilen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x49\x33\x3E\x00\x00"
"\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xCB\x45\x80\x03\x02\x5B"
"\x00\x00\x01\xE0\x00\x1E\x8C\x18"
"\xD6\x57\x59\xD5\x22\x84\xA0\x35"
"\x2C\x71\x47\x5C\x88\x80\x39\x1C"
"\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
"\x5A\xE2\x70\xC0\x38\x99\x49\x39"
"\x15\x01\x01\x01",
.rlen = 76,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\xFB\xA2\xCA\xD1\x2F\xC1\xF9\xF0"
"\x0D\x3C\xEB\xF3\x05\x41\x0D\xB8"
"\x3D\x77\x84\xB6\x07\x32\x3D\x22"
"\x0F\x24\xB0\xA9\x7D\x54\x18\x28"
"\x00\xCA\xDB\x0F\x68\xD9\x9E\xF0"
"\xE0\xC0\xC8\x9A\xE9\xBE\xA8\x88"
"\x4E\x52\xD6\x5B\xC1\xAF\xD0\x74"
"\x0F\x74\x24\x44\x74\x7B\x5B\x39"
"\xAB\x53\x31\x63\xAA\xD4\x55\x0E"
"\xE5\x16\x09\x75\xCD\xB6\x08\xC5"
"\x76\x91\x89\x60\x97\x63\xB8\xE1"
"\x8C\xAA\x81\xE2",
.ilen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C\x74",
.klen = 36,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.result = "\x63\x69\x73\x63\x6F\x01\x72\x75"
"\x6C\x65\x73\x01\x74\x68\x65\x01"
"\x6E\x65\x74\x77\x65\x01\x64\x65"
"\x66\x69\x6E\x65\x01\x74\x68\x65"
"\x74\x65\x63\x68\x6E\x6F\x6C\x6F"
"\x67\x69\x65\x73\x01\x74\x68\x61"
"\x74\x77\x69\x6C\x6C\x01\x64\x65"
"\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
"\x72\x72\x6F\x77\x01\x02\x02\x01",
.rlen = 72,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.input = "\xD4\xB7\xED\x86\xA1\x77\x7F\x2E"
"\xA1\x3D\x69\x73\xD3\x24\xC6\x9E"
"\x7B\x43\xF8\x26\xFB\x56\x83\x12"
"\x26\x50\x8B\xEB\xD2\xDC\xEB\x18"
"\xD0\xA6\xDF\x10\xE5\x48\x7D\xF0"
"\x74\x11\x3E\x14\xC6\x41\x02\x4E"
"\x3E\x67\x73\xD9\x1A\x62\xEE\x42"
"\x9B\x04\x3A\x10\xE3\xEF\xE6\xB0"
"\x12\xA4\x93\x63\x41\x23\x64\xF8"
"\xC0\xCA\xC5\x87\xF2\x49\xE5\x6B"
"\x11\xE2\x4F\x30\xE4\x4C\xCC\x76",
.ilen = 88,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
"\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
"\xD9\x66\x42\x67",
.klen = 20,
.iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.result = "\x01\x02\x02\x01",
.rlen = 4,
.assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
"\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x43\x7F\x86\x6B\xCB\x3F\x69\x9F"
"\xE9\xB0\x82\x2B\xAC\x96\x1C\x45"
"\x04\xBE\xF2\x70",
.ilen = 20,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8\x88",
.klen = 20,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.result = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
"\x01\x6E\x6F\x74\x01\x74\x6F\x01"
"\x62\x65\x00\x01",
.rlen = 20,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.input = "\x29\xC9\xFC\x69\xA1\x97\xD0\x38"
"\xCC\xDD\x14\xE2\xDD\xFC\xAA\x05"
"\x43\x33\x21\x64\x41\x25\x03\x52"
"\x43\x03\xED\x3C\x6C\x5F\x28\x38"
"\x43\xAF\x8C\x3E",
.ilen = 36,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
"\x6D\x61\x72\x69\x6A\x75\x61\x6E"
"\x61\x61\x6E\x64\x64\x6F\x69\x74"
"\x62\x65\x66\x6F\x72\x65\x69\x61"
"\x74\x75\x72\x6E",
.klen = 36,
.iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
.result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.rlen = 52,
.assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
"\x67\x65\x74\x6D",
.alen = 20,
.input = "\xF9\x7A\xB2\xAA\x35\x6D\x8E\xDC"
"\xE1\x76\x44\xAC\x8C\x78\xE2\x5D"
"\xD2\x4D\xED\xBB\x29\xEB\xF1\xB6"
"\x4A\x27\x4B\x39\xB4\x9C\x3A\x86"
"\x4C\xD3\xD7\x8C\xA4\xAE\x68\xA3"
"\x2B\x42\x45\x8F\xB5\x7D\xBE\x82"
"\x1D\xCC\x63\xB9\xD0\x93\x7B\xA2"
"\x94\x5F\x66\x93\x68\x66\x1A\x32"
"\x9F\xB4\xC0\x53",
.ilen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E\x43",
.klen = 20,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.rlen = 52,
.assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\xFB\xA2\xCA\xA8\xC6\xC5\xF9\xF0"
"\xF2\x2C\xA5\x4A\x06\x12\x10\xAD"
"\x3F\x6E\x57\x91\xCF\x1A\xCA\x21"
"\x0D\x11\x7C\xEC\x9C\x35\x79\x17"
"\x65\xAC\xBD\x87\x01\xAD\x79\x84"
"\x5B\xF9\xFE\x3F\xBA\x48\x7B\xC9"
"\x63\x21\x93\x06\x84\xEE\xCA\xDB"
"\x56\x91\x25\x46\xE7\xA9\x5C\x97"
"\x40\xD7\xCB\x05",
.ilen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x22\x43\x3C\x64",
.klen = 20,
.iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
.result = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
"\x71\x72\x73\x74\x01\x02\x02\x01",
.rlen = 32,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x07\x48\x55\xEC\x7D"
"\x3A\x23\x4B\xFD",
.alen = 20,
.input = "\x74\x75\x2E\x8A\xEB\x5D\x87\x3C"
"\xD7\xC0\xF4\xAC\xC3\x6C\x4B\xFF"
"\x84\xB7\xD7\xB9\x8F\x0C\xA8\xB6"
"\xAC\xDA\x68\x94\xBC\x61\x90\x69"
"\xEF\x9C\xBC\x28\xFE\x1B\x56\xA7"
"\xC4\xE0\xD5\x8C\x86\xCD\x2B\xC0",
.ilen = 48,
}
};
static const struct aead_testvec aes_gcm_rfc4543_enc_tv_template[] = {
{ /* From draft-mcgrew-gcm-test-01 */
.key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda"
"\x90\x6a\xc7\x3c\x36\x13\xa6\x34"
"\x22\x43\x3c\x64",
.klen = 20,
.iv = zeroed_string,
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x07"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6a\x6b\x6c"
"\x6d\x6e\x6f\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.ilen = 52,
.result = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6a\x6b\x6c"
"\x6d\x6e\x6f\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01\xf2\xa9\xa8\x36"
"\xe1\x55\x10\x6a\xa8\xdc\xd6\x18"
"\xe4\x09\x9a\xaa",
.rlen = 68,
}
};
static const struct aead_testvec aes_gcm_rfc4543_dec_tv_template[] = {
{ /* From draft-mcgrew-gcm-test-01 */
.key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda"
"\x90\x6a\xc7\x3c\x36\x13\xa6\x34"
"\x22\x43\x3c\x64",
.klen = 20,
.iv = zeroed_string,
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x07"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6a\x6b\x6c"
"\x6d\x6e\x6f\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01\xf2\xa9\xa8\x36"
"\xe1\x55\x10\x6a\xa8\xdc\xd6\x18"
"\xe4\x09\x9a\xaa",
.ilen = 68,
.result = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6a\x6b\x6c"
"\x6d\x6e\x6f\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.rlen = 52,
}, { /* nearly same as previous, but should fail */
.key = "\x4c\x80\xcd\xef\xbb\x5d\x10\xda"
"\x90\x6a\xc7\x3c\x36\x13\xa6\x34"
"\x22\x43\x3c\x64",
.klen = 20,
.iv = zeroed_string,
.assoc = "\x00\x00\x43\x21\x00\x00\x00\x07"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6a\x6b\x6c"
"\x6d\x6e\x6f\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01\xf2\xa9\xa8\x36"
"\xe1\x55\x10\x6a\xa8\xdc\xd6\x18"
"\x00\x00\x00\x00",
.ilen = 68,
.novrfy = 1,
.result = "\x45\x00\x00\x30\xda\x3a\x00\x00"
"\x80\x01\xdf\x3b\xc0\xa8\x00\x05"
"\xc0\xa8\x00\x01\x08\x00\xc6\xcd"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6a\x6b\x6c"
"\x6d\x6e\x6f\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.rlen = 52,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec aes_ccm_enc_tv_template[] = {
{ /* From RFC 3610 */
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x03\x02\x01\x00"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
.alen = 8,
.input = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e",
.ilen = 23,
.result = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2"
"\xf0\x66\xd0\xc2\xc0\xf9\x89\x80"
"\x6d\x5f\x6b\x61\xda\xc3\x84\x17"
"\xe8\xd1\x2c\xfd\xf9\x26\xe0",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x07\x06\x05\x04"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b",
.alen = 12,
.input = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b"
"\x1c\x1d\x1e\x1f",
.ilen = 20,
.result = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb"
"\x9d\x4e\x13\x12\x53\x65\x8a\xd8"
"\x6e\xbd\xca\x3e\x51\xe8\x3f\x07"
"\x7d\x9c\x2d\x93",
.rlen = 28,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x0b\x0a\x09\x08"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
.alen = 8,
.input = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20",
.ilen = 25,
.result = "\x82\x53\x1a\x60\xcc\x24\x94\x5a"
"\x4b\x82\x79\x18\x1a\xb5\xc8\x4d"
"\xf2\x1c\xe7\xf9\xb7\x3f\x42\xe1"
"\x97\xea\x9c\x07\xe5\x6b\x5e\xb1"
"\x7e\x5f\x4e",
.rlen = 35,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x0c\x0b\x0a\x09"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b",
.alen = 12,
.input = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b"
"\x1c\x1d\x1e",
.ilen = 19,
.result = "\x07\x34\x25\x94\x15\x77\x85\x15"
"\x2b\x07\x40\x98\x33\x0a\xbb\x14"
"\x1b\x94\x7b\x56\x6a\xa9\x40\x6b"
"\x4d\x99\x99\x88\xdd",
.rlen = 29,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x33\x56\x8e\xf7\xb2\x63"
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\x63\x01\x8f\x76\xdc\x8a\x1b\xcb",
.alen = 8,
.input = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a"
"\xfa\x00\x39\xba\x4b\xaf\xf9\xbf"
"\xb7\x9c\x70\x28\x94\x9c\xd0\xec",
.ilen = 24,
.result = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa"
"\xa0\x72\x6c\x55\xd3\x78\x06\x12"
"\x98\xc8\x5c\x92\x81\x4a\xbc\x33"
"\xc5\x2e\xe8\x1d\x7d\x77\xc0\x8a",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\xd5\x60\x91\x2d\x3f\x70"
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\xcd\x90\x44\xd2\xb7\x1f\xdb\x81"
"\x20\xea\x60\xc0",
.alen = 12,
.input = "\x64\x35\xac\xba\xfb\x11\xa8\x2e"
"\x2f\x07\x1d\x7c\xa4\xa5\xeb\xd9"
"\x3a\x80\x3b\xa8\x7f",
.ilen = 21,
.result = "\x00\x97\x69\xec\xab\xdf\x48\x62"
"\x55\x94\xc5\x92\x51\xe6\x03\x57"
"\x22\x67\x5e\x04\xc8\x47\x09\x9e"
"\x5a\xe0\x70\x45\x51",
.rlen = 29,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x42\xff\xf8\xf1\x95\x1c"
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\xd8\x5b\xc7\xe6\x9f\x94\x4f\xb8",
.alen = 8,
.input = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01"
"\x8e\x5e\x67\x01\xc9\x17\x87\x65"
"\x98\x09\xd6\x7d\xbe\xdd\x18",
.ilen = 23,
.result = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6"
"\xdb\x38\x6a\x99\xac\x1a\xef\x23"
"\xad\xe0\xb5\x29\x39\xcb\x6a\x63"
"\x7c\xf9\xbe\xc2\x40\x88\x97\xc6"
"\xba",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/* This is taken from FIPS CAVS. */
.key = "\x83\xac\x54\x66\xc2\xeb\xe5\x05"
"\x2e\x01\xd1\xfc\x5d\x82\x66\x2e",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x03\x96\xac\x59\x30\x07\xa1\xe2\xa2\xc7\x55\x24\0\0\0\0",
.alen = 0,
.input = "\x19\xc8\x81\xf6\xe9\x86\xff\x93"
"\x0b\x78\x67\xe5\xbb\xb7\xfc\x6e"
"\x83\x77\xb3\xa6\x0c\x8c\x9f\x9c"
"\x35\x2e\xad\xe0\x62\xf9\x91\xa1",
.ilen = 32,
.result = "\xab\x6f\xe1\x69\x1d\x19\x99\xa8"
"\x92\xa0\xc4\x6f\x7e\xe2\x8b\xb1"
"\x70\xbb\x8c\xa6\x4c\x6e\x97\x8a"
"\x57\x2b\xbe\x5d\x98\xa6\xb1\x32"
"\xda\x24\xea\xd9\xa1\x39\x98\xfd"
"\xa4\xbe\xd9\xf2\x1a\x6d\x22\xa8",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x1e\x2c\x7e\x01\x41\x9a\xef\xc0"
"\x0d\x58\x96\x6e\x5c\xa2\x4b\xd3",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x03\x4f\xa3\x19\xd3\x01\x5a\xd8"
"\x30\x60\x15\x56\x00\x00\x00\x00",
.assoc = "\xda\xe6\x28\x9c\x45\x2d\xfd\x63"
"\x5e\xda\x4c\xb6\xe6\xfc\xf9\xb7"
"\x0c\x56\xcb\xe4\xe0\x05\x7a\xe1"
"\x0a\x63\x09\x78\xbc\x2c\x55\xde",
.alen = 32,
.input = "\x87\xa3\x36\xfd\x96\xb3\x93\x78"
"\xa9\x28\x63\xba\x12\xa3\x14\x85"
"\x57\x1e\x06\xc9\x7b\x21\xef\x76"
"\x7f\x38\x7e\x8e\x29\xa4\x3e\x7e",
.ilen = 32,
.result = "\x8a\x1e\x11\xf0\x02\x6b\xe2\x19"
"\xfc\x70\xc4\x6d\x8e\xb7\x99\xab"
"\xc5\x4b\xa2\xac\xd3\xf3\x48\xff"
"\x3b\xb5\xce\x53\xef\xde\xbb\x02"
"\xa9\x86\x15\x6c\x13\xfe\xda\x0a"
"\x22\xb8\x29\x3d\xd8\x39\x9a\x23",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf4\x6b\xc2\x75\x62\xfe\xb4\xe1"
"\xa3\xf0\xff\xdd\x4e\x4b\x12\x75"
"\x53\x14\x73\x66\x8d\x88\xf6\x80",
.klen = 24,
.iv = "\x03\xa0\x20\x35\x26\xf2\x21\x8d"
"\x50\x20\xda\xe2\x00\x00\x00\x00",
.assoc = "\x5b\x9e\x13\x67\x02\x5e\xef\xc1"
"\x6c\xf9\xd7\x1e\x52\x8f\x7a\x47"
"\xe9\xd4\xcf\x20\x14\x6e\xf0\x2d"
"\xd8\x9e\x2b\x56\x10\x23\x56\xe7",
.alen = 32,
.result = "\x36\xea\x7a\x70\x08\xdc\x6a\xbc"
"\xad\x0c\x7a\x63\xf6\x61\xfd\x9b",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x56\xdf\x5c\x8f\x26\x3f\x0e\x42"
"\xef\x7a\xd3\xce\xfc\x84\x60\x62"
"\xca\xb4\x40\xaf\x5f\xc9\xc9\x01",
.klen = 24,
.iv = "\x03\xd6\x3c\x8c\x86\x84\xb6\xcd"
"\xef\x09\x2e\x94\x00\x00\x00\x00",
.assoc = "\x02\x65\x78\x3c\xe9\x21\x30\x91"
"\xb1\xb9\xda\x76\x9a\x78\x6d\x95"
"\xf2\x88\x32\xa3\xf2\x50\xcb\x4c"
"\xe3\x00\x73\x69\x84\x69\x87\x79",
.alen = 32,
.input = "\x9f\xd2\x02\x4b\x52\x49\x31\x3c"
"\x43\x69\x3a\x2d\x8e\x70\xad\x7e"
"\xe0\xe5\x46\x09\x80\x89\x13\xb2"
"\x8c\x8b\xd9\x3f\x86\xfb\xb5\x6b",
.ilen = 32,
.result = "\x39\xdf\x7c\x3c\x5a\x29\xb9\x62"
"\x5d\x51\xc2\x16\xd8\xbd\x06\x9f"
"\x9b\x6a\x09\x70\xc1\x51\x83\xc2"
"\x66\x88\x1d\x4f\x9a\xda\xe0\x1e"
"\xc7\x79\x11\x58\xe5\x6b\x20\x40"
"\x7a\xea\x46\x42\x8b\xe4\x6f\xe1",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe0\x8d\x99\x71\x60\xd7\x97\x1a"
"\xbd\x01\x99\xd5\x8a\xdf\x71\x3a"
"\xd3\xdf\x24\x4b\x5e\x3d\x4b\x4e"
"\x30\x7a\xb9\xd8\x53\x0a\x5e\x2b",
.klen = 32,
.iv = "\x03\x1e\x29\x91\xad\x8e\xc1\x53"
"\x0a\xcf\x2d\xbe\x00\x00\x00\x00",
.assoc = "\x19\xb6\x1f\x57\xc4\xf3\xf0\x8b"
"\x78\x2b\x94\x02\x29\x0f\x42\x27"
"\x6b\x75\xcb\x98\x34\x08\x7e\x79"
"\xe4\x3e\x49\x0d\x84\x8b\x22\x87",
.alen = 32,
.input = "\xe1\xd9\xd8\x13\xeb\x3a\x75\x3f"
"\x9d\xbd\x5f\x66\xbe\xdc\xbb\x66"
"\xbf\x17\x99\x62\x4a\x39\x27\x1f"
"\x1d\xdc\x24\xae\x19\x2f\x98\x4c",
.ilen = 32,
.result = "\x19\xb8\x61\x33\x45\x2b\x43\x96"
"\x6f\x51\xd0\x20\x30\x7d\x9b\xc6"
"\x26\x3d\xf8\xc9\x65\x16\xa8\x9f"
"\xf0\x62\x17\x34\xf2\x1e\x8d\x75"
"\x4e\x13\xcc\xc0\xc3\x2a\x54\x2d",
.rlen = 40,
}, {
.key = "\x7c\xc8\x18\x3b\x8d\x99\xe0\x7c"
"\x45\x41\xb8\xbd\x5c\xa7\xc2\x32"
"\x8a\xb8\x02\x59\xa4\xfe\xa9\x2c"
"\x09\x75\x9a\x9b\x3c\x9b\x27\x39",
.klen = 32,
.iv = "\x03\xf9\xd9\x4e\x63\xb5\x3d\x9d"
"\x43\xf6\x1e\x50\0\0\0\0",
.assoc = "\x57\xf5\x6b\x8b\x57\x5c\x3d\x3b"
"\x13\x02\x01\x0c\x83\x4c\x96\x35"
"\x8e\xd6\x39\xcf\x7d\x14\x9b\x94"
"\xb0\x39\x36\xe6\x8f\x57\xe0\x13",
.alen = 32,
.input = "\x3b\x6c\x29\x36\xb6\xef\x07\xa6"
"\x83\x72\x07\x4f\xcf\xfa\x66\x89"
"\x5f\xca\xb1\xba\xd5\x8f\x2c\x27"
"\x30\xdb\x75\x09\x93\xd4\x65\xe4",
.ilen = 32,
.result = "\xb0\x88\x5a\x33\xaa\xe5\xc7\x1d"
"\x85\x23\xc7\xc6\x2f\xf4\x1e\x3d"
"\xcc\x63\x44\x25\x07\x78\x4f\x9e"
"\x96\xb8\x88\xeb\xbc\x48\x1f\x06"
"\x39\xaf\x39\xac\xd8\x4a\x80\x39"
"\x7b\x72\x8a\xf7",
.rlen = 44,
}, {
.key = "\xab\xd0\xe9\x33\x07\x26\xe5\x83"
"\x8c\x76\x95\xd4\xb6\xdc\xf3\x46"
"\xf9\x8f\xad\xe3\x02\x13\x83\x77"
"\x3f\xb0\xf1\xa1\xa1\x22\x0f\x2b",
.klen = 32,
.iv = "\x03\x24\xa7\x8b\x07\xcb\xcc\x0e"
"\xe6\x33\xbf\xf5\x00\x00\x00\x00",
.assoc = "\xd4\xdb\x30\x1d\x03\xfe\xfd\x5f"
"\x87\xd4\x8c\xb6\xb6\xf1\x7a\x5d"
"\xab\x90\x65\x8d\x8e\xca\x4d\x4f"
"\x16\x0c\x40\x90\x4b\xc7\x36\x73",
.alen = 32,
.input = "\xf5\xc6\x7d\x48\xc1\xb7\xe6\x92"
"\x97\x5a\xca\xc4\xa9\x6d\xf9\x3d"
"\x6c\xde\xbc\xf1\x90\xea\x6a\xb2"
"\x35\x86\x36\xaf\x5c\xfe\x4b\x3a",
.ilen = 32,
.result = "\x83\x6f\x40\x87\x72\xcf\xc1\x13"
"\xef\xbb\x80\x21\x04\x6c\x58\x09"
"\x07\x1b\xfc\xdf\xc0\x3f\x5b\xc7"
"\xe0\x79\xa8\x6e\x71\x7c\x3f\xcf"
"\x5c\xda\xb2\x33\xe5\x13\xe2\x0d"
"\x74\xd1\xef\xb5\x0f\x3a\xb5\xf8",
.rlen = 48,
}
};
static const struct aead_testvec aes_ccm_dec_tv_template[] = {
{ /* From RFC 3610 */
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x03\x02\x01\x00"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
.alen = 8,
.input = "\x58\x8c\x97\x9a\x61\xc6\x63\xd2"
"\xf0\x66\xd0\xc2\xc0\xf9\x89\x80"
"\x6d\x5f\x6b\x61\xda\xc3\x84\x17"
"\xe8\xd1\x2c\xfd\xf9\x26\xe0",
.ilen = 31,
.result = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e",
.rlen = 23,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x07\x06\x05\x04"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b",
.alen = 12,
.input = "\xdc\xf1\xfb\x7b\x5d\x9e\x23\xfb"
"\x9d\x4e\x13\x12\x53\x65\x8a\xd8"
"\x6e\xbd\xca\x3e\x51\xe8\x3f\x07"
"\x7d\x9c\x2d\x93",
.ilen = 28,
.result = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b"
"\x1c\x1d\x1e\x1f",
.rlen = 20,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x0b\x0a\x09\x08"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07",
.alen = 8,
.input = "\x82\x53\x1a\x60\xcc\x24\x94\x5a"
"\x4b\x82\x79\x18\x1a\xb5\xc8\x4d"
"\xf2\x1c\xe7\xf9\xb7\x3f\x42\xe1"
"\x97\xea\x9c\x07\xe5\x6b\x5e\xb1"
"\x7e\x5f\x4e",
.ilen = 35,
.result = "\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20",
.rlen = 25,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x00\x00\x0c\x0b\x0a\x09"
"\xa0\xa1\xa2\xa3\xa4\xa5\x00\x00",
.assoc = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b",
.alen = 12,
.input = "\x07\x34\x25\x94\x15\x77\x85\x15"
"\x2b\x07\x40\x98\x33\x0a\xbb\x14"
"\x1b\x94\x7b\x56\x6a\xa9\x40\x6b"
"\x4d\x99\x99\x88\xdd",
.ilen = 29,
.result = "\x0c\x0d\x0e\x0f\x10\x11\x12\x13"
"\x14\x15\x16\x17\x18\x19\x1a\x1b"
"\x1c\x1d\x1e",
.rlen = 19,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\x33\x56\x8e\xf7\xb2\x63"
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\x63\x01\x8f\x76\xdc\x8a\x1b\xcb",
.alen = 8,
.input = "\x4c\xcb\x1e\x7c\xa9\x81\xbe\xfa"
"\xa0\x72\x6c\x55\xd3\x78\x06\x12"
"\x98\xc8\x5c\x92\x81\x4a\xbc\x33"
"\xc5\x2e\xe8\x1d\x7d\x77\xc0\x8a",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x90\x20\xea\x6f\x91\xbd\xd8\x5a"
"\xfa\x00\x39\xba\x4b\xaf\xf9\xbf"
"\xb7\x9c\x70\x28\x94\x9c\xd0\xec",
.rlen = 24,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x01\x00\xd5\x60\x91\x2d\x3f\x70"
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\xcd\x90\x44\xd2\xb7\x1f\xdb\x81"
"\x20\xea\x60\xc0",
.alen = 12,
.input = "\x00\x97\x69\xec\xab\xdf\x48\x62"
"\x55\x94\xc5\x92\x51\xe6\x03\x57"
"\x22\x67\x5e\x04\xc8\x47\x09\x9e"
"\x5a\xe0\x70\x45\x51",
.ilen = 29,
.result = "\x64\x35\xac\xba\xfb\x11\xa8\x2e"
"\x2f\x07\x1d\x7c\xa4\xa5\xeb\xd9"
"\x3a\x80\x3b\xa8\x7f",
.rlen = 21,
}, {
.key = "\xd7\x82\x8d\x13\xb2\xb0\xbd\xc3"
"\x25\xa7\x62\x36\xdf\x93\xcc\x6b",
.klen = 16,
.iv = "\x01\x00\x42\xff\xf8\xf1\x95\x1c"
"\x3c\x96\x96\x76\x6c\xfa\x00\x00",
.assoc = "\xd8\x5b\xc7\xe6\x9f\x94\x4f\xb8",
.alen = 8,
.input = "\xbc\x21\x8d\xaa\x94\x74\x27\xb6"
"\xdb\x38\x6a\x99\xac\x1a\xef\x23"
"\xad\xe0\xb5\x29\x39\xcb\x6a\x63"
"\x7c\xf9\xbe\xc2\x40\x88\x97\xc6"
"\xba",
.ilen = 33,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x8a\x19\xb9\x50\xbc\xf7\x1a\x01"
"\x8e\x5e\x67\x01\xc9\x17\x87\x65"
"\x98\x09\xd6\x7d\xbe\xdd\x18",
.rlen = 23,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/* This is taken from FIPS CAVS. */
.key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1"
"\xff\x80\x2e\x48\x7d\x82\xf8\xb9",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab"
"\xd8\xa6\xb2\xd8\x00\x00\x00\x00",
.alen = 0,
.input = "\xd5\xe8\x93\x9f\xc7\x89\x2e\x2b",
.ilen = 8,
.result = "\x00",
.rlen = 0,
.novrfy = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xab\x2f\x8a\x74\xb7\x1c\xd2\xb1"
"\xff\x80\x2e\x48\x7d\x82\xf8\xb9",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x03\xaf\x94\x87\x78\x35\x82\x81"
"\x7f\x88\x94\x68\x00\x00\x00\x00",
.alen = 0,
.input = "\x41\x3c\xb8\x87\x73\xcb\xf3\xf3",
.ilen = 8,
.result = "\x00",
.rlen = 0,
}, {
.key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38"
"\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8",
.klen = 16,
.iv = "\x03\xc6\xfb\x7d\x80\x0d\x13\xab"
"\xd8\xa6\xb2\xd8\x00\x00\x00\x00",
.assoc = "\xf3\x94\x87\x78\x35\x82\x81\x7f"
"\x88\x94\x68\xb1\x78\x6b\x2b\xd6"
"\x04\x1f\x4e\xed\x78\xd5\x33\x66"
"\xd8\x94\x99\x91\x81\x54\x62\x57",
.alen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xf0\x7c\x29\x02\xae\x1c\x2f\x55"
"\xd0\xd1\x3d\x1a\xa3\x6d\xe4\x0a"
"\x86\xb0\x87\x6b\x62\x33\x8c\x34"
"\xce\xab\x57\xcc\x79\x0b\xe0\x6f"
"\x5c\x3e\x48\x1f\x6c\x46\xf7\x51"
"\x8b\x84\x83\x2a\xc1\x05\xb8\xc5",
.ilen = 48,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x50\x82\x3e\x07\xe2\x1e\xb6\xfb"
"\x33\xe4\x73\xce\xd2\xfb\x95\x79"
"\xe8\xb4\xb5\x77\x11\x10\x62\x6f"
"\x6a\x82\xd1\x13\xec\xf5\xd0\x48",
.rlen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.novrfy = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x61\x0e\x8c\xae\xe3\x23\xb6\x38"
"\x76\x1c\xf6\x3a\x67\xa3\x9c\xd8",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x03\x05\xe0\xc9\x0f\xed\x34\xea"
"\x97\xd4\x3b\xdf\x00\x00\x00\x00",
.assoc = "\x49\x5c\x50\x1f\x1d\x94\xcc\x81"
"\xba\xb7\xb6\x03\xaf\xa5\xc1\xa1"
"\xd8\x5c\x42\x68\xe0\x6c\xda\x89"
"\x05\xac\x56\xac\x1b\x2a\xd3\x86",
.alen = 32,
.input = "\x39\xbe\x7d\x15\x62\x77\xf3\x3c"
"\xad\x83\x52\x6d\x71\x03\x25\x1c"
"\xed\x81\x3a\x9a\x16\x7d\x19\x80"
"\x72\x04\x72\xd0\xf6\xff\x05\x0f"
"\xb7\x14\x30\x00\x32\x9e\xa0\xa6"
"\x9e\x5a\x18\xa1\xb8\xfe\xdb\xd3",
.ilen = 48,
.result = "\x75\x05\xbe\xc2\xd9\x1e\xde\x60"
"\x47\x3d\x8c\x7d\xbd\xb5\xd9\xb7"
"\xf2\xae\x61\x05\x8f\x82\x24\x3f"
"\x9c\x67\x91\xe1\x38\x4f\xe4\x0c",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73"
"\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3"
"\xa4\x48\x93\x39\x26\x71\x4a\xc6",
.klen = 24,
.iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9"
"\x57\xba\xfd\x9e\x00\x00\x00\x00",
.assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1"
"\x58\x7c\xf2\x5c\x6d\x39\x0a\x64"
"\xa4\xf0\x13\x05\xd1\x77\x99\x67"
"\x11\xc4\xc6\xdb\x00\x56\x36\x61",
.alen = 32,
.input = "\x71\x99\xfa\xf4\x44\x12\x68\x9b",
.ilen = 8,
.result = "\x00",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7"
"\x96\xe5\xc5\x68\xaa\x95\x35\xe0"
"\x29\xa0\xba\x9e\x48\x78\xd1\xba",
.klen = 24,
.iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9"
"\x57\xba\xfd\x9e\x00\x00\x00\x00",
.assoc = "\x44\xa6\x2c\x05\xe9\xe1\x43\xb1"
"\x58\x7c\xf2\x5c\x6d\x39\x0a\x64"
"\xa4\xf0\x13\x05\xd1\x77\x99\x67"
"\x11\xc4\xc6\xdb\x00\x56\x36\x61",
.alen = 32,
.input = "\xfb\xe5\x5d\x34\xbe\xe5\xe8\xe7"
"\x5a\xef\x2f\xbf\x1f\x7f\xd4\xb2"
"\x66\xca\x61\x1e\x96\x7a\x61\xb3"
"\x1c\x16\x45\x52\xba\x04\x9c\x9f"
"\xb1\xd2\x40\xbc\x52\x7c\x6f\xb1",
.ilen = 40,
.result = "\x85\x34\x66\x42\xc8\x92\x0f\x36"
"\x58\xe0\x6b\x91\x3c\x98\x5c\xbb"
"\x0a\x85\xcc\x02\xad\x7a\x96\xe9"
"\x65\x43\xa4\xc3\x0f\xdc\x55\x81",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7"
"\x96\xe5\xc5\x68\xaa\x95\x35\xe0"
"\x29\xa0\xba\x9e\x48\x78\xd1\xba",
.klen = 24,
.iv = "\x03\xd1\xfc\x57\x9c\xfe\xb8\x9c"
"\xad\x71\xaa\x1f\x00\x00\x00\x00",
.assoc = "\x86\x67\xa5\xa9\x14\x5f\x0d\xc6"
"\xff\x14\xc7\x44\xbf\x6c\x3a\xc3"
"\xff\xb6\x81\xbd\xe2\xd5\x06\xc7"
"\x3c\xa1\x52\x13\x03\x8a\x23\x3a",
.alen = 32,
.input = "\x3f\x66\xb0\x9d\xe5\x4b\x38\x00"
"\xc6\x0e\x6e\xe5\xd6\x98\xa6\x37"
"\x8c\x26\x33\xc6\xb2\xa2\x17\xfa"
"\x64\x19\xc0\x30\xd7\xfc\x14\x6b"
"\xe3\x33\xc2\x04\xb0\x37\xbe\x3f"
"\xa9\xb4\x2d\x68\x03\xa3\x44\xef",
.ilen = 48,
.result = "\x02\x87\x4d\x28\x80\x6e\xb2\xed"
"\x99\x2a\xa8\xca\x04\x25\x45\x90"
"\x1d\xdd\x5a\xd9\xe4\xdb\x9c\x9c"
"\x49\xe9\x01\xfe\xa7\x80\x6d\x6b",
.rlen = 32,
.novrfy = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xa4\x4b\x54\x29\x0a\xb8\x6d\x01"
"\x5b\x80\x2a\xcf\x25\xc4\xb7\x5c"
"\x20\x2c\xad\x30\xc2\x2b\x41\xfb"
"\x0e\x85\xbc\x33\xad\x0f\x2b\xff",
.klen = 32,
.iv = "\x03\xee\x49\x83\xe9\xa9\xff\xe9"
"\x57\xba\xfd\x9e\x00\x00\x00\x00",
.alen = 0,
.input = "\x1f\xb8\x8f\xa3\xdd\x54\x00\xf2",
.ilen = 8,
.result = "\x00",
.rlen = 0,
}, {
.key = "\x39\xbb\xa7\xbe\x59\x97\x9e\x73"
"\xa2\xbc\x6b\x98\xd7\x75\x7f\xe3"
"\xa4\x48\x93\x39\x26\x71\x4a\xc6"
"\xae\x8f\x11\x4c\xc2\x9c\x4a\xbb",
.klen = 32,
.iv = "\x03\x85\x34\x66\x42\xc8\x92\x0f"
"\x36\x58\xe0\x6b\x00\x00\x00\x00",
.alen = 0,
.input = "\x48\x01\x5e\x02\x24\x04\x66\x47"
"\xa1\xea\x6f\xaf\xe8\xfc\xfb\xdd"
"\xa5\xa9\x87\x8d\x84\xee\x2e\x77"
"\xbb\x86\xb9\xf5\x5c\x6c\xff\xf6"
"\x72\xc3\x8e\xf7\x70\xb1\xb2\x07"
"\xbc\xa8\xa3\xbd\x83\x7c\x1d\x2a",
.ilen = 48,
.result = "\xdc\x56\xf2\x71\xb0\xb1\xa0\x6c"
"\xf0\x97\x3a\xfb\x6d\xe7\x32\x99"
"\x3e\xaf\x70\x5e\xb2\x4d\xea\x39"
"\x89\xd4\x75\x7a\x63\xb1\xda\x93",
.rlen = 32,
.novrfy = 1,
}, {
.key = "\x58\x5d\xa0\x96\x65\x1a\x04\xd7"
"\x96\xe5\xc5\x68\xaa\x95\x35\xe0"
"\x29\xa0\xba\x9e\x48\x78\xd1\xba"
"\x0d\x1a\x53\x3b\xb5\xe3\xf8\x8b",
.klen = 32,
.iv = "\x03\xcf\x76\x3f\xd9\x95\x75\x8f"
"\x44\x89\x40\x7b\x00\x00\x00\x00",
.assoc = "\x8f\x86\x6c\x4d\x1d\xc5\x39\x88"
"\xc8\xf3\x5c\x52\x10\x63\x6f\x2b"
"\x8a\x2a\xc5\x6f\x30\x23\x58\x7b"
"\xfb\x36\x03\x11\xb4\xd9\xf2\xfe",
.alen = 32,
.input = "\x48\x58\xd6\xf3\xad\x63\x58\xbf"
"\xae\xc7\x5e\xae\x83\x8f\x7b\xe4"
"\x78\x5c\x4c\x67\x71\x89\x94\xbf"
"\x47\xf1\x63\x7e\x1c\x59\xbd\xc5"
"\x7f\x44\x0a\x0c\x01\x18\x07\x92"
"\xe1\xd3\x51\xce\x32\x6d\x0c\x5b",
.ilen = 48,
.result = "\xc2\x54\xc8\xde\x78\x87\x77\x40"
"\x49\x71\xe4\xb7\xe7\xcb\x76\x61"
"\x0a\x41\xb9\xe9\xc0\x76\x54\xab"
"\x04\x49\x3b\x19\x93\x57\x25\x5d",
.rlen = 32,
},
};
/*
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* rfc4309 refers to section 8 of rfc3610 for test vectors, but they all
* use a 13-byte nonce, we only support an 11-byte nonce. Worse,
* they use AD lengths which are not valid ESP header lengths.
*
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* These vectors are copied/generated from the ones for rfc4106 with
* the key truncated by one byte..
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec aes_ccm_rfc4309_enc_tv_template[] = {
{ /* Generated using Crypto++ */
.key = zeroed_string,
.klen = 19,
.iv = zeroed_string,
.input = zeroed_string,
.ilen = 16,
.assoc = zeroed_string,
.alen = 16,
.result = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F"
"\x12\x50\xE8\xDE\x81\x3C\x63\x08"
"\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5"
"\x27\x50\x01\xAC\x03\x33\x39\xFB",
.rlen = 32,
},{
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = zeroed_string,
.ilen = 16,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F"
"\x7E\x76\xF8\xE6\xF8\xCC\x1F\x17"
"\x6A\xE0\x53\x9F\x4B\x73\x7E\xDA"
"\x08\x09\x4E\xC4\x1E\xAD\xC6\xB0",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = zeroed_string,
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 16,
.assoc = zeroed_string,
.alen = 16,
.result = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
"\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
"\xA1\xE2\xC2\x42\x2B\x81\x70\x40"
"\xFD\x7F\x76\xD1\x03\x07\xBB\x0C",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = zeroed_string,
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
.result = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
"\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
"\x5B\xC0\x73\xE0\x2B\x73\x68\xC9"
"\x2D\x8C\x58\xC2\x90\x3D\xB0\x3E",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
"\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
"\x43\x8E\x76\x57\x3B\xB4\x05\xE8"
"\xA9\x9B\xBF\x25\xE0\x4F\xC0\xED",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.input = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.ilen = 64,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.result = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
"\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
"\x9C\xA4\x97\x83\x3F\x01\xA5\xF4"
"\x43\x09\xE7\xB8\xE9\xD1\xD7\x02"
"\x9B\xAB\x39\x18\xEB\x94\x34\x36"
"\xE6\xC5\xC8\x9B\x00\x81\x9E\x49"
"\x1D\x78\xE1\x48\xE3\xE9\xEA\x8E"
"\x3A\x2B\x67\x5D\x35\x6A\x0F\xDB"
"\x02\x73\xDD\xE7\x30\x4A\x30\x54"
"\x1A\x9D\x09\xCA\xC8\x1C\x32\x5F",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
.input = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
.ilen = 192,
.assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
"\x89\xab\xcd\xef",
.alen = 20,
.result = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E"
"\x7C\x64\x6D\x33\x46\x77\xAC\xB1"
"\x5C\x9E\xE2\xC7\x27\x11\x3E\x95"
"\x7D\xBE\x28\xC8\xC1\xCA\x5E\x8C"
"\xB4\xE2\xDE\x9F\x53\x59\x26\xDB"
"\x0C\xD4\xE4\x07\x9A\xE6\x3E\x01"
"\x58\x0D\x3E\x3D\xD5\x21\xEB\x04"
"\x06\x9D\x5F\xB9\x02\x49\x1A\x2B"
"\xBA\xF0\x4E\x3B\x85\x50\x5B\x09"
"\xFE\xEC\xFC\x54\xEC\x0C\xE2\x79"
"\x8A\x2F\x5F\xD7\x05\x5D\xF1\x6D"
"\x22\xEB\xD1\x09\x80\x3F\x5A\x70"
"\xB2\xB9\xD3\x63\x99\xC2\x4D\x1B"
"\x36\x12\x00\x89\xAA\x5D\x55\xDA"
"\x1D\x5B\xD8\x3C\x5F\x09\xD2\xE6"
"\x39\x41\x5C\xF0\xBE\x26\x4E\x5F"
"\x2B\x50\x44\x52\xC2\x10\x7D\x38"
"\x82\x64\x83\x0C\xAE\x49\xD0\xE5"
"\x4F\xE5\x66\x4C\x58\x7A\xEE\x43"
"\x3B\x51\xFE\xBA\x24\x8A\xFE\xDC"
"\x19\x6D\x60\x66\x61\xF9\x9A\x3F"
"\x75\xFC\x38\x53\x5B\xB5\xCD\x52"
"\x4F\xE5\xE4\xC9\xFE\x10\xCB\x98"
"\xF0\x06\x5B\x07\xAB\xBB\xF4\x0E"
"\x2D\xC2\xDD\x5D\xDD\x22\x9A\xCC"
"\x39\xAB\x63\xA5\x3D\x9C\x51\x8A",
.rlen = 208,
}, { /* From draft-mcgrew-gcm-test-01 */
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x2E\x44\x3B",
.klen = 19,
.iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
.input = "\x45\x00\x00\x48\x69\x9A\x00\x00"
"\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
"\x38\xD3\x01\x00\x00\x01\x00\x00"
"\x00\x00\x00\x00\x04\x5F\x73\x69"
"\x70\x04\x5F\x75\x64\x70\x03\x73"
"\x69\x70\x09\x63\x79\x62\x65\x72"
"\x63\x69\x74\x79\x02\x64\x6B\x00"
"\x00\x21\x00\x01\x01\x02\x02\x01",
.ilen = 72,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x00\x49\x56\xED\x7E"
"\x3B\x24\x4C\xFE",
.alen = 20,
.result = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB"
"\x83\x60\xF5\xBA\x3A\x56\x79\xE6"
"\x7E\x0C\x53\xCF\x9E\x87\xE0\x4E"
"\x1A\x26\x01\x24\xC7\x2E\x3D\xBF"
"\x29\x2C\x91\xC1\xB8\xA8\xCF\xE0"
"\x39\xF8\x53\x6D\x31\x22\x2B\xBF"
"\x98\x81\xFC\x34\xEE\x85\x36\xCD"
"\x26\xDB\x6C\x7A\x0C\x77\x8A\x35"
"\x18\x85\x54\xB2\xBC\xDD\x3F\x43"
"\x61\x06\x8A\xDF\x86\x3F\xB4\xAC"
"\x97\xDC\xBD\xFD\x92\x10\xC5\xFF",
.rlen = 88,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xCA\xFE\xBA",
.klen = 19,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.input = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
"\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x98\x00\x35"
"\x00\x2A\x23\x43\xB2\xD0\x01\x00"
"\x00\x01\x00\x00\x00\x00\x00\x00"
"\x03\x73\x69\x70\x09\x63\x79\x62"
"\x65\x72\x63\x69\x74\x79\x02\x64"
"\x6B\x00\x00\x01\x00\x01\x00\x01",
.ilen = 64,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
.result = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8"
"\xE5\x26\x8A\xDE\xB8\x7E\x7D\x16"
"\x56\xC7\xD2\x88\xBA\x8D\x58\xAF"
"\xF5\x71\xB6\x37\x84\xA7\xB1\x99"
"\x51\x5C\x0D\xA0\x27\xDE\xE7\x2D"
"\xEF\x25\x88\x1F\x1D\x77\x11\xFF"
"\xDB\xED\xEE\x56\x16\xC5\x5C\x9B"
"\x00\x62\x1F\x68\x4E\x7C\xA0\x97"
"\x10\x72\x7E\x53\x13\x3B\x68\xE4"
"\x30\x99\x91\x79\x09\xEA\xFF\x6A",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x11\x22\x33",
.klen = 35,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
.input = "\x45\x00\x00\x30\x69\xA6\x40\x00"
"\x80\x06\x26\x90\xC0\xA8\x01\x02"
"\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
"\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
"\x70\x02\x40\x00\x20\xBF\x00\x00"
"\x02\x04\x05\xB4\x01\x01\x04\x02"
"\x01\x02\x02\x01",
.ilen = 52,
.assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
"\x01\x02\x03\x04\x05\x06\x07\x08",
.alen = 16,
.result = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F"
"\x58\x41\x7E\xFF\x9A\x9E\x09\xB4"
"\x1A\xF7\xF6\x42\x31\xCD\xBF\xAD"
"\x27\x0E\x2C\xF2\xDB\x10\xDF\x55"
"\x8F\x0D\xD7\xAC\x23\xBD\x42\x10"
"\xD0\xB2\xAF\xD8\x37\xAC\x6B\x0B"
"\x11\xD4\x0B\x12\xEC\xB4\xB1\x92"
"\x23\xA6\x10\xB0\x26\xD6\xD9\x26"
"\x5A\x48\x6A\x3E",
.rlen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.input = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
"\x80\x01\xCB\x7A\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x07\x5C"
"\x02\x00\x44\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.ilen = 64,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F"
"\x92\x51\x23\xA4\xC1\x5B\xF0\x10"
"\xF3\x13\xF4\xF8\xA1\x9A\xB4\xDC"
"\x89\xC8\xF8\x42\x62\x95\xB7\xCB"
"\xB8\xF5\x0F\x1B\x2E\x94\xA2\xA7"
"\xBF\xFB\x8A\x92\x13\x63\xD1\x3C"
"\x08\xF5\xE8\xA6\xAA\xF6\x34\xF9"
"\x42\x05\xAF\xB3\xE7\x9A\xFC\xEE"
"\x36\x25\xC1\x10\x12\x1C\xCA\x82"
"\xEA\xE6\x63\x5A\x57\x28\xA9\x9A",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
"\x80\x01\xCB\x7C\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x08\x5C"
"\x02\x00\x43\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.ilen = 64,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6"
"\x10\x60\x40\x62\x6B\x4F\x97\x8E"
"\x0B\xB2\x22\x97\xCB\x21\xE0\x90"
"\xA2\xE7\xD1\x41\x30\xE4\x4B\x1B"
"\x79\x01\x58\x50\x01\x06\xE1\xE0"
"\x2C\x83\x79\xD3\xDE\x46\x97\x1A"
"\x30\xB8\xE5\xDF\xD7\x12\x56\x75"
"\xD0\x95\xB7\xB8\x91\x42\xF7\xFD"
"\x97\x57\xCA\xC1\x20\xD0\x86\xB9"
"\x66\x9D\xB4\x2B\x96\x22\xAC\x67",
.rlen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
"\x80\x01\x44\x1F\x40\x67\x93\xB6"
"\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
"\x01\x02\x02\x01",
.ilen = 28,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6"
"\x10\x60\xCF\x01\x6B\x4F\x97\x20"
"\xEA\xB3\x23\x94\xC9\x21\x1D\x33"
"\xA1\xE5\x90\x40\x05\x37\x45\x70"
"\xB5\xD6\x09\x0A\x23\x73\x33\xF9"
"\x08\xB4\x22\xE4",
.rlen = 44,
}, {
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\xCA\xFE\xBA",
.klen = 27,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.input = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
"\x40\x06\x78\x80\x0A\x01\x03\x8F"
"\x0A\x01\x06\x12\x80\x23\x06\xB8"
"\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
"\x50\x10\x16\xD0\x75\x68\x00\x01",
.ilen = 40,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
.result = "\x05\x22\x15\xD1\x52\x56\x85\x04"
"\xA8\x5C\x5D\x6D\x7E\x6E\xF5\xFA"
"\xEA\x16\x37\x50\xF3\xDF\x84\x3B"
"\x2F\x32\x18\x57\x34\x2A\x8C\x23"
"\x67\xDF\x6D\x35\x7B\x54\x0D\xFB"
"\x34\xA5\x9F\x6C\x48\x30\x1E\x22"
"\xFE\xB1\x22\x17\x17\x8A\xB9\x5B",
.rlen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8",
.klen = 19,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.input = "\x45\x00\x00\x49\x33\xBA\x00\x00"
"\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xDD\x7B\x80\x03\x02\xD5"
"\x00\x00\x4E\x20\x00\x1E\x8C\x18"
"\xD7\x5B\x81\xDC\x91\xBA\xA0\x47"
"\x6B\x91\xB9\x24\xB2\x80\x38\x9D"
"\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
"\x9B\x62\x66\xC0\x47\x22\xB1\x49"
"\x23\x01\x01\x01",
.ilen = 76,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.result = "\x92\xD0\x53\x79\x33\x38\xD5\xF3"
"\x7D\xE4\x7A\x8E\x86\x03\xC9\x90"
"\x96\x35\xAB\x9C\xFB\xE8\xA3\x76"
"\xE9\xE9\xE2\xD1\x2E\x11\x0E\x00"
"\xFA\xCE\xB5\x9E\x02\xA7\x7B\xEA"
"\x71\x9A\x58\xFB\xA5\x8A\xE1\xB7"
"\x9C\x39\x9D\xE3\xB5\x6E\x69\xE6"
"\x63\xC9\xDB\x05\x69\x51\x12\xAD"
"\x3E\x00\x32\x73\x86\xF2\xEE\xF5"
"\x0F\xE8\x81\x7E\x84\xD3\xC0\x0D"
"\x76\xD6\x55\xC6\xB4\xC2\x34\xC7"
"\x12\x25\x0B\xF9",
.rlen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C",
.klen = 35,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.input = "\x45\x08\x00\x28\x73\x2C\x00\x00"
"\x40\x06\xE9\xF9\x0A\x01\x06\x12"
"\x0A\x01\x03\x8F\x06\xB8\x80\x23"
"\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
"\x50\x10\x1F\x64\x6D\x54\x00\x01",
.ilen = 40,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.result = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42"
"\x2C\x64\x87\x46\x1E\x34\x10\x05"
"\x29\x6B\xBB\x36\xE9\x69\xAD\x92"
"\x82\xA1\x10\x6A\xEB\x0F\xDC\x7D"
"\x08\xBA\xF3\x91\xCA\xAA\x61\xDA"
"\x62\xF4\x14\x61\x5C\x9D\xB5\xA7"
"\xEE\xD7\xB9\x7E\x87\x99\x9B\x7D",
.rlen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x49\x33\x3E\x00\x00"
"\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xCB\x45\x80\x03\x02\x5B"
"\x00\x00\x01\xE0\x00\x1E\x8C\x18"
"\xD6\x57\x59\xD5\x22\x84\xA0\x35"
"\x2C\x71\x47\x5C\x88\x80\x39\x1C"
"\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
"\x5A\xE2\x70\xC0\x38\x99\x49\x39"
"\x15\x01\x01\x01",
.ilen = 76,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6"
"\xEF\x70\x1A\x9C\xE8\xD3\x19\x86"
"\xC8\x02\xF0\xB0\x03\x09\xD9\x02"
"\xA0\xD2\x59\x04\xD1\x85\x2A\x24"
"\x1C\x67\x3E\xD8\x68\x72\x06\x94"
"\x97\xBA\x4F\x76\x8D\xB0\x44\x5B"
"\x69\xBF\xD5\xE2\x3D\xF1\x0B\x0C"
"\xC0\xBF\xB1\x8F\x70\x09\x9E\xCE"
"\xA5\xF2\x55\x58\x84\xFA\xF9\xB5"
"\x23\xF4\x84\x40\x74\x14\x8A\x6B"
"\xDB\xD7\x67\xED\xA4\x93\xF3\x47"
"\xCC\xF7\x46\x6F",
.rlen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C",
.klen = 35,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.input = "\x63\x69\x73\x63\x6F\x01\x72\x75"
"\x6C\x65\x73\x01\x74\x68\x65\x01"
"\x6E\x65\x74\x77\x65\x01\x64\x65"
"\x66\x69\x6E\x65\x01\x74\x68\x65"
"\x74\x65\x63\x68\x6E\x6F\x6C\x6F"
"\x67\x69\x65\x73\x01\x74\x68\x61"
"\x74\x77\x69\x6C\x6C\x01\x64\x65"
"\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
"\x72\x72\x6F\x77\x01\x02\x02\x01",
.ilen = 72,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.result = "\xEA\x15\xC4\x98\xAC\x15\x22\x37"
"\x00\x07\x1D\xBE\x60\x5D\x73\x16"
"\x4D\x0F\xCC\xCE\x8A\xD0\x49\xD4"
"\x39\xA3\xD1\xB1\x21\x0A\x92\x1A"
"\x2C\xCF\x8F\x9D\xC9\x91\x0D\xB4"
"\x15\xFC\xBC\xA5\xC5\xBF\x54\xE5"
"\x1C\xC7\x32\x41\x07\x7B\x2C\xB6"
"\x5C\x23\x7C\x93\xEA\xEF\x23\x1C"
"\x73\xF4\xE7\x12\x84\x4C\x37\x0A"
"\x4A\x8F\x06\x37\x48\xF9\xF9\x05"
"\x55\x13\x40\xC3\xD5\x55\x3A\x3D",
.rlen = 88,
}, {
.key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
"\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
"\xD9\x66\x42",
.klen = 19,
.iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.input = "\x01\x02\x02\x01",
.ilen = 4,
.assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
"\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD"
"\xD0\xD8\x60\x9D\x8B\xEF\x85\x90"
"\xF7\x61\x24\x62",
.rlen = 20,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8",
.klen = 19,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.input = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
"\x01\x6E\x6F\x74\x01\x74\x6F\x01"
"\x62\x65\x00\x01",
.ilen = 20,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.result = "\xA3\xBF\x52\x52\x65\x83\xBA\x81"
"\x03\x9B\x84\xFC\x44\x8C\xBB\x81"
"\x36\xE1\x78\xBB\xA5\x49\x3A\xD0"
"\xF0\x6B\x21\xAF\x98\xC0\x34\xDC"
"\x17\x17\x65\xAD",
.rlen = 36,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
"\x6D\x61\x72\x69\x6A\x75\x61\x6E"
"\x61\x61\x6E\x64\x64\x6F\x69\x74"
"\x62\x65\x66\x6F\x72\x65\x69\x61"
"\x74\x75\x72",
.klen = 35,
.iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
.input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.ilen = 52,
.assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
"\x67\x65\x74\x6D",
.alen = 20,
.result = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10"
"\xAB\x8C\xDA\x8A\x5A\x08\x38\x1A"
"\x48\x59\x80\x18\x1A\x18\x1A\x04"
"\xC9\x0D\xE3\xE7\x0E\xA4\x0B\x75"
"\x92\x9C\x52\x5C\x0B\xFB\xF8\xAF"
"\x16\xC3\x35\xA8\xE7\xCE\x84\x04"
"\xEB\x40\x6B\x7A\x8E\x75\xBB\x42"
"\xE0\x63\x4B\x21\x44\xA2\x2B\x2B"
"\x39\xDB\xC8\xDC",
.rlen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.input = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.ilen = 52,
.assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.result = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6"
"\x10\x60\x54\x25\xEB\x80\x04\x93"
"\xCA\x1B\x23\x97\xCB\x21\x2E\x01"
"\xA2\xE7\x95\x41\x30\xE4\x4B\x1B"
"\x79\x01\x58\x50\x01\x06\xE1\xE0"
"\x2C\x83\x79\xD3\xDE\x46\x97\x1A"
"\x44\xCC\x90\xBF\x00\x94\x94\x92"
"\x20\x17\x0C\x1B\x55\xDE\x7E\x68"
"\xF4\x95\x5D\x4F",
.rlen = 68,
}, {
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x22\x43\x3C",
.klen = 19,
.iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
.input = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
"\x71\x72\x73\x74\x01\x02\x02\x01",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x07\x48\x55\xEC\x7D"
"\x3A\x23\x4B\xFD",
.alen = 20,
.result = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02"
"\xF0\xB5\x37\xB6\x6B\x2F\xF5\x4F"
"\xF8\xA3\x4C\x53\xB8\x12\x09\xBF"
"\x58\x7D\xCF\x29\xA3\x41\x68\x6B"
"\xCE\xE8\x79\x85\x3C\xB0\x3A\x8F"
"\x16\xB0\xA1\x26\xC9\xBC\xBC\xA6",
.rlen = 48,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
}
};
static const struct aead_testvec aes_ccm_rfc4309_dec_tv_template[] = {
{ /* Generated using Crypto++ */
.key = zeroed_string,
.klen = 19,
.iv = zeroed_string,
.result = zeroed_string,
.rlen = 16,
.assoc = zeroed_string,
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x2E\x9A\xCA\x6B\xDA\x54\xFC\x6F"
"\x12\x50\xE8\xDE\x81\x3C\x63\x08"
"\x1A\x22\xBA\x75\xEE\xD4\xD5\xB5"
"\x27\x50\x01\xAC\x03\x33\x39\xFB",
.ilen = 32,
},{
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.result = zeroed_string,
.rlen = 16,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.input = "\xCF\xB9\x99\x17\xC8\x86\x0E\x7F"
"\x7E\x76\xF8\xE6\xF8\xCC\x1F\x17"
"\x6A\xE0\x53\x9F\x4B\x73\x7E\xDA"
"\x08\x09\x4E\xC4\x1E\xAD\xC6\xB0",
.ilen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = zeroed_string,
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 16,
.assoc = zeroed_string,
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
"\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
"\xA1\xE2\xC2\x42\x2B\x81\x70\x40"
"\xFD\x7F\x76\xD1\x03\x07\xBB\x0C",
.ilen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = zeroed_string,
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x33\xDE\x73\xBC\xA6\xCE\x4E\xA6"
"\x61\xF4\xF5\x41\x03\x4A\xE3\x86"
"\x5B\xC0\x73\xE0\x2B\x73\x68\xC9"
"\x2D\x8C\x58\xC2\x90\x3D\xB0\x3E",
.ilen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 16,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.input = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
"\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
"\x43\x8E\x76\x57\x3B\xB4\x05\xE8"
"\xA9\x9B\xBF\x25\xE0\x4F\xC0\xED",
.ilen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfe\xff\xe9\x92\x86\x65\x73\x1c"
"\x6d\x6a\x8f\x94\x67\x30\x83\x08"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x01",
.result = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01"
"\x01\x01\x01\x01\x01\x01\x01\x01",
.rlen = 64,
.assoc = "\x01\x01\x01\x01\x01\x01\x01\x01"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.alen = 16,
.input = "\xCE\xB8\x98\x16\xC9\x87\x0F\x7E"
"\x7F\x77\xF9\xE7\xF9\xCD\x1E\x16"
"\x9C\xA4\x97\x83\x3F\x01\xA5\xF4"
"\x43\x09\xE7\xB8\xE9\xD1\xD7\x02"
"\x9B\xAB\x39\x18\xEB\x94\x34\x36"
"\xE6\xC5\xC8\x9B\x00\x81\x9E\x49"
"\x1D\x78\xE1\x48\xE3\xE9\xEA\x8E"
"\x3A\x2B\x67\x5D\x35\x6A\x0F\xDB"
"\x02\x73\xDD\xE7\x30\x4A\x30\x54"
"\x1A\x9D\x09\xCA\xC8\x1C\x32\x5F",
.ilen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x45\x67\x89\xab\xcd\xef",
.result = "\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff"
"\xff\xff\xff\xff\xff\xff\xff\xff",
.rlen = 192,
.assoc = "\xaa\xaa\xaa\xaa\xaa\xaa\xaa\xaa"
"\xaa\xaa\xaa\xaa\x00\x00\x45\x67"
"\x89\xab\xcd\xef",
.alen = 20,
.input = "\x64\x17\xDC\x24\x9D\x92\xBA\x5E"
"\x7C\x64\x6D\x33\x46\x77\xAC\xB1"
"\x5C\x9E\xE2\xC7\x27\x11\x3E\x95"
"\x7D\xBE\x28\xC8\xC1\xCA\x5E\x8C"
"\xB4\xE2\xDE\x9F\x53\x59\x26\xDB"
"\x0C\xD4\xE4\x07\x9A\xE6\x3E\x01"
"\x58\x0D\x3E\x3D\xD5\x21\xEB\x04"
"\x06\x9D\x5F\xB9\x02\x49\x1A\x2B"
"\xBA\xF0\x4E\x3B\x85\x50\x5B\x09"
"\xFE\xEC\xFC\x54\xEC\x0C\xE2\x79"
"\x8A\x2F\x5F\xD7\x05\x5D\xF1\x6D"
"\x22\xEB\xD1\x09\x80\x3F\x5A\x70"
"\xB2\xB9\xD3\x63\x99\xC2\x4D\x1B"
"\x36\x12\x00\x89\xAA\x5D\x55\xDA"
"\x1D\x5B\xD8\x3C\x5F\x09\xD2\xE6"
"\x39\x41\x5C\xF0\xBE\x26\x4E\x5F"
"\x2B\x50\x44\x52\xC2\x10\x7D\x38"
"\x82\x64\x83\x0C\xAE\x49\xD0\xE5"
"\x4F\xE5\x66\x4C\x58\x7A\xEE\x43"
"\x3B\x51\xFE\xBA\x24\x8A\xFE\xDC"
"\x19\x6D\x60\x66\x61\xF9\x9A\x3F"
"\x75\xFC\x38\x53\x5B\xB5\xCD\x52"
"\x4F\xE5\xE4\xC9\xFE\x10\xCB\x98"
"\xF0\x06\x5B\x07\xAB\xBB\xF4\x0E"
"\x2D\xC2\xDD\x5D\xDD\x22\x9A\xCC"
"\x39\xAB\x63\xA5\x3D\x9C\x51\x8A",
.ilen = 208,
}, { /* From draft-mcgrew-gcm-test-01 */
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x2E\x44\x3B",
.klen = 19,
.iv = "\x49\x56\xED\x7E\x3B\x24\x4C\xFE",
.result = "\x45\x00\x00\x48\x69\x9A\x00\x00"
"\x80\x11\x4D\xB7\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x9B\xF1\x56"
"\x38\xD3\x01\x00\x00\x01\x00\x00"
"\x00\x00\x00\x00\x04\x5F\x73\x69"
"\x70\x04\x5F\x75\x64\x70\x03\x73"
"\x69\x70\x09\x63\x79\x62\x65\x72"
"\x63\x69\x74\x79\x02\x64\x6B\x00"
"\x00\x21\x00\x01\x01\x02\x02\x01",
.rlen = 72,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x00\x49\x56\xED\x7E"
"\x3B\x24\x4C\xFE",
.alen = 20,
.input = "\x89\xBA\x3E\xEF\xE6\xD6\xCF\xDB"
"\x83\x60\xF5\xBA\x3A\x56\x79\xE6"
"\x7E\x0C\x53\xCF\x9E\x87\xE0\x4E"
"\x1A\x26\x01\x24\xC7\x2E\x3D\xBF"
"\x29\x2C\x91\xC1\xB8\xA8\xCF\xE0"
"\x39\xF8\x53\x6D\x31\x22\x2B\xBF"
"\x98\x81\xFC\x34\xEE\x85\x36\xCD"
"\x26\xDB\x6C\x7A\x0C\x77\x8A\x35"
"\x18\x85\x54\xB2\xBC\xDD\x3F\x43"
"\x61\x06\x8A\xDF\x86\x3F\xB4\xAC"
"\x97\xDC\xBD\xFD\x92\x10\xC5\xFF",
.ilen = 88,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xCA\xFE\xBA",
.klen = 19,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.result = "\x45\x00\x00\x3E\x69\x8F\x00\x00"
"\x80\x11\x4D\xCC\xC0\xA8\x01\x02"
"\xC0\xA8\x01\x01\x0A\x98\x00\x35"
"\x00\x2A\x23\x43\xB2\xD0\x01\x00"
"\x00\x01\x00\x00\x00\x00\x00\x00"
"\x03\x73\x69\x70\x09\x63\x79\x62"
"\x65\x72\x63\x69\x74\x79\x02\x64"
"\x6B\x00\x00\x01\x00\x01\x00\x01",
.rlen = 64,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
.input = "\x4B\xC2\x70\x60\x64\xD2\xF3\xC8"
"\xE5\x26\x8A\xDE\xB8\x7E\x7D\x16"
"\x56\xC7\xD2\x88\xBA\x8D\x58\xAF"
"\xF5\x71\xB6\x37\x84\xA7\xB1\x99"
"\x51\x5C\x0D\xA0\x27\xDE\xE7\x2D"
"\xEF\x25\x88\x1F\x1D\x77\x11\xFF"
"\xDB\xED\xEE\x56\x16\xC5\x5C\x9B"
"\x00\x62\x1F\x68\x4E\x7C\xA0\x97"
"\x10\x72\x7E\x53\x13\x3B\x68\xE4"
"\x30\x99\x91\x79\x09\xEA\xFF\x6A",
.ilen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x11\x22\x33",
.klen = 35,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
.result = "\x45\x00\x00\x30\x69\xA6\x40\x00"
"\x80\x06\x26\x90\xC0\xA8\x01\x02"
"\x93\x89\x15\x5E\x0A\x9E\x00\x8B"
"\x2D\xC5\x7E\xE0\x00\x00\x00\x00"
"\x70\x02\x40\x00\x20\xBF\x00\x00"
"\x02\x04\x05\xB4\x01\x01\x04\x02"
"\x01\x02\x02\x01",
.rlen = 52,
.assoc = "\x4A\x2C\xBF\xE3\x00\x00\x00\x02"
"\x01\x02\x03\x04\x05\x06\x07\x08",
.alen = 16,
.input = "\xD6\x31\x0D\x2B\x3D\x6F\xBD\x2F"
"\x58\x41\x7E\xFF\x9A\x9E\x09\xB4"
"\x1A\xF7\xF6\x42\x31\xCD\xBF\xAD"
"\x27\x0E\x2C\xF2\xDB\x10\xDF\x55"
"\x8F\x0D\xD7\xAC\x23\xBD\x42\x10"
"\xD0\xB2\xAF\xD8\x37\xAC\x6B\x0B"
"\x11\xD4\x0B\x12\xEC\xB4\xB1\x92"
"\x23\xA6\x10\xB0\x26\xD6\xD9\x26"
"\x5A\x48\x6A\x3E",
.ilen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00",
.klen = 19,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.result = "\x45\x00\x00\x3C\x99\xC5\x00\x00"
"\x80\x01\xCB\x7A\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x07\x5C"
"\x02\x00\x44\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.rlen = 64,
.assoc = "\x00\x00\x00\x00\x00\x00\x00\x01"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.alen = 16,
.input = "\x6B\x9A\xCA\x57\x43\x91\xFC\x6F"
"\x92\x51\x23\xA4\xC1\x5B\xF0\x10"
"\xF3\x13\xF4\xF8\xA1\x9A\xB4\xDC"
"\x89\xC8\xF8\x42\x62\x95\xB7\xCB"
"\xB8\xF5\x0F\x1B\x2E\x94\xA2\xA7"
"\xBF\xFB\x8A\x92\x13\x63\xD1\x3C"
"\x08\xF5\xE8\xA6\xAA\xF6\x34\xF9"
"\x42\x05\xAF\xB3\xE7\x9A\xFC\xEE"
"\x36\x25\xC1\x10\x12\x1C\xCA\x82"
"\xEA\xE6\x63\x5A\x57\x28\xA9\x9A",
.ilen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x3C\x99\xC3\x00\x00"
"\x80\x01\xCB\x7C\x40\x67\x93\x18"
"\x01\x01\x01\x01\x08\x00\x08\x5C"
"\x02\x00\x43\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x75\x76\x77\x61\x62\x63\x64\x65"
"\x66\x67\x68\x69\x01\x02\x02\x01",
.rlen = 64,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\x6A\x6B\x45\x2B\x7C\x67\x52\xF6"
"\x10\x60\x40\x62\x6B\x4F\x97\x8E"
"\x0B\xB2\x22\x97\xCB\x21\xE0\x90"
"\xA2\xE7\xD1\x41\x30\xE4\x4B\x1B"
"\x79\x01\x58\x50\x01\x06\xE1\xE0"
"\x2C\x83\x79\xD3\xDE\x46\x97\x1A"
"\x30\xB8\xE5\xDF\xD7\x12\x56\x75"
"\xD0\x95\xB7\xB8\x91\x42\xF7\xFD"
"\x97\x57\xCA\xC1\x20\xD0\x86\xB9"
"\x66\x9D\xB4\x2B\x96\x22\xAC\x67",
.ilen = 80,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x1C\x42\xA2\x00\x00"
"\x80\x01\x44\x1F\x40\x67\x93\xB6"
"\xE0\x00\x00\x02\x0A\x00\xF5\xFF"
"\x01\x02\x02\x01",
.rlen = 28,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\x6A\x6B\x45\x0B\xA7\x06\x52\xF6"
"\x10\x60\xCF\x01\x6B\x4F\x97\x20"
"\xEA\xB3\x23\x94\xC9\x21\x1D\x33"
"\xA1\xE5\x90\x40\x05\x37\x45\x70"
"\xB5\xD6\x09\x0A\x23\x73\x33\xF9"
"\x08\xB4\x22\xE4",
.ilen = 44,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\x6D\x6A\x8F\x94\x67\x30\x83\x08"
"\xFE\xFF\xE9\x92\x86\x65\x73\x1C"
"\xCA\xFE\xBA",
.klen = 27,
.iv = "\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.result = "\x45\x00\x00\x28\xA4\xAD\x40\x00"
"\x40\x06\x78\x80\x0A\x01\x03\x8F"
"\x0A\x01\x06\x12\x80\x23\x06\xB8"
"\xCB\x71\x26\x02\xDD\x6B\xB0\x3E"
"\x50\x10\x16\xD0\x75\x68\x00\x01",
.rlen = 40,
.assoc = "\x00\x00\xA5\xF8\x00\x00\x00\x0A"
"\xFA\xCE\xDB\xAD\xDE\xCA\xF8\x88",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x05\x22\x15\xD1\x52\x56\x85\x04"
"\xA8\x5C\x5D\x6D\x7E\x6E\xF5\xFA"
"\xEA\x16\x37\x50\xF3\xDF\x84\x3B"
"\x2F\x32\x18\x57\x34\x2A\x8C\x23"
"\x67\xDF\x6D\x35\x7B\x54\x0D\xFB"
"\x34\xA5\x9F\x6C\x48\x30\x1E\x22"
"\xFE\xB1\x22\x17\x17\x8A\xB9\x5B",
.ilen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8",
.klen = 19,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.result = "\x45\x00\x00\x49\x33\xBA\x00\x00"
"\x7F\x11\x91\x06\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xDD\x7B\x80\x03\x02\xD5"
"\x00\x00\x4E\x20\x00\x1E\x8C\x18"
"\xD7\x5B\x81\xDC\x91\xBA\xA0\x47"
"\x6B\x91\xB9\x24\xB2\x80\x38\x9D"
"\x92\xC9\x63\xBA\xC0\x46\xEC\x95"
"\x9B\x62\x66\xC0\x47\x22\xB1\x49"
"\x23\x01\x01\x01",
.rlen = 76,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.input = "\x92\xD0\x53\x79\x33\x38\xD5\xF3"
"\x7D\xE4\x7A\x8E\x86\x03\xC9\x90"
"\x96\x35\xAB\x9C\xFB\xE8\xA3\x76"
"\xE9\xE9\xE2\xD1\x2E\x11\x0E\x00"
"\xFA\xCE\xB5\x9E\x02\xA7\x7B\xEA"
"\x71\x9A\x58\xFB\xA5\x8A\xE1\xB7"
"\x9C\x39\x9D\xE3\xB5\x6E\x69\xE6"
"\x63\xC9\xDB\x05\x69\x51\x12\xAD"
"\x3E\x00\x32\x73\x86\xF2\xEE\xF5"
"\x0F\xE8\x81\x7E\x84\xD3\xC0\x0D"
"\x76\xD6\x55\xC6\xB4\xC2\x34\xC7"
"\x12\x25\x0B\xF9",
.ilen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C",
.klen = 35,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.result = "\x45\x08\x00\x28\x73\x2C\x00\x00"
"\x40\x06\xE9\xF9\x0A\x01\x06\x12"
"\x0A\x01\x03\x8F\x06\xB8\x80\x23"
"\xDD\x6B\xAF\xBE\xCB\x71\x26\x02"
"\x50\x10\x1F\x64\x6D\x54\x00\x01",
.rlen = 40,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.input = "\xCC\x74\xB7\xD3\xB0\x38\x50\x42"
"\x2C\x64\x87\x46\x1E\x34\x10\x05"
"\x29\x6B\xBB\x36\xE9\x69\xAD\x92"
"\x82\xA1\x10\x6A\xEB\x0F\xDC\x7D"
"\x08\xBA\xF3\x91\xCA\xAA\x61\xDA"
"\x62\xF4\x14\x61\x5C\x9D\xB5\xA7"
"\xEE\xD7\xB9\x7E\x87\x99\x9B\x7D",
.ilen = 56,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x49\x33\x3E\x00\x00"
"\x7F\x11\x91\x82\xC3\xFB\x1D\x10"
"\xC2\xB1\xD3\x26\xC0\x28\x31\xCE"
"\x00\x35\xCB\x45\x80\x03\x02\x5B"
"\x00\x00\x01\xE0\x00\x1E\x8C\x18"
"\xD6\x57\x59\xD5\x22\x84\xA0\x35"
"\x2C\x71\x47\x5C\x88\x80\x39\x1C"
"\x76\x4D\x6E\x5E\xE0\x49\x6B\x32"
"\x5A\xE2\x70\xC0\x38\x99\x49\x39"
"\x15\x01\x01\x01",
.rlen = 76,
.assoc = "\x42\xF6\x7E\x3F\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\x6A\x6B\x45\x5E\xD6\x9A\x52\xF6"
"\xEF\x70\x1A\x9C\xE8\xD3\x19\x86"
"\xC8\x02\xF0\xB0\x03\x09\xD9\x02"
"\xA0\xD2\x59\x04\xD1\x85\x2A\x24"
"\x1C\x67\x3E\xD8\x68\x72\x06\x94"
"\x97\xBA\x4F\x76\x8D\xB0\x44\x5B"
"\x69\xBF\xD5\xE2\x3D\xF1\x0B\x0C"
"\xC0\xBF\xB1\x8F\x70\x09\x9E\xCE"
"\xA5\xF2\x55\x58\x84\xFA\xF9\xB5"
"\x23\xF4\x84\x40\x74\x14\x8A\x6B"
"\xDB\xD7\x67\xED\xA4\x93\xF3\x47"
"\xCC\xF7\x46\x6F",
.ilen = 92,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\x73\x61\x6C",
.klen = 35,
.iv = "\x61\x6E\x64\x01\x69\x76\x65\x63",
.result = "\x63\x69\x73\x63\x6F\x01\x72\x75"
"\x6C\x65\x73\x01\x74\x68\x65\x01"
"\x6E\x65\x74\x77\x65\x01\x64\x65"
"\x66\x69\x6E\x65\x01\x74\x68\x65"
"\x74\x65\x63\x68\x6E\x6F\x6C\x6F"
"\x67\x69\x65\x73\x01\x74\x68\x61"
"\x74\x77\x69\x6C\x6C\x01\x64\x65"
"\x66\x69\x6E\x65\x74\x6F\x6D\x6F"
"\x72\x72\x6F\x77\x01\x02\x02\x01",
.rlen = 72,
.assoc = "\x17\x40\x5E\x67\x15\x6F\x31\x26"
"\xDD\x0D\xB9\x9B\x61\x6E\x64\x01"
"\x69\x76\x65\x63",
.alen = 20,
.input = "\xEA\x15\xC4\x98\xAC\x15\x22\x37"
"\x00\x07\x1D\xBE\x60\x5D\x73\x16"
"\x4D\x0F\xCC\xCE\x8A\xD0\x49\xD4"
"\x39\xA3\xD1\xB1\x21\x0A\x92\x1A"
"\x2C\xCF\x8F\x9D\xC9\x91\x0D\xB4"
"\x15\xFC\xBC\xA5\xC5\xBF\x54\xE5"
"\x1C\xC7\x32\x41\x07\x7B\x2C\xB6"
"\x5C\x23\x7C\x93\xEA\xEF\x23\x1C"
"\x73\xF4\xE7\x12\x84\x4C\x37\x0A"
"\x4A\x8F\x06\x37\x48\xF9\xF9\x05"
"\x55\x13\x40\xC3\xD5\x55\x3A\x3D",
.ilen = 88,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7D\x77\x3D\x00\xC1\x44\xC5\x25"
"\xAC\x61\x9D\x18\xC8\x4A\x3F\x47"
"\xD9\x66\x42",
.klen = 19,
.iv = "\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.result = "\x01\x02\x02\x01",
.rlen = 4,
.assoc = "\x33\x54\x67\xAE\xFF\xFF\xFF\xFF"
"\x43\x45\x7E\x91\x82\x44\x3B\xC6",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x4C\x72\x63\x30\x2F\xE6\x56\xDD"
"\xD0\xD8\x60\x9D\x8B\xEF\x85\x90"
"\xF7\x61\x24\x62",
.ilen = 20,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xAB\xBC\xCD\xDE\xF0\x01\x12\x23"
"\x34\x45\x56\x67\x78\x89\x9A\xAB"
"\xDE\xCA\xF8",
.klen = 19,
.iv = "\xCA\xFE\xDE\xBA\xCE\xFA\xCE\x74",
.result = "\x74\x6F\x01\x62\x65\x01\x6F\x72"
"\x01\x6E\x6F\x74\x01\x74\x6F\x01"
"\x62\x65\x00\x01",
.rlen = 20,
.assoc = "\x00\x00\x01\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\xCA\xFE\xDE\xBA"
"\xCE\xFA\xCE\x74",
.alen = 20,
.input = "\xA3\xBF\x52\x52\x65\x83\xBA\x81"
"\x03\x9B\x84\xFC\x44\x8C\xBB\x81"
"\x36\xE1\x78\xBB\xA5\x49\x3A\xD0"
"\xF0\x6B\x21\xAF\x98\xC0\x34\xDC"
"\x17\x17\x65\xAD",
.ilen = 36,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6C\x65\x67\x61\x6C\x69\x7A\x65"
"\x6D\x61\x72\x69\x6A\x75\x61\x6E"
"\x61\x61\x6E\x64\x64\x6F\x69\x74"
"\x62\x65\x66\x6F\x72\x65\x69\x61"
"\x74\x75\x72",
.klen = 35,
.iv = "\x33\x30\x21\x69\x67\x65\x74\x6D",
.result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.rlen = 52,
.assoc = "\x79\x6B\x69\x63\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\x33\x30\x21\x69"
"\x67\x65\x74\x6D",
.alen = 20,
.input = "\x96\xFD\x86\xF8\xD1\x98\xFF\x10"
"\xAB\x8C\xDA\x8A\x5A\x08\x38\x1A"
"\x48\x59\x80\x18\x1A\x18\x1A\x04"
"\xC9\x0D\xE3\xE7\x0E\xA4\x0B\x75"
"\x92\x9C\x52\x5C\x0B\xFB\xF8\xAF"
"\x16\xC3\x35\xA8\xE7\xCE\x84\x04"
"\xEB\x40\x6B\x7A\x8E\x75\xBB\x42"
"\xE0\x63\x4B\x21\x44\xA2\x2B\x2B"
"\x39\xDB\xC8\xDC",
.ilen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3D\xE0\x98\x74\xB3\x88\xE6\x49"
"\x19\x88\xD0\xC3\x60\x7E\xAE\x1F"
"\x57\x69\x0E",
.klen = 19,
.iv = "\x4E\x28\x00\x00\xA2\xFC\xA1\xA3",
.result = "\x45\x00\x00\x30\xDA\x3A\x00\x00"
"\x80\x01\xDF\x3B\xC0\xA8\x00\x05"
"\xC0\xA8\x00\x01\x08\x00\xC6\xCD"
"\x02\x00\x07\x00\x61\x62\x63\x64"
"\x65\x66\x67\x68\x69\x6A\x6B\x6C"
"\x6D\x6E\x6F\x70\x71\x72\x73\x74"
"\x01\x02\x02\x01",
.rlen = 52,
.assoc = "\x3F\x7E\xF6\x42\x10\x10\x10\x10"
"\x10\x10\x10\x10\x4E\x28\x00\x00"
"\xA2\xFC\xA1\xA3",
.alen = 20,
.input = "\x6A\x6B\x45\x27\x3F\x9E\x52\xF6"
"\x10\x60\x54\x25\xEB\x80\x04\x93"
"\xCA\x1B\x23\x97\xCB\x21\x2E\x01"
"\xA2\xE7\x95\x41\x30\xE4\x4B\x1B"
"\x79\x01\x58\x50\x01\x06\xE1\xE0"
"\x2C\x83\x79\xD3\xDE\x46\x97\x1A"
"\x44\xCC\x90\xBF\x00\x94\x94\x92"
"\x20\x17\x0C\x1B\x55\xDE\x7E\x68"
"\xF4\x95\x5D\x4F",
.ilen = 68,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4C\x80\xCD\xEF\xBB\x5D\x10\xDA"
"\x90\x6A\xC7\x3C\x36\x13\xA6\x34"
"\x22\x43\x3C",
.klen = 19,
.iv = "\x48\x55\xEC\x7D\x3A\x23\x4B\xFD",
.result = "\x08\x00\xC6\xCD\x02\x00\x07\x00"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6A\x6B\x6C\x6D\x6E\x6F\x70"
"\x71\x72\x73\x74\x01\x02\x02\x01",
.rlen = 32,
.assoc = "\x00\x00\x43\x21\x87\x65\x43\x21"
"\x00\x00\x00\x07\x48\x55\xEC\x7D"
"\x3A\x23\x4B\xFD",
.alen = 20,
.input = "\x67\xE9\x28\xB3\x1C\xA4\x6D\x02"
"\xF0\xB5\x37\xB6\x6B\x2F\xF5\x4F"
"\xF8\xA3\x4C\x53\xB8\x12\x09\xBF"
"\x58\x7D\xCF\x29\xA3\x41\x68\x6B"
"\xCE\xE8\x79\x85\x3C\xB0\x3A\x8F"
"\x16\xB0\xA1\x26\xC9\xBC\xBC\xA6",
.ilen = 48,
}
};
/*
* ChaCha20-Poly1305 AEAD test vectors from RFC7539 2.8.2./A.5.
*/
static const struct aead_testvec rfc7539_enc_tv_template[] = {
{
.key = "\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x07\x00\x00\x00\x40\x41\x42\x43"
"\x44\x45\x46\x47",
.assoc = "\x50\x51\x52\x53\xc0\xc1\xc2\xc3"
"\xc4\xc5\xc6\xc7",
.alen = 12,
.input = "\x4c\x61\x64\x69\x65\x73\x20\x61"
"\x6e\x64\x20\x47\x65\x6e\x74\x6c"
"\x65\x6d\x65\x6e\x20\x6f\x66\x20"
"\x74\x68\x65\x20\x63\x6c\x61\x73"
"\x73\x20\x6f\x66\x20\x27\x39\x39"
"\x3a\x20\x49\x66\x20\x49\x20\x63"
"\x6f\x75\x6c\x64\x20\x6f\x66\x66"
"\x65\x72\x20\x79\x6f\x75\x20\x6f"
"\x6e\x6c\x79\x20\x6f\x6e\x65\x20"
"\x74\x69\x70\x20\x66\x6f\x72\x20"
"\x74\x68\x65\x20\x66\x75\x74\x75"
"\x72\x65\x2c\x20\x73\x75\x6e\x73"
"\x63\x72\x65\x65\x6e\x20\x77\x6f"
"\x75\x6c\x64\x20\x62\x65\x20\x69"
"\x74\x2e",
.ilen = 114,
.result = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb"
"\x7b\x86\xaf\xbc\x53\xef\x7e\xc2"
"\xa4\xad\xed\x51\x29\x6e\x08\xfe"
"\xa9\xe2\xb5\xa7\x36\xee\x62\xd6"
"\x3d\xbe\xa4\x5e\x8c\xa9\x67\x12"
"\x82\xfa\xfb\x69\xda\x92\x72\x8b"
"\x1a\x71\xde\x0a\x9e\x06\x0b\x29"
"\x05\xd6\xa5\xb6\x7e\xcd\x3b\x36"
"\x92\xdd\xbd\x7f\x2d\x77\x8b\x8c"
"\x98\x03\xae\xe3\x28\x09\x1b\x58"
"\xfa\xb3\x24\xe4\xfa\xd6\x75\x94"
"\x55\x85\x80\x8b\x48\x31\xd7\xbc"
"\x3f\xf4\xde\xf0\x8e\x4b\x7a\x9d"
"\xe5\x76\xd2\x65\x86\xce\xc6\x4b"
"\x61\x16\x1a\xe1\x0b\x59\x4f\x09"
"\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60"
"\x06\x91",
.rlen = 130,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x00\x00\x00\x00\x01\x02\x03\x04"
"\x05\x06\x07\x08",
.assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00"
"\x00\x00\x4e\x91",
.alen = 12,
.input = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
"\x2d\x44\x72\x61\x66\x74\x73\x20"
"\x61\x72\x65\x20\x64\x72\x61\x66"
"\x74\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x76\x61\x6c\x69"
"\x64\x20\x66\x6f\x72\x20\x61\x20"
"\x6d\x61\x78\x69\x6d\x75\x6d\x20"
"\x6f\x66\x20\x73\x69\x78\x20\x6d"
"\x6f\x6e\x74\x68\x73\x20\x61\x6e"
"\x64\x20\x6d\x61\x79\x20\x62\x65"
"\x20\x75\x70\x64\x61\x74\x65\x64"
"\x2c\x20\x72\x65\x70\x6c\x61\x63"
"\x65\x64\x2c\x20\x6f\x72\x20\x6f"
"\x62\x73\x6f\x6c\x65\x74\x65\x64"
"\x20\x62\x79\x20\x6f\x74\x68\x65"
"\x72\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x61\x74\x20\x61"
"\x6e\x79\x20\x74\x69\x6d\x65\x2e"
"\x20\x49\x74\x20\x69\x73\x20\x69"
"\x6e\x61\x70\x70\x72\x6f\x70\x72"
"\x69\x61\x74\x65\x20\x74\x6f\x20"
"\x75\x73\x65\x20\x49\x6e\x74\x65"
"\x72\x6e\x65\x74\x2d\x44\x72\x61"
"\x66\x74\x73\x20\x61\x73\x20\x72"
"\x65\x66\x65\x72\x65\x6e\x63\x65"
"\x20\x6d\x61\x74\x65\x72\x69\x61"
"\x6c\x20\x6f\x72\x20\x74\x6f\x20"
"\x63\x69\x74\x65\x20\x74\x68\x65"
"\x6d\x20\x6f\x74\x68\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x61\x73\x20"
"\x2f\xe2\x80\x9c\x77\x6f\x72\x6b"
"\x20\x69\x6e\x20\x70\x72\x6f\x67"
"\x72\x65\x73\x73\x2e\x2f\xe2\x80"
"\x9d",
.ilen = 265,
.result = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
"\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
"\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
"\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
"\x4c\x6c\xfc\x18\x75\x5d\x43\xee"
"\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0"
"\xbd\xb7\xb7\x3c\x32\x1b\x01\x00"
"\xd4\xf0\x3b\x7f\x35\x58\x94\xcf"
"\x33\x2f\x83\x0e\x71\x0b\x97\xce"
"\x98\xc8\xa8\x4a\xbd\x0b\x94\x81"
"\x14\xad\x17\x6e\x00\x8d\x33\xbd"
"\x60\xf9\x82\xb1\xff\x37\xc8\x55"
"\x97\x97\xa0\x6e\xf4\xf0\xef\x61"
"\xc1\x86\x32\x4e\x2b\x35\x06\x38"
"\x36\x06\x90\x7b\x6a\x7c\x02\xb0"
"\xf9\xf6\x15\x7b\x53\xc8\x67\xe4"
"\xb9\x16\x6c\x76\x7b\x80\x4d\x46"
"\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9"
"\x90\x40\xc5\xa4\x04\x33\x22\x5e"
"\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e"
"\xaf\x45\x34\xd7\xf8\x3f\xa1\x15"
"\x5b\x00\x47\x71\x8c\xbc\x54\x6a"
"\x0d\x07\x2b\x04\xb3\x56\x4e\xea"
"\x1b\x42\x22\x73\xf5\x48\x27\x1a"
"\x0b\xb2\x31\x60\x53\xfa\x76\x99"
"\x19\x55\xeb\xd6\x31\x59\x43\x4e"
"\xce\xbb\x4e\x46\x6d\xae\x5a\x10"
"\x73\xa6\x72\x76\x27\x09\x7a\x10"
"\x49\xe6\x17\xd9\x1d\x36\x10\x94"
"\xfa\x68\xf0\xff\x77\x98\x71\x30"
"\x30\x5b\xea\xba\x2e\xda\x04\xdf"
"\x99\x7b\x71\x4d\x6c\x6f\x2c\x29"
"\xa6\xad\x5c\xb4\x02\x2b\x02\x70"
"\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
"\x22\x39\x23\x36\xfe\xa1\x85\x1f"
"\x38",
.rlen = 281,
},
};
static const struct aead_testvec rfc7539_dec_tv_template[] = {
{
.key = "\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
.klen = 32,
.iv = "\x07\x00\x00\x00\x40\x41\x42\x43"
"\x44\x45\x46\x47",
.assoc = "\x50\x51\x52\x53\xc0\xc1\xc2\xc3"
"\xc4\xc5\xc6\xc7",
.alen = 12,
.input = "\xd3\x1a\x8d\x34\x64\x8e\x60\xdb"
"\x7b\x86\xaf\xbc\x53\xef\x7e\xc2"
"\xa4\xad\xed\x51\x29\x6e\x08\xfe"
"\xa9\xe2\xb5\xa7\x36\xee\x62\xd6"
"\x3d\xbe\xa4\x5e\x8c\xa9\x67\x12"
"\x82\xfa\xfb\x69\xda\x92\x72\x8b"
"\x1a\x71\xde\x0a\x9e\x06\x0b\x29"
"\x05\xd6\xa5\xb6\x7e\xcd\x3b\x36"
"\x92\xdd\xbd\x7f\x2d\x77\x8b\x8c"
"\x98\x03\xae\xe3\x28\x09\x1b\x58"
"\xfa\xb3\x24\xe4\xfa\xd6\x75\x94"
"\x55\x85\x80\x8b\x48\x31\xd7\xbc"
"\x3f\xf4\xde\xf0\x8e\x4b\x7a\x9d"
"\xe5\x76\xd2\x65\x86\xce\xc6\x4b"
"\x61\x16\x1a\xe1\x0b\x59\x4f\x09"
"\xe2\x6a\x7e\x90\x2e\xcb\xd0\x60"
"\x06\x91",
.ilen = 130,
.result = "\x4c\x61\x64\x69\x65\x73\x20\x61"
"\x6e\x64\x20\x47\x65\x6e\x74\x6c"
"\x65\x6d\x65\x6e\x20\x6f\x66\x20"
"\x74\x68\x65\x20\x63\x6c\x61\x73"
"\x73\x20\x6f\x66\x20\x27\x39\x39"
"\x3a\x20\x49\x66\x20\x49\x20\x63"
"\x6f\x75\x6c\x64\x20\x6f\x66\x66"
"\x65\x72\x20\x79\x6f\x75\x20\x6f"
"\x6e\x6c\x79\x20\x6f\x6e\x65\x20"
"\x74\x69\x70\x20\x66\x6f\x72\x20"
"\x74\x68\x65\x20\x66\x75\x74\x75"
"\x72\x65\x2c\x20\x73\x75\x6e\x73"
"\x63\x72\x65\x65\x6e\x20\x77\x6f"
"\x75\x6c\x64\x20\x62\x65\x20\x69"
"\x74\x2e",
.rlen = 114,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x00\x00\x00\x00\x01\x02\x03\x04"
"\x05\x06\x07\x08",
.assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00"
"\x00\x00\x4e\x91",
.alen = 12,
.input = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
"\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
"\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
"\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
"\x4c\x6c\xfc\x18\x75\x5d\x43\xee"
"\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0"
"\xbd\xb7\xb7\x3c\x32\x1b\x01\x00"
"\xd4\xf0\x3b\x7f\x35\x58\x94\xcf"
"\x33\x2f\x83\x0e\x71\x0b\x97\xce"
"\x98\xc8\xa8\x4a\xbd\x0b\x94\x81"
"\x14\xad\x17\x6e\x00\x8d\x33\xbd"
"\x60\xf9\x82\xb1\xff\x37\xc8\x55"
"\x97\x97\xa0\x6e\xf4\xf0\xef\x61"
"\xc1\x86\x32\x4e\x2b\x35\x06\x38"
"\x36\x06\x90\x7b\x6a\x7c\x02\xb0"
"\xf9\xf6\x15\x7b\x53\xc8\x67\xe4"
"\xb9\x16\x6c\x76\x7b\x80\x4d\x46"
"\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9"
"\x90\x40\xc5\xa4\x04\x33\x22\x5e"
"\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e"
"\xaf\x45\x34\xd7\xf8\x3f\xa1\x15"
"\x5b\x00\x47\x71\x8c\xbc\x54\x6a"
"\x0d\x07\x2b\x04\xb3\x56\x4e\xea"
"\x1b\x42\x22\x73\xf5\x48\x27\x1a"
"\x0b\xb2\x31\x60\x53\xfa\x76\x99"
"\x19\x55\xeb\xd6\x31\x59\x43\x4e"
"\xce\xbb\x4e\x46\x6d\xae\x5a\x10"
"\x73\xa6\x72\x76\x27\x09\x7a\x10"
"\x49\xe6\x17\xd9\x1d\x36\x10\x94"
"\xfa\x68\xf0\xff\x77\x98\x71\x30"
"\x30\x5b\xea\xba\x2e\xda\x04\xdf"
"\x99\x7b\x71\x4d\x6c\x6f\x2c\x29"
"\xa6\xad\x5c\xb4\x02\x2b\x02\x70"
"\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
"\x22\x39\x23\x36\xfe\xa1\x85\x1f"
"\x38",
.ilen = 281,
.result = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
"\x2d\x44\x72\x61\x66\x74\x73\x20"
"\x61\x72\x65\x20\x64\x72\x61\x66"
"\x74\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x76\x61\x6c\x69"
"\x64\x20\x66\x6f\x72\x20\x61\x20"
"\x6d\x61\x78\x69\x6d\x75\x6d\x20"
"\x6f\x66\x20\x73\x69\x78\x20\x6d"
"\x6f\x6e\x74\x68\x73\x20\x61\x6e"
"\x64\x20\x6d\x61\x79\x20\x62\x65"
"\x20\x75\x70\x64\x61\x74\x65\x64"
"\x2c\x20\x72\x65\x70\x6c\x61\x63"
"\x65\x64\x2c\x20\x6f\x72\x20\x6f"
"\x62\x73\x6f\x6c\x65\x74\x65\x64"
"\x20\x62\x79\x20\x6f\x74\x68\x65"
"\x72\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x61\x74\x20\x61"
"\x6e\x79\x20\x74\x69\x6d\x65\x2e"
"\x20\x49\x74\x20\x69\x73\x20\x69"
"\x6e\x61\x70\x70\x72\x6f\x70\x72"
"\x69\x61\x74\x65\x20\x74\x6f\x20"
"\x75\x73\x65\x20\x49\x6e\x74\x65"
"\x72\x6e\x65\x74\x2d\x44\x72\x61"
"\x66\x74\x73\x20\x61\x73\x20\x72"
"\x65\x66\x65\x72\x65\x6e\x63\x65"
"\x20\x6d\x61\x74\x65\x72\x69\x61"
"\x6c\x20\x6f\x72\x20\x74\x6f\x20"
"\x63\x69\x74\x65\x20\x74\x68\x65"
"\x6d\x20\x6f\x74\x68\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x61\x73\x20"
"\x2f\xe2\x80\x9c\x77\x6f\x72\x6b"
"\x20\x69\x6e\x20\x70\x72\x6f\x67"
"\x72\x65\x73\x73\x2e\x2f\xe2\x80"
"\x9d",
.rlen = 265,
},
};
/*
* draft-irtf-cfrg-chacha20-poly1305
*/
static const struct aead_testvec rfc7539esp_enc_tv_template[] = {
{
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0"
"\x00\x00\x00\x00",
.klen = 36,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
.assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00"
"\x00\x00\x4e\x91\x01\x02\x03\x04"
"\x05\x06\x07\x08",
.alen = 20,
.input = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
"\x2d\x44\x72\x61\x66\x74\x73\x20"
"\x61\x72\x65\x20\x64\x72\x61\x66"
"\x74\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x76\x61\x6c\x69"
"\x64\x20\x66\x6f\x72\x20\x61\x20"
"\x6d\x61\x78\x69\x6d\x75\x6d\x20"
"\x6f\x66\x20\x73\x69\x78\x20\x6d"
"\x6f\x6e\x74\x68\x73\x20\x61\x6e"
"\x64\x20\x6d\x61\x79\x20\x62\x65"
"\x20\x75\x70\x64\x61\x74\x65\x64"
"\x2c\x20\x72\x65\x70\x6c\x61\x63"
"\x65\x64\x2c\x20\x6f\x72\x20\x6f"
"\x62\x73\x6f\x6c\x65\x74\x65\x64"
"\x20\x62\x79\x20\x6f\x74\x68\x65"
"\x72\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x61\x74\x20\x61"
"\x6e\x79\x20\x74\x69\x6d\x65\x2e"
"\x20\x49\x74\x20\x69\x73\x20\x69"
"\x6e\x61\x70\x70\x72\x6f\x70\x72"
"\x69\x61\x74\x65\x20\x74\x6f\x20"
"\x75\x73\x65\x20\x49\x6e\x74\x65"
"\x72\x6e\x65\x74\x2d\x44\x72\x61"
"\x66\x74\x73\x20\x61\x73\x20\x72"
"\x65\x66\x65\x72\x65\x6e\x63\x65"
"\x20\x6d\x61\x74\x65\x72\x69\x61"
"\x6c\x20\x6f\x72\x20\x74\x6f\x20"
"\x63\x69\x74\x65\x20\x74\x68\x65"
"\x6d\x20\x6f\x74\x68\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x61\x73\x20"
"\x2f\xe2\x80\x9c\x77\x6f\x72\x6b"
"\x20\x69\x6e\x20\x70\x72\x6f\x67"
"\x72\x65\x73\x73\x2e\x2f\xe2\x80"
"\x9d",
.ilen = 265,
.result = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
"\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
"\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
"\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
"\x4c\x6c\xfc\x18\x75\x5d\x43\xee"
"\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0"
"\xbd\xb7\xb7\x3c\x32\x1b\x01\x00"
"\xd4\xf0\x3b\x7f\x35\x58\x94\xcf"
"\x33\x2f\x83\x0e\x71\x0b\x97\xce"
"\x98\xc8\xa8\x4a\xbd\x0b\x94\x81"
"\x14\xad\x17\x6e\x00\x8d\x33\xbd"
"\x60\xf9\x82\xb1\xff\x37\xc8\x55"
"\x97\x97\xa0\x6e\xf4\xf0\xef\x61"
"\xc1\x86\x32\x4e\x2b\x35\x06\x38"
"\x36\x06\x90\x7b\x6a\x7c\x02\xb0"
"\xf9\xf6\x15\x7b\x53\xc8\x67\xe4"
"\xb9\x16\x6c\x76\x7b\x80\x4d\x46"
"\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9"
"\x90\x40\xc5\xa4\x04\x33\x22\x5e"
"\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e"
"\xaf\x45\x34\xd7\xf8\x3f\xa1\x15"
"\x5b\x00\x47\x71\x8c\xbc\x54\x6a"
"\x0d\x07\x2b\x04\xb3\x56\x4e\xea"
"\x1b\x42\x22\x73\xf5\x48\x27\x1a"
"\x0b\xb2\x31\x60\x53\xfa\x76\x99"
"\x19\x55\xeb\xd6\x31\x59\x43\x4e"
"\xce\xbb\x4e\x46\x6d\xae\x5a\x10"
"\x73\xa6\x72\x76\x27\x09\x7a\x10"
"\x49\xe6\x17\xd9\x1d\x36\x10\x94"
"\xfa\x68\xf0\xff\x77\x98\x71\x30"
"\x30\x5b\xea\xba\x2e\xda\x04\xdf"
"\x99\x7b\x71\x4d\x6c\x6f\x2c\x29"
"\xa6\xad\x5c\xb4\x02\x2b\x02\x70"
"\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
"\x22\x39\x23\x36\xfe\xa1\x85\x1f"
"\x38",
.rlen = 281,
},
};
static const struct aead_testvec rfc7539esp_dec_tv_template[] = {
{
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0"
"\x00\x00\x00\x00",
.klen = 36,
.iv = "\x01\x02\x03\x04\x05\x06\x07\x08",
.assoc = "\xf3\x33\x88\x86\x00\x00\x00\x00"
"\x00\x00\x4e\x91\x01\x02\x03\x04"
"\x05\x06\x07\x08",
.alen = 20,
.input = "\x64\xa0\x86\x15\x75\x86\x1a\xf4"
"\x60\xf0\x62\xc7\x9b\xe6\x43\xbd"
"\x5e\x80\x5c\xfd\x34\x5c\xf3\x89"
"\xf1\x08\x67\x0a\xc7\x6c\x8c\xb2"
"\x4c\x6c\xfc\x18\x75\x5d\x43\xee"
"\xa0\x9e\xe9\x4e\x38\x2d\x26\xb0"
"\xbd\xb7\xb7\x3c\x32\x1b\x01\x00"
"\xd4\xf0\x3b\x7f\x35\x58\x94\xcf"
"\x33\x2f\x83\x0e\x71\x0b\x97\xce"
"\x98\xc8\xa8\x4a\xbd\x0b\x94\x81"
"\x14\xad\x17\x6e\x00\x8d\x33\xbd"
"\x60\xf9\x82\xb1\xff\x37\xc8\x55"
"\x97\x97\xa0\x6e\xf4\xf0\xef\x61"
"\xc1\x86\x32\x4e\x2b\x35\x06\x38"
"\x36\x06\x90\x7b\x6a\x7c\x02\xb0"
"\xf9\xf6\x15\x7b\x53\xc8\x67\xe4"
"\xb9\x16\x6c\x76\x7b\x80\x4d\x46"
"\xa5\x9b\x52\x16\xcd\xe7\xa4\xe9"
"\x90\x40\xc5\xa4\x04\x33\x22\x5e"
"\xe2\x82\xa1\xb0\xa0\x6c\x52\x3e"
"\xaf\x45\x34\xd7\xf8\x3f\xa1\x15"
"\x5b\x00\x47\x71\x8c\xbc\x54\x6a"
"\x0d\x07\x2b\x04\xb3\x56\x4e\xea"
"\x1b\x42\x22\x73\xf5\x48\x27\x1a"
"\x0b\xb2\x31\x60\x53\xfa\x76\x99"
"\x19\x55\xeb\xd6\x31\x59\x43\x4e"
"\xce\xbb\x4e\x46\x6d\xae\x5a\x10"
"\x73\xa6\x72\x76\x27\x09\x7a\x10"
"\x49\xe6\x17\xd9\x1d\x36\x10\x94"
"\xfa\x68\xf0\xff\x77\x98\x71\x30"
"\x30\x5b\xea\xba\x2e\xda\x04\xdf"
"\x99\x7b\x71\x4d\x6c\x6f\x2c\x29"
"\xa6\xad\x5c\xb4\x02\x2b\x02\x70"
"\x9b\xee\xad\x9d\x67\x89\x0c\xbb"
"\x22\x39\x23\x36\xfe\xa1\x85\x1f"
"\x38",
.ilen = 281,
.result = "\x49\x6e\x74\x65\x72\x6e\x65\x74"
"\x2d\x44\x72\x61\x66\x74\x73\x20"
"\x61\x72\x65\x20\x64\x72\x61\x66"
"\x74\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x76\x61\x6c\x69"
"\x64\x20\x66\x6f\x72\x20\x61\x20"
"\x6d\x61\x78\x69\x6d\x75\x6d\x20"
"\x6f\x66\x20\x73\x69\x78\x20\x6d"
"\x6f\x6e\x74\x68\x73\x20\x61\x6e"
"\x64\x20\x6d\x61\x79\x20\x62\x65"
"\x20\x75\x70\x64\x61\x74\x65\x64"
"\x2c\x20\x72\x65\x70\x6c\x61\x63"
"\x65\x64\x2c\x20\x6f\x72\x20\x6f"
"\x62\x73\x6f\x6c\x65\x74\x65\x64"
"\x20\x62\x79\x20\x6f\x74\x68\x65"
"\x72\x20\x64\x6f\x63\x75\x6d\x65"
"\x6e\x74\x73\x20\x61\x74\x20\x61"
"\x6e\x79\x20\x74\x69\x6d\x65\x2e"
"\x20\x49\x74\x20\x69\x73\x20\x69"
"\x6e\x61\x70\x70\x72\x6f\x70\x72"
"\x69\x61\x74\x65\x20\x74\x6f\x20"
"\x75\x73\x65\x20\x49\x6e\x74\x65"
"\x72\x6e\x65\x74\x2d\x44\x72\x61"
"\x66\x74\x73\x20\x61\x73\x20\x72"
"\x65\x66\x65\x72\x65\x6e\x63\x65"
"\x20\x6d\x61\x74\x65\x72\x69\x61"
"\x6c\x20\x6f\x72\x20\x74\x6f\x20"
"\x63\x69\x74\x65\x20\x74\x68\x65"
"\x6d\x20\x6f\x74\x68\x65\x72\x20"
"\x74\x68\x61\x6e\x20\x61\x73\x20"
"\x2f\xe2\x80\x9c\x77\x6f\x72\x6b"
"\x20\x69\x6e\x20\x70\x72\x6f\x67"
"\x72\x65\x73\x73\x2e\x2f\xe2\x80"
"\x9d",
.rlen = 265,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec aegis128_enc_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
"\x40\x6d\x59\x48\xfc\x92\x61\x03",
.assoc = "",
.alen = 0,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d"
"\xda\xb8\x12\x34\x4c\x53\xd9\x72",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
"\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x79",
.ilen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3"
"\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a"
"\xcc",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
"\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47",
.ilen = 15,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7"
"\xca\xdd\x6f\xac\x85\x08\xb5\x35"
"\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b"
"\x7a\x21\x16\xb3\xe6\x67\x66",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
"\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d"
"\x38\xfd\x3a\xd2\xc2\x58\xa9\x11"
"\x1e\xa8\x30\x9c\x16\xa4\xdb\x65"
"\x51\x10\x16\x27\x70\x9b\x64\x29",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
"\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
"\xd3",
.ilen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5"
"\x1f\xf0\x89\x2e\x13\xad\xe6\xf6"
"\x46\x80\xb1\x0e\x18\x30\x40\x97"
"\x03\xdf\x64\x3c\xbe\x93\x9e\xc9"
"\x3b",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
"\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
"\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
"\x88\x11\x39\x12\x1c\x3a\xbb",
.ilen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c"
"\xe2\x04\x3e\xe4\x85\x14\xb6\x3f"
"\xb1\x8f\x4c\xdb\x41\xa2\x14\x99"
"\xf5\x53\x0f\x73\x86\x7e\x97\xa1"
"\x4b\x56\x5b\x94\xce\xcd\x74\xcd"
"\x75\xc4\x53\x01\x89\x45\x59",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
"\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
"\x28\x50\x51\x9d\x24\x60\x8d\xb3"
"\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47"
"\x95\xf4\x58\x38\x14\x83\x27\x01"
"\x4c\xed\x32\x2c\xf7\xd6\x31\xf7"
"\x38\x1b\x2c\xc9\xb6\x31\xce\xaa"
"\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf"
"\x51\x52\x77\xf2\x5e\x85\x80\x41",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
"\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
.assoc = "\xd5",
.alen = 1,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xfb\xd4\x83\x71\x9e\x63\xad\x60"
"\xb9\xf9\xeb\x34\x52\x49\xcf\xb7",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
.assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
"\x68\x75\x16\xf8\xcb\x7e\xa7",
.alen = 15,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71"
"\x7d\x3a\x84\xc4\x44\x57\x77\x7e",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
"\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
.alen = 16,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xc7\x87\x09\x3b\xc7\x19\x74\x22"
"\x22\xa5\x67\x10\xb2\x36\xb3\x45",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
.assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
"\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
"\x07",
.alen = 17,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x02\xc6\x3b\x46\x65\xb2\xef\x91"
"\x31\xf0\x45\x48\x8a\x2a\xed\xe4",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47",
.assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
"\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
"\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
"\xe0\x17\x3a\x2e\x83\x5c\x8f",
.alen = 31,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x20\x85\xa8\xd0\x91\x48\x85\xf3"
"\x5a\x16\xc0\x57\x68\x47\xdd\xcb",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
.assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
"\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
"\x5c\x2d\x14\x96\x01\x78\xb9\x47"
"\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
.alen = 32,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79"
"\xc1\x96\xbd\x31\x6e\x69\x1b\x50",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
"\xcc\x81\x63\xab\xae\x6b\x43\x54",
.assoc = "\x40",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x4f",
.ilen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83"
"\x70\x45\xe3\x2a\x9d\x5c\x63\x98"
"\x39",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
.assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 15,
.input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67",
.ilen = 15,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a"
"\xca\x0e\x62\x00\xa8\x21\xb5\x21"
"\x3d\x36\xdb\xf7\xcc\x31\x94\x9c"
"\x98\xbd\x71\x7a\xef\xa4\xfa",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 16,
.input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xea\xd1\x81\x75\xb4\x13\x1d\x86"
"\xd4\x17\x26\xe5\xd6\x89\x39\x04"
"\xa9\x6c\xca\xac\x40\x73\xb2\x4c"
"\x9c\xb9\x0e\x79\x4c\x40\x65\xc6",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
.assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 17,
.input = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
"\xd0",
.ilen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c"
"\x38\x2d\x69\x90\x1c\x71\x38\x98"
"\x9f\xe1\x19\x3b\x63\x91\xaf\x6e"
"\x4b\x07\x2c\xac\x53\xc5\xd5\xfe"
"\x93",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
.assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 31,
.input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70"
"\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
"\x98\x34\xab\x37\x56\xae\x32",
.ilen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb"
"\x94\xd3\x93\xf2\x41\x86\x16\xdd"
"\x4c\xe8\xe7\xe0\x62\x48\x89\x40"
"\xc0\x49\x9b\x63\x32\xec\x8b\xdb"
"\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04"
"\xcb\xe5\x47\xbb\xa7\xd1\x9d",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73",
.assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 32,
.input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76"
"\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
"\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33"
"\x13\xdf\xc0\x46\xf6\x61\x94\xa7"
"\x60\xd3\xd4\xca\xd9\xbe\x82\xf3"
"\xf1\x5b\xa0\xfa\x15\xba\xda\xea"
"\x87\x68\x47\x08\x5d\xdd\x83\xb0"
"\x60\xf4\x93\x20\xdf\x34\x8f\xea",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
.assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x9d",
.alen = 33,
.input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
"\x4f\x2e\xe8\x55\x66\x80\x27\x00"
"\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
"\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
"\x0a\x34\x97\xff\x47\x37\xb0\x2a"
"\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
"\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
"\xbd",
.ilen = 65,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d"
"\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7"
"\x2c\x47\xef\x9d\xb7\x53\x36\xb7"
"\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7"
"\x83\x88\xc2\xbd\x2f\xf9\x10\xc0"
"\xf5\xa1\x6e\xd3\x97\x64\x82\xa3"
"\xfb\xda\x2c\xb1\x94\xa1\x58\x32"
"\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1"
"\x61\xe6\xae\x07\xf2\xe0\xa7\x44"
"\x96\x28\x3b\xee\x6b\xc6\x16\x31"
"\x3f",
.rlen = 81,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f",
.assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
.alen = 65,
.input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
"\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
"\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
"\x2f",
.ilen = 33,
.result = "\x8f\x23\x47\xfb\xf2\xac\x23\x83"
"\x77\x09\xac\x74\xef\xd2\x56\xae"
"\x20\x7b\x7b\xca\x45\x8e\xc8\xc2"
"\x50\xbd\xc7\x44\x1c\x54\x98\xd8"
"\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3"
"\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e"
"\x39",
.rlen = 49,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 16,
.input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56"
"\xf1\xf5\xe1\x51\x55\x4b\x0a\x45"
"\x46\xb5\x8d\xac\xb6\x34\xd8\x8b"
"\xde\x20\x59\x77\xc1\x74\x90",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 16,
.input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec"
"\xe2\x94\xa1\x8b\xa0\x2b\x60\x72"
"\x1d\x04\xdd\x6a\xef\x46\x8f\x68"
"\xe9\xe0\x17\x45\x70\x12",
.rlen = 30,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x47\xda\x54\x42\x51\x72\xc4\x8b"
"\xf5\x57\x0f\x2f\x49\x0e\x11\x3b"
"\x78\x93\xec\xfc\xf4\xff\xe1\x2d",
.rlen = 24,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* AEGIS-128 test vectors - generated via reference implementation from
* SUPERCOP (https://bench.cr.yp.to/supercop.html):
*
* https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
* (see crypto_aead/aegis128/)
*/
static const struct aead_testvec aegis128_dec_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
"\x40\x6d\x59\x48\xfc\x92\x61\x03",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x07\xa5\x11\xf2\x9d\x40\xb8\x6d"
"\xda\xb8\x12\x34\x4c\x53\xd9\x72",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
"\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x9e\x78\x52\xae\xcb\x9e\xe4\xd3"
"\x9a\xd7\x5d\xd7\xaa\x9a\xe9\x5a"
"\xcc",
.ilen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x79",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
"\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xc3\x80\x83\x04\x5f\xaa\x61\xc7"
"\xca\xdd\x6f\xac\x85\x08\xb5\x35"
"\x2b\xc2\x3e\x0b\x1b\x39\x37\x2b"
"\x7a\x21\x16\xb3\xe6\x67\x66",
.ilen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47",
.rlen = 15,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
"\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x23\x25\x30\xe5\x6a\xb6\x36\x7d"
"\x38\xfd\x3a\xd2\xc2\x58\xa9\x11"
"\x1e\xa8\x30\x9c\x16\xa4\xdb\x65"
"\x51\x10\x16\x27\x70\x9b\x64\x29",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
"\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x2a\x8d\x56\x91\xc6\xf3\x56\xa5"
"\x1f\xf0\x89\x2e\x13\xad\xe6\xf6"
"\x46\x80\xb1\x0e\x18\x30\x40\x97"
"\x03\xdf\x64\x3c\xbe\x93\x9e\xc9"
"\x3b",
.ilen = 33,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
"\xd3",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
"\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x4e\xf6\xfa\x13\xde\x43\x63\x4c"
"\xe2\x04\x3e\xe4\x85\x14\xb6\x3f"
"\xb1\x8f\x4c\xdb\x41\xa2\x14\x99"
"\xf5\x53\x0f\x73\x86\x7e\x97\xa1"
"\x4b\x56\x5b\x94\xce\xcd\x74\xcd"
"\x75\xc4\x53\x01\x89\x45\x59",
.ilen = 47,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
"\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
"\x88\x11\x39\x12\x1c\x3a\xbb",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
"\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xa4\x9a\xb7\xfd\xa0\xd4\xd6\x47"
"\x95\xf4\x58\x38\x14\x83\x27\x01"
"\x4c\xed\x32\x2c\xf7\xd6\x31\xf7"
"\x38\x1b\x2c\xc9\xb6\x31\xce\xaa"
"\xa5\x3c\x1a\x18\x5c\xce\xb9\xdf"
"\x51\x52\x77\xf2\x5e\x85\x80\x41",
.ilen = 48,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
"\x28\x50\x51\x9d\x24\x60\x8d\xb3"
"\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
"\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
.assoc = "\xd5",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xfb\xd4\x83\x71\x9e\x63\xad\x60"
"\xb9\xf9\xeb\x34\x52\x49\xcf\xb7",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
.assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
"\x68\x75\x16\xf8\xcb\x7e\xa7",
.alen = 15,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x0c\xaf\x2e\x96\xf6\x97\x08\x71"
"\x7d\x3a\x84\xc4\x44\x57\x77\x7e",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
"\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xc7\x87\x09\x3b\xc7\x19\x74\x22"
"\x22\xa5\x67\x10\xb2\x36\xb3\x45",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
.assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
"\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
"\x07",
.alen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x02\xc6\x3b\x46\x65\xb2\xef\x91"
"\x31\xf0\x45\x48\x8a\x2a\xed\xe4",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47",
.assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
"\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
"\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
"\xe0\x17\x3a\x2e\x83\x5c\x8f",
.alen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x20\x85\xa8\xd0\x91\x48\x85\xf3"
"\x5a\x16\xc0\x57\x68\x47\xdd\xcb",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
.assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
"\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
"\x5c\x2d\x14\x96\x01\x78\xb9\x47"
"\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
.alen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x6a\xf8\x8d\x9c\x42\x75\x35\x79"
"\xc1\x96\xbd\x31\x6e\x69\x1b\x50",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
"\xcc\x81\x63\xab\xae\x6b\x43\x54",
.assoc = "\x40",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x01\x24\xb1\xba\xf6\xd3\xdf\x83"
"\x70\x45\xe3\x2a\x9d\x5c\x63\x98"
"\x39",
.ilen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x4f",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
.assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.alen = 15,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x18\x78\xc2\x6e\xe1\xf7\xe6\x8a"
"\xca\x0e\x62\x00\xa8\x21\xb5\x21"
"\x3d\x36\xdb\xf7\xcc\x31\x94\x9c"
"\x98\xbd\x71\x7a\xef\xa4\xfa",
.ilen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67",
.rlen = 15,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xea\xd1\x81\x75\xb4\x13\x1d\x86"
"\xd4\x17\x26\xe5\xd6\x89\x39\x04"
"\xa9\x6c\xca\xac\x40\x73\xb2\x4c"
"\x9c\xb9\x0e\x79\x4c\x40\x65\xc6",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
.assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 17,
.input = "\xf4\xb2\x84\xd1\x81\xfa\x98\x1c"
"\x38\x2d\x69\x90\x1c\x71\x38\x98"
"\x9f\xe1\x19\x3b\x63\x91\xaf\x6e"
"\x4b\x07\x2c\xac\x53\xc5\xd5\xfe"
"\x93",
.ilen = 33,
.result = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
"\xd0",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
.assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 31,
.input = "\xa0\xe7\x0a\x60\xe7\xb8\x8a\xdb"
"\x94\xd3\x93\xf2\x41\x86\x16\xdd"
"\x4c\xe8\xe7\xe0\x62\x48\x89\x40"
"\xc0\x49\x9b\x63\x32\xec\x8b\xdb"
"\xdc\xa6\xea\x2c\xc2\x7f\xf5\x04"
"\xcb\xe5\x47\xbb\xa7\xd1\x9d",
.ilen = 47,
.result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70"
"\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
"\x98\x34\xab\x37\x56\xae\x32",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73",
.assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 32,
.input = "\x62\xdc\x2d\x68\x2d\x71\xbb\x33"
"\x13\xdf\xc0\x46\xf6\x61\x94\xa7"
"\x60\xd3\xd4\xca\xd9\xbe\x82\xf3"
"\xf1\x5b\xa0\xfa\x15\xba\xda\xea"
"\x87\x68\x47\x08\x5d\xdd\x83\xb0"
"\x60\xf4\x93\x20\xdf\x34\x8f\xea",
.ilen = 48,
.result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76"
"\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
"\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
.assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x9d",
.alen = 33,
.input = "\x84\xc5\x21\xab\xe1\xeb\xbb\x6d"
"\xaa\x2a\xaf\xeb\x3b\x3b\x69\xe7"
"\x2c\x47\xef\x9d\xb7\x53\x36\xb7"
"\xb6\xf5\xe5\xa8\xc9\x9e\x02\xd7"
"\x83\x88\xc2\xbd\x2f\xf9\x10\xc0"
"\xf5\xa1\x6e\xd3\x97\x64\x82\xa3"
"\xfb\xda\x2c\xb1\x94\xa1\x58\x32"
"\xe8\xd4\x39\xfc\x9e\x26\xf9\xf1"
"\x61\xe6\xae\x07\xf2\xe0\xa7\x44"
"\x96\x28\x3b\xee\x6b\xc6\x16\x31"
"\x3f",
.ilen = 81,
.result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
"\x4f\x2e\xe8\x55\x66\x80\x27\x00"
"\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
"\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
"\x0a\x34\x97\xff\x47\x37\xb0\x2a"
"\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
"\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
"\xbd",
.rlen = 65,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f",
.assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
.alen = 65,
.input = "\x8f\x23\x47\xfb\xf2\xac\x23\x83"
"\x77\x09\xac\x74\xef\xd2\x56\xae"
"\x20\x7b\x7b\xca\x45\x8e\xc8\xc2"
"\x50\xbd\xc7\x44\x1c\x54\x98\xd8"
"\x1f\xd0\x9a\x79\xaa\xf9\xe1\xb3"
"\xb4\x98\x5a\x9b\xe4\x4d\xbf\x4e"
"\x39",
.ilen = 49,
.result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
"\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
"\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
"\x2f",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x42\xc3\x58\xfb\x29\xe2\x4a\x56"
"\xf1\xf5\xe1\x51\x55\x4b\x0a\x45"
"\x46\xb5\x8d\xac\xb6\x34\xd8\x8b"
"\xde\x20\x59\x77\xc1\x74\x90",
.ilen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xb2\xfb\xf6\x97\x69\x7a\xe9\xec"
"\xe2\x94\xa1\x8b\xa0\x2b\x60\x72"
"\x1d\x04\xdd\x6a\xef\x46\x8f\x68"
"\xe9\xe0\x17\x45\x70\x12",
.ilen = 30,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.alen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x47\xda\x54\x42\x51\x72\xc4\x8b"
"\xf5\x57\x0f\x2f\x49\x0e\x11\x3b"
"\x78\x93\xec\xfc\xf4\xff\xe1\x2d",
.ilen = 24,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.rlen = 16,
},
};
/*
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* AEGIS-128L test vectors - generated via reference implementation from
* SUPERCOP (https://bench.cr.yp.to/supercop.html):
*
* https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* (see crypto_aead/aegis128l/)
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec aegis128l_enc_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
"\x40\x6d\x59\x48\xfc\x92\x61\x03",
.assoc = "",
.alen = 0,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6"
"\x20\x72\x78\xdd\x93\xc8\x57\xef",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
"\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x79",
.ilen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb"
"\x40\xb3\x71\xc5\x22\x58\x31\x77"
"\x6d",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
"\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47",
.ilen = 15,
.result = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03"
"\x2b\xee\x62\x99\x7b\x98\x13\x1f"
"\xe0\x76\x4c\x2e\x53\x99\x4f\xbe"
"\xe1\xa8\x04\x7f\xe1\x71\xbe",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
"\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ilen = 16,
.result = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c"
"\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e"
"\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb"
"\xde\x54\x9b\xf5\x92\x8b\x93\xc5",
.rlen = 32,
}, {
.key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
"\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
"\xd3",
.ilen = 17,
.result = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b"
"\x71\xc3\x8a\x91\x22\x4f\x1b\xd2"
"\x33\x6d\x86\xbc\xf8\x2f\x06\xf9"
"\x82\x64\xc7\x72\x00\x30\xfc\xf0"
"\xf8",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
"\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
"\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
"\x88\x11\x39\x12\x1c\x3a\xbb",
.ilen = 31,
.result = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5"
"\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1"
"\x45\x10\x96\xe0\xbf\x55\x0f\x4c"
"\x1a\xfd\xf4\xda\x4e\x10\xde\xc9"
"\x0e\x6f\xc7\x3c\x49\x94\x41\xfc"
"\x59\x28\x88\x3c\x79\x10\x6b",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
"\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
"\x28\x50\x51\x9d\x24\x60\x8d\xb3"
"\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
.ilen = 32,
.result = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d"
"\x1c\x9f\x06\x54\x8b\x0b\xb4\x40"
"\xde\x11\x59\x3e\xfd\x74\xf6\x42"
"\x97\x17\xf7\x24\xb6\x7e\xc4\xc6"
"\x06\xa3\x94\xda\x3d\x7f\x55\x0a"
"\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
"\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
.assoc = "\xd5",
.alen = 1,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8"
"\x0f\x9a\x15\x60\x0e\x9b\x13\x8f",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
.assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
"\x68\x75\x16\xf8\xcb\x7e\xa7",
.alen = 15,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c"
"\x84\xfb\x26\xfb\xd5\xca\x62\x39",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
.assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
"\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
.alen = 16,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1"
"\x99\x4d\x6d\xb4\x67\x32\xb0\x3a",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
.assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
"\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
"\x07",
.alen = 17,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x33\xb1\x42\x97\x8e\x16\x7b\x63"
"\x06\xba\x5b\xcb\xae\x6d\x8b\x56",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47",
.assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
"\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
"\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
"\xe0\x17\x3a\x2e\x83\x5c\x8f",
.alen = 31,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xda\x44\x08\x8c\x2a\xa5\x07\x35"
"\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
.assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
"\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
"\x5c\x2d\x14\x96\x01\x78\xb9\x47"
"\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
.alen = 32,
.input = "",
.ilen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88"
"\x40\x7f\x7b\x19\x7a\x52\x8c\xf0",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
"\xcc\x81\x63\xab\xae\x6b\x43\x54",
.assoc = "\x40",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x4f",
.ilen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9"
"\xa0\x98\x09\x85\xbe\x56\x8e\x79"
"\xf4",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
.assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.alen = 15,
.input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67",
.ilen = 15,
.result = "\x99\x2e\x84\x50\x64\x5c\xab\x29"
"\x20\xba\xb9\x2f\x62\x3a\xce\x2a"
"\x75\x25\x3b\xe3\x40\xe0\x1d\xfc"
"\x20\x63\x0b\x49\x7e\x97\x08",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
.assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.alen = 16,
.input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.ilen = 16,
.result = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee"
"\x78\x08\x12\xec\x09\xaf\x53\x14"
"\x90\x3e\x3d\x76\xad\x71\x21\x08"
"\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb",
.rlen = 32,
}, {
.key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
.assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x05",
.alen = 17,
.input = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
"\xd0",
.ilen = 17,
.result = "\xf3\xe7\x95\x86\xcf\x34\x95\x96"
"\x17\xfe\x1b\xae\x1b\x31\xf2\x1a"
"\xbd\xbc\xc9\x4e\x11\x29\x09\x5c"
"\x05\xd3\xb4\x2e\x4a\x74\x59\x49"
"\x7d",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
.assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x68\x28\x73\x40\x9f\x96\x4a",
.alen = 31,
.input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70"
"\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
"\x98\x34\xab\x37\x56\xae\x32",
.ilen = 31,
.result = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24"
"\x0d\x19\x15\x61\x65\x3b\x06\x26"
"\x71\xe8\x7e\x16\xdb\x96\x01\x01"
"\x52\xcd\x49\x5b\x07\x33\x4e\xe7"
"\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5"
"\xed\x90\xce\xb9\xcd\xcc\xa1",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73",
.assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
.alen = 32,
.input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76"
"\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
"\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
.ilen = 32,
.result = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1"
"\xbc\x0f\x35\x97\x97\x0c\x4b\x18"
"\xce\x58\xc8\x3b\xd4\x85\x93\x79"
"\xcc\x9c\xea\xc1\x73\x13\x0b\x4c"
"\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56"
"\x64\x4e\x47\xce\xb2\xb4\x92\xb4",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
.assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x9d",
.alen = 33,
.input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
"\x4f\x2e\xe8\x55\x66\x80\x27\x00"
"\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
"\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
"\x0a\x34\x97\xff\x47\x37\xb0\x2a"
"\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
"\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
"\xbd",
.ilen = 65,
.result = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8"
"\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f"
"\x4b\xfa\xc8\x2e\x67\x43\xf3\x63"
"\x42\x8e\x99\x5a\x9c\x0b\x84\x77"
"\xbc\x46\x76\x48\x82\xc7\x57\x96"
"\xe1\x65\xd1\xed\x1d\xdd\x80\x24"
"\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e"
"\x26\xb9\xcc\x37\xe5\x43\xe1\x5a"
"\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d"
"\xf7\x33\x64\xc1\xd3\xf2\xfc\x35"
"\x01",
.rlen = 81,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.klen = 16,
.iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f",
.assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 65,
.input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
"\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
"\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
"\x2f",
.ilen = 33,
.result = "\x4c\xa9\xac\x71\xed\x10\xa6\x24"
"\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb"
"\x05\xc9\xd6\x97\xb6\x10\x7f\x17"
"\xc2\xc0\x93\xcf\xe0\x94\xfd\x99"
"\xf2\x62\x25\x28\x01\x23\x6f\x8b"
"\x04\x52\xbc\xb0\x3e\x66\x52\x90"
"\x9f",
.rlen = 49,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
.assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.alen = 16,
.input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.ilen = 16,
.result = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5"
"\x96\xe6\x97\xe4\x10\xeb\x40\x95"
"\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec"
"\x05\xa8\x31\x50\x11\x19\x44",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
.assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.alen = 16,
.input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.ilen = 16,
.result = "\x30\x95\x7d\xea\xdc\x62\xc0\x88"
"\xa1\xe3\x8d\x8c\xac\x04\x10\xa7"
"\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb"
"\x21\x93\x2e\x31\x84\x83",
.rlen = 30,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
.klen = 16,
.iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92",
.assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.alen = 16,
.input = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ilen = 16,
.result = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16"
"\x63\x0d\x43\xd5\x49\xca\xa8\x85"
"\x49\xc0\xae\x13\xbc\x26\x1d\x4b",
.rlen = 24,
},
};
static const struct aead_testvec aegis128l_dec_tv_template[] = {
{
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
"\x40\x6d\x59\x48\xfc\x92\x61\x03",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x30\x4f\xf3\xe9\xb1\xfa\x81\xa6"
"\x20\x72\x78\xdd\x93\xc8\x57\xef",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
.klen = 16,
.iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
"\xc1\x47\x0b\xda\xf6\xb6\x23\x09",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xa9\x24\xa0\xb6\x2d\xdd\x29\xdb"
"\x40\xb3\x71\xc5\x22\x58\x31\x77"
"\x6d",
.ilen = 17,
.result = "\x79",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
.klen = 16,
.iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
"\x42\x21\xbd\x6b\xf0\xda\xe6\x0f",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xbb\x0a\x53\xc4\xaa\x7e\xa4\x03"
"\x2b\xee\x62\x99\x7b\x98\x13\x1f"
"\xe0\x76\x4c\x2e\x53\x99\x4f\xbe"
"\xe1\xa8\x04\x7f\xe1\x71\xbe",
.ilen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47",
.rlen = 15,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
.klen = 16,
.iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
"\xc3\xfb\x6f\xfd\xea\xff\xa9\x15",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x66\xdf\x6e\x71\xc0\x6e\xa4\x4c"
"\x9d\xb7\x8c\x9a\xdb\x1f\xd2\x2e"
"\x23\xb6\xa4\xfb\xd3\x86\xdd\xbb"
"\xde\x54\x9b\xf5\x92\x8b\x93\xc5",
.ilen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
.klen = 16,
.iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
"\x44\xd5\x21\x8e\xe4\x23\x6b\x1c",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x4f\xc3\x69\xb6\xd3\xa4\x64\x8b"
"\x71\xc3\x8a\x91\x22\x4f\x1b\xd2"
"\x33\x6d\x86\xbc\xf8\x2f\x06\xf9"
"\x82\x64\xc7\x72\x00\x30\xfc\xf0"
"\xf8",
.ilen = 33,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
"\xd3",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
.klen = 16,
.iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
"\xc5\xb0\xd3\x1f\xde\x48\x2e\x22",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xe3\x93\x15\xae\x5f\x9d\x3c\xb5"
"\xd6\x9d\xee\xee\xcf\xaa\xaf\xe1"
"\x45\x10\x96\xe0\xbf\x55\x0f\x4c"
"\x1a\xfd\xf4\xda\x4e\x10\xde\xc9"
"\x0e\x6f\xc7\x3c\x49\x94\x41\xfc"
"\x59\x28\x88\x3c\x79\x10\x6b",
.ilen = 47,
.result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
"\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
"\x88\x11\x39\x12\x1c\x3a\xbb",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
.klen = 16,
.iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
"\x45\x8a\x85\xb1\xd8\x6c\xf1\x28",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x1c\x8e\x22\x34\xfd\xab\xe6\x0d"
"\x1c\x9f\x06\x54\x8b\x0b\xb4\x40"
"\xde\x11\x59\x3e\xfd\x74\xf6\x42"
"\x97\x17\xf7\x24\xb6\x7e\xc4\xc6"
"\x06\xa3\x94\xda\x3d\x7f\x55\x0a"
"\x92\x07\x2f\xa6\xf3\x6b\x2c\xfc",
.ilen = 48,
.result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
"\x28\x50\x51\x9d\x24\x60\x8d\xb3"
"\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
.klen = 16,
.iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
"\xc6\x64\x37\x42\xd2\x90\xb3\x2e",
.assoc = "\xd5",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xa0\x2a\xb4\x9a\x91\x00\x15\xb8"
"\x0f\x9a\x15\x60\x0e\x9b\x13\x8f",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
.klen = 16,
.iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34",
.assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
"\x68\x75\x16\xf8\xcb\x7e\xa7",
.alen = 15,
.input = "\x4c\x26\xad\x9c\x14\xfd\x9c\x8c"
"\x84\xfb\x26\xfb\xd5\xca\x62\x39",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
.klen = 16,
.iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
.assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
"\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
.alen = 16,
.input = "\x45\x85\x0e\x0f\xf4\xae\x96\xa1"
"\x99\x4d\x6d\xb4\x67\x32\xb0\x3a",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
.klen = 16,
.iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41",
.assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
"\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
"\x07",
.alen = 17,
.input = "\x33\xb1\x42\x97\x8e\x16\x7b\x63"
"\x06\xba\x5b\xcb\xae\x6d\x8b\x56",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
.klen = 16,
.iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47",
.assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
"\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
"\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
"\xe0\x17\x3a\x2e\x83\x5c\x8f",
.alen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xda\x44\x08\x8c\x2a\xa5\x07\x35"
"\x0b\x54\x4e\x6d\xe3\xfd\xc4\x5f",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
.klen = 16,
.iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d",
.assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
"\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
"\x5c\x2d\x14\x96\x01\x78\xb9\x47"
"\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
.alen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x1b\xb1\xf1\xa8\x9e\xc2\xb2\x88"
"\x40\x7f\x7b\x19\x7a\x52\x8c\xf0",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
.klen = 16,
.iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
"\xcc\x81\x63\xab\xae\x6b\x43\x54",
.assoc = "\x40",
.alen = 1,
.input = "\x6e\xc8\xfb\x15\x9d\x98\x49\xc9"
"\xa0\x98\x09\x85\xbe\x56\x8e\x79"
"\xf4",
.ilen = 17,
.result = "\x4f",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
.klen = 16,
.iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a",
.assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.alen = 15,
.input = "\x99\x2e\x84\x50\x64\x5c\xab\x29"
"\x20\xba\xb9\x2f\x62\x3a\xce\x2a"
"\x75\x25\x3b\xe3\x40\xe0\x1d\xfc"
"\x20\x63\x0b\x49\x7e\x97\x08",
.ilen = 31,
.result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67",
.rlen = 15,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
.klen = 16,
.iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
.assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.alen = 16,
.input = "\xd9\x8e\xfd\x50\x8f\x02\x9f\xee"
"\x78\x08\x12\xec\x09\xaf\x53\x14"
"\x90\x3e\x3d\x76\xad\x71\x21\x08"
"\x77\xe5\x4b\x15\xc2\xe6\xbc\xdb",
.ilen = 32,
.result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
.klen = 16,
.iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66",
.assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05",
.alen = 17,
.input = "\xf3\xe7\x95\x86\xcf\x34\x95\x96"
"\x17\xfe\x1b\xae\x1b\x31\xf2\x1a"
"\xbd\xbc\xc9\x4e\x11\x29\x09\x5c"
"\x05\xd3\xb4\x2e\x4a\x74\x59\x49"
"\x7d",
.ilen = 33,
.result = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
"\xd0",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
.klen = 16,
.iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d",
.assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a",
.alen = 31,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x06\x96\xb2\xbf\x63\xf4\x1e\x24"
"\x0d\x19\x15\x61\x65\x3b\x06\x26"
"\x71\xe8\x7e\x16\xdb\x96\x01\x01"
"\x52\xcd\x49\x5b\x07\x33\x4e\xe7"
"\xaa\x91\xf5\xd5\xc6\xfe\x41\xb5"
"\xed\x90\xce\xb9\xcd\xcc\xa1",
.ilen = 47,
.result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70"
"\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
"\x98\x34\xab\x37\x56\xae\x32",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
.klen = 16,
.iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73",
.assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
.alen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xf9\xd7\xee\x17\xfd\x24\xcd\xf1"
"\xbc\x0f\x35\x97\x97\x0c\x4b\x18"
"\xce\x58\xc8\x3b\xd4\x85\x93\x79"
"\xcc\x9c\xea\xc1\x73\x13\x0b\x4c"
"\xcc\x6f\x28\xf8\xa4\x4e\xb8\x56"
"\x64\x4e\x47\xce\xb2\xb4\x92\xb4",
.ilen = 48,
.result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76"
"\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
"\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
.klen = 16,
.iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79",
.assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
"\x9d",
.alen = 33,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x58\xfa\x3a\x3d\xd9\x88\x63\xe8"
"\xc5\x78\x50\x8b\x4a\xc9\xdf\x7f"
"\x4b\xfa\xc8\x2e\x67\x43\xf3\x63"
"\x42\x8e\x99\x5a\x9c\x0b\x84\x77"
"\xbc\x46\x76\x48\x82\xc7\x57\x96"
"\xe1\x65\xd1\xed\x1d\xdd\x80\x24"
"\xa6\x4d\xa9\xf1\x53\x8b\x5e\x0e"
"\x26\xb9\xcc\x37\xe5\x43\xe1\x5a"
"\x8a\xd6\x8c\x5a\xe4\x95\xd1\x8d"
"\xf7\x33\x64\xc1\xd3\xf2\xfc\x35"
"\x01",
.ilen = 81,
.result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
"\x4f\x2e\xe8\x55\x66\x80\x27\x00"
"\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
"\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
"\x0a\x34\x97\xff\x47\x37\xb0\x2a"
"\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
"\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
"\xbd",
.rlen = 65,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
.klen = 16,
.iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f",
.assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
.alen = 65,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x4c\xa9\xac\x71\xed\x10\xa6\x24"
"\xb7\xa7\xdf\x8b\xf5\xc2\x41\xcb"
"\x05\xc9\xd6\x97\xb6\x10\x7f\x17"
"\xc2\xc0\x93\xcf\xe0\x94\xfd\x99"
"\xf2\x62\x25\x28\x01\x23\x6f\x8b"
"\x04\x52\xbc\xb0\x3e\x66\x52\x90"
"\x9f",
.ilen = 49,
.result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
"\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
"\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
"\x2f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
.klen = 16,
.iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
.assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.alen = 16,
.input = "\x6d\xed\x04\x7a\x2f\x0c\x30\xa5"
"\x96\xe6\x97\xe4\x10\xeb\x40\x95"
"\xc5\x9a\xdf\x31\xd5\xa5\xa6\xec"
"\x05\xa8\x31\x50\x11\x19\x44",
.ilen = 31,
.result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
.klen = 16,
.iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
.assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.alen = 16,
.input = "\x30\x95\x7d\xea\xdc\x62\xc0\x88"
"\xa1\xe3\x8d\x8c\xac\x04\x10\xa7"
"\xfa\xfa\x07\xbd\xa0\xf0\x36\xeb"
"\x21\x93\x2e\x31\x84\x83",
.ilen = 30,
.result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
.klen = 16,
.iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92",
.assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.alen = 16,
.input = "\x93\xcd\xee\xd4\xcb\x9d\x8d\x16"
"\x63\x0d\x43\xd5\x49\xca\xa8\x85"
"\x49\xc0\xae\x13\xbc\x26\x1d\x4b",
.ilen = 24,
.result = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.rlen = 16,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* AEGIS-256 test vectors - generated via reference implementation from
* SUPERCOP (https://bench.cr.yp.to/supercop.html):
*
* https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
* (see crypto_aead/aegis256/)
*/
static const struct aead_testvec aegis256_enc_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81"
"\xca\xb0\x82\x21\x41\xa8\xe0\x06"
"\x30\x0b\x37\xf6\xb6\x17\xe7\xb5",
.klen = 32,
.iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
"\x40\x6d\x59\x48\xfc\x92\x61\x03"
"\x95\x61\x05\x42\x82\x50\xc0\x0c"
"\x60\x16\x6f\xec\x6d\x2f\xcf\x6b",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "",
.ilen = 0,
.result = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa"
"\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87"
"\xf4\x72\x8e\xa5\x46\x48\x62\x20"
"\xf1\x38\x16\xce\x90\x76\x87\x8c",
.klen = 32,
.iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
"\xc1\x47\x0b\xda\xf6\xb6\x23\x09"
"\xbf\x23\x11\xc6\x87\xf0\x42\x26"
"\x22\x44\x4e\xc4\x47\x8e\x6e\x41",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x79",
.ilen = 1,
.result = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16"
"\x9e\x89\xd9\x06\xa6\xa8\x14\x29"
"\x8b",
.rlen = 17,
}, {
.key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e"
"\x1f\x35\x9a\x29\x4b\xe8\xe4\x39"
"\xb3\x66\xf5\xa6\x6a\xd5\x26\x62",
.klen = 32,
.iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
"\x42\x21\xbd\x6b\xf0\xda\xe6\x0f"
"\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40"
"\xe3\x71\x2d\x9c\x21\xed\x0e\x18",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47",
.ilen = 15,
.result = "\x09\x94\x1f\xa6\x13\xc3\x74\x75"
"\x17\xad\x8a\x0e\xd8\x66\x9a\x28"
"\xd7\x30\x66\x09\x2a\xdc\xfa\x2a"
"\x9f\x3b\xd7\xdd\x66\xd1\x2b",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94"
"\x49\xf7\xa5\xad\x50\x88\x66\x53"
"\x74\x94\xd4\x7f\x44\x34\xc5\x39",
.klen = 32,
.iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
"\xc3\xfb\x6f\xfd\xea\xff\xa9\x15"
"\x14\xa8\x28\xce\x92\x30\x46\x59"
"\xa4\x9f\x0b\x75\xfb\x4c\xad\xee",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.ilen = 16,
.result = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f"
"\x54\x63\x4e\x7f\xc9\x8e\xfa\x70"
"\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1"
"\x29\x17\xc8\x3b\x52\xa4\x98\x72",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a"
"\x74\xb9\xb1\x32\x55\x28\xe8\x6d"
"\x35\xc1\xb3\x57\x1f\x93\x64\x0f",
.klen = 32,
.iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
"\x44\xd5\x21\x8e\xe4\x23\x6b\x1c"
"\x3e\x6a\x34\x53\x97\xd0\xc8\x73"
"\x66\xcd\xea\x4d\xd5\xab\x4c\xc5",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
"\xd3",
.ilen = 17,
.result = "\x71\x6b\x37\x0b\x02\x61\x28\x12"
"\x83\xab\x66\x90\x84\xc7\xd1\xc5"
"\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2"
"\xc0\x00\x39\x13\xb5\x51\x68\x44"
"\xad",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0"
"\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86"
"\xf7\xef\x91\x30\xf9\xf2\x04\xe6",
.klen = 32,
.iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
"\xc5\xb0\xd3\x1f\xde\x48\x2e\x22"
"\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d"
"\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
"\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
"\x88\x11\x39\x12\x1c\x3a\xbb",
.ilen = 31,
.result = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f"
"\x06\x3b\x52\x18\x49\x75\x1b\xf0"
"\x53\x09\x72\x7b\x45\x79\xe0\xbe"
"\x89\x85\x23\x15\xb8\x79\x07\x4c"
"\x53\x7a\x15\x37\x0a\xee\xb7\xfb"
"\xc4\x1f\x12\x27\xcf\x77\x90",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6"
"\xc8\x3e\xc8\x3a\x60\x68\xec\xa0"
"\xb8\x1c\x70\x08\xd3\x51\xa3\xbd",
.klen = 32,
.iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
"\x45\x8a\x85\xb1\xd8\x6c\xf1\x28"
"\x93\xef\x4b\x5b\xa1\x10\xcc\xa6"
"\xe8\x28\xa8\xfe\x89\x69\x8b\x72",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
"\x28\x50\x51\x9d\x24\x60\x8d\xb3"
"\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
.ilen = 32,
.result = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4"
"\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7"
"\xeb\x0f\x05\x2b\xba\xb3\xca\xef"
"\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5"
"\xbf\x7a\x3e\xcc\x31\x76\x09\x80"
"\x32\x5d\xbb\xe8\x38\x0e\x77\xd3",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad"
"\xf3\x00\xd4\xbf\x65\x08\x6e\xb9"
"\x7a\x4a\x4f\xe0\xad\xb0\x42\x93",
.klen = 32,
.iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
"\xc6\x64\x37\x42\xd2\x90\xb3\x2e"
"\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0"
"\xaa\x55\x87\xd6\x63\xc8\x2a\x49",
.assoc = "\xd5",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "",
.ilen = 0,
.result = "\x96\x43\x30\xca\x6c\x4f\xd7\x12"
"\xba\xd9\xb3\x18\x86\xdf\xc3\x52",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3"
"\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3"
"\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a",
.klen = 32,
.iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
"\xe8\x73\x62\x64\xab\x50\xd0\xda"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x6b\x83\x66\xaf\x3e\x27\xc9\x1f",
.assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
"\x68\x75\x16\xf8\xcb\x7e\xa7",
.alen = 15,
.input = "",
.ilen = 0,
.result = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83"
"\x11\x9f\xb0\x74\xee\xc7\x03\xdd",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9"
"\x47\x85\xeb\xc7\x6f\x48\x72\xed"
"\xfc\xa5\x0d\x91\x61\x6e\x81\x40",
.klen = 32,
.iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
"\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
"\x2d\xb0\x45\x87\x18\x86\x68\xf6",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
"\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
.alen = 16,
.input = "",
.ilen = 0,
.result = "\x16\x44\x73\x33\x5d\xf2\xb9\x04"
"\x6b\x79\x98\xef\xdb\xd5\xc5\xf1",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf"
"\x72\x47\xf6\x4b\x74\xe8\xf4\x06"
"\xbe\xd3\xec\x6a\x3b\xcd\x20\x17",
.klen = 32,
.iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
"\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xee\xde\x23\x60\xf2\xe5\x08\xcc",
.assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
"\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
"\x07",
.alen = 17,
.input = "",
.ilen = 0,
.result = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45"
"\x98\x54\x8c\xed\x3d\x17\xf0\xdd",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6"
"\x9c\x0a\x02\xd0\x79\x88\x76\x20"
"\x7f\x00\xca\x42\x15\x2c\xbf\xed",
.klen = 32,
.iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47"
"\x67\xba\x85\xf1\xbb\x30\x56\x26"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xaf\x0b\x02\x38\xcc\x44\xa7\xa3",
.assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
"\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
"\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
"\xe0\x17\x3a\x2e\x83\x5c\x8f",
.alen = 31,
.input = "",
.ilen = 0,
.result = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0"
"\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc"
"\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a"
"\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4",
.klen = 32,
.iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
"\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
.assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
"\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
"\x5c\x2d\x14\x96\x01\x78\xb9\x47"
"\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
.alen = 32,
.input = "",
.ilen = 0,
.result = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1"
"\xd2\x64\x3e\x66\x6a\xb2\x03\xc0",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2"
"\xf1\x8e\x19\xd8\x84\xc8\x7a\x53"
"\x02\x5b\x88\xf3\xca\xea\xfe\x9b",
.klen = 32,
.iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
"\xcc\x81\x63\xab\xae\x6b\x43\x54"
"\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a"
"\x32\x67\xc0\xe9\x80\x02\xe5\x50",
.assoc = "\x40",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x4f",
.ilen = 1,
.result = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b"
"\x7a\x3f\x81\xf7\xfc\x1b\x79\x83"
"\xc7",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8"
"\x1b\x50\x25\x5d\x89\x68\xfc\x6d"
"\xc3\x89\x67\xcb\xa4\x49\x9d\x71",
.klen = 32,
.iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
"\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xf4\x94\x9f\xc1\x5a\x61\x85\x27",
.assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.alen = 15,
.input = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67",
.ilen = 15,
.result = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba"
"\x7e\x98\x83\x02\x34\x23\xf7\x94"
"\xde\x35\xe6\x1d\x14\x18\xe5\x38"
"\x14\x80\x6a\xa7\x1b\xae\x1d",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf"
"\x46\x13\x31\xe1\x8e\x08\x7e\x87"
"\x85\xb6\x46\xa3\x7e\xa8\x3c\x48",
.klen = 32,
.iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
"\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
"\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.alen = 16,
.input = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.ilen = 16,
.result = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01"
"\xbe\x28\x98\x10\x6f\xe9\x61\x32"
"\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9"
"\x46\x2d\x55\xe3\x42\x67\xf2\xaf",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5"
"\x70\xd5\x3c\x65\x93\xa8\x00\xa0"
"\x46\xe4\x25\x7c\x58\x08\xdb\x1e",
.klen = 32,
.iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
"\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x76\xef\x5c\x72\x0f\x1f\xc3\xd4",
.assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x05",
.alen = 17,
.input = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
"\xd0",
.ilen = 17,
.result = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8"
"\x45\x65\x1b\x72\x9b\xaa\xa3\x1e"
"\x87\x9d\x26\xdf\xff\x81\x11\xd2"
"\x47\x41\xb9\x24\xc1\x8a\xa3\x8b"
"\x55",
.rlen = 33,
}, {
.key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb"
"\x9a\x97\x48\xe9\x98\x48\x82\xba"
"\x07\x11\x04\x54\x32\x67\x7b\xf5",
.klen = 32,
.iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
"\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa",
.assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x68\x28\x73\x40\x9f\x96\x4a",
.alen = 31,
.input = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70"
"\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
"\x98\x34\xab\x37\x56\xae\x32",
.ilen = 31,
.result = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5"
"\x69\x7f\x7a\xdd\x8c\x46\xda\xba"
"\x0a\x5c\x0e\x7f\xac\xee\x02\xd2"
"\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66"
"\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b"
"\xdf\xb8\xea\xd8\xa9\x38\xed",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1"
"\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4"
"\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb",
.klen = 32,
.iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73"
"\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
.assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
.alen = 32,
.input = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76"
"\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
"\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
.ilen = 32,
.result = "\xd3\x68\x14\x70\x3c\x01\x43\x86"
"\x02\xab\xbe\x75\xaa\xe7\xf5\x53"
"\x5c\x05\xbd\x9b\x19\xbb\x2a\x61"
"\x8f\x69\x05\x75\x8e\xca\x60\x0c"
"\x5b\xa2\x48\x61\x32\x74\x11\x2b"
"\xf6\xcf\x06\x78\x6f\x78\x1a\x4a",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7"
"\xef\x1c\x5f\xf2\xa3\x88\x86\xed"
"\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2",
.klen = 32,
.iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
"\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xba\x78\xf9\xfb\x9d\x3c\xa1\x58",
.assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x9d",
.alen = 33,
.input = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
"\x4f\x2e\xe8\x55\x66\x80\x27\x00"
"\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
"\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
"\x0a\x34\x97\xff\x47\x37\xb0\x2a"
"\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
"\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
"\xbd",
.ilen = 65,
.result = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2"
"\x15\x3a\x6c\x72\x83\x9b\xb1\x75"
"\xea\xf2\xfc\xff\xc6\xf1\x13\xa4"
"\x1a\x93\x33\x79\x97\x82\x81\xc0"
"\x96\xc2\x00\xab\x39\xae\xa1\x62"
"\x53\xa3\x86\xc9\x07\x8c\xaf\x22"
"\x47\x31\x29\xca\x4a\x95\xf5\xd5"
"\x20\x63\x5a\x54\x80\x2c\x4a\x63"
"\xfb\x18\x73\x31\x4f\x08\x21\x5d"
"\x20\xe9\xc3\x7e\xea\x25\x77\x3a"
"\x65",
.rlen = 81,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe"
"\x19\xde\x6b\x76\xa8\x28\x08\x07"
"\x4b\x9a\xa0\xdd\xc1\x84\x58\x79",
.klen = 32,
.iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f"
"\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e",
.assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.alen = 65,
.input = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
"\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
"\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
"\x2f",
.ilen = 33,
.result = "\x33\xc1\xda\xfa\x15\x21\x07\x8e"
"\x93\x68\xea\x64\x7b\x3d\x4b\x6b"
"\x71\x5e\x5e\x6b\x92\xaa\x65\xc2"
"\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81"
"\x26\x3a\x5a\x09\xe8\xce\x73\x72"
"\xde\x7b\x58\x9e\x85\xb9\xa4\x28"
"\xda",
.rlen = 49,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04"
"\x44\xa1\x76\xfb\xad\xc8\x8a\x21"
"\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f",
.klen = 32,
.iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
"\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
"\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.alen = 16,
.input = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ilen = 16,
.result = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02"
"\x0f\xdf\xc9\x6e\x37\x1e\x57\x99"
"\x07\x2a\x1a\xac\xd1\xda\xfd\x3b"
"\xc7\xff\xbd\xbc\x85\x09\x0b",
.rlen = 31,
}, {
.key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a"
"\x6e\x63\x82\x7f\xb2\x68\x0c\x3a"
"\xce\xf5\x5e\x8e\x75\x42\x97\x26",
.klen = 32,
.iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
"\x39\x14\x05\xa0\xf3\x10\xec\x41"
"\xff\x01\x95\x84\x2b\x59\x7f\xdb",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.alen = 16,
.input = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ilen = 16,
.result = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e"
"\x6c\xd9\x84\x63\x70\x97\x61\x37"
"\x08\x2f\x16\x90\x9e\x62\x30\x0d"
"\x62\xd5\xc8\xf0\x46\x1a",
.rlen = 30,
}, {
.key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10"
"\x98\x25\x8d\x03\xb7\x08\x8e\x54"
"\x90\x23\x3d\x67\x4f\xa1\x36\xfc",
.klen = 32,
.iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92"
"\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
"\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.alen = 16,
.input = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ilen = 16,
.result = "\xce\xf3\x17\x87\x49\xc2\x00\x46"
"\xc6\x12\x5c\x8f\x81\x38\xaa\x55"
"\xf8\x67\x75\xf1\x75\xe3\x2a\x24",
.rlen = 24,
},
};
static const struct aead_testvec aegis256_dec_tv_template[] = {
{
.key = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81"
"\xca\xb0\x82\x21\x41\xa8\xe0\x06"
"\x30\x0b\x37\xf6\xb6\x17\xe7\xb5",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x1e\x92\x1c\xcf\x88\x3d\x54\x0d"
"\x40\x6d\x59\x48\xfc\x92\x61\x03"
"\x95\x61\x05\x42\x82\x50\xc0\x0c"
"\x60\x16\x6f\xec\x6d\x2f\xcf\x6b",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xd5\x65\x3a\xa9\x03\x51\xd7\xaa"
"\xfa\x4b\xd8\xa2\x41\x9b\xc1\xb2",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87"
"\xf4\x72\x8e\xa5\x46\x48\x62\x20"
"\xf1\x38\x16\xce\x90\x76\x87\x8c",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x5a\xb7\x56\x6e\x98\xb9\xfd\x29"
"\xc1\x47\x0b\xda\xf6\xb6\x23\x09"
"\xbf\x23\x11\xc6\x87\xf0\x42\x26"
"\x22\x44\x4e\xc4\x47\x8e\x6e\x41",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x84\xa2\x8f\xad\xdb\x8d\x2c\x16"
"\x9e\x89\xd9\x06\xa6\xa8\x14\x29"
"\x8b",
.ilen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x79",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e"
"\x1f\x35\x9a\x29\x4b\xe8\xe4\x39"
"\xb3\x66\xf5\xa6\x6a\xd5\x26\x62",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x97\xdb\x90\x0e\xa8\x35\xa5\x45"
"\x42\x21\xbd\x6b\xf0\xda\xe6\x0f"
"\xe9\xe5\x1d\x4a\x8c\x90\xc4\x40"
"\xe3\x71\x2d\x9c\x21\xed\x0e\x18",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x09\x94\x1f\xa6\x13\xc3\x74\x75"
"\x17\xad\x8a\x0e\xd8\x66\x9a\x28"
"\xd7\x30\x66\x09\x2a\xdc\xfa\x2a"
"\x9f\x3b\xd7\xdd\x66\xd1\x2b",
.ilen = 31,
.result = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47",
.rlen = 15,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94"
"\x49\xf7\xa5\xad\x50\x88\x66\x53"
"\x74\x94\xd4\x7f\x44\x34\xc5\x39",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xd3\x00\xc9\xad\xb8\xb0\x4e\x61"
"\xc3\xfb\x6f\xfd\xea\xff\xa9\x15"
"\x14\xa8\x28\xce\x92\x30\x46\x59"
"\xa4\x9f\x0b\x75\xfb\x4c\xad\xee",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x8a\x46\xa2\x22\x8c\x03\xab\x6f"
"\x54\x63\x4e\x7f\xc9\x8e\xfa\x70"
"\x7b\xe5\x8d\x78\xbc\xe9\xb6\xa1"
"\x29\x17\xc8\x3b\x52\xa4\x98\x72",
.ilen = 32,
.result = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a"
"\x74\xb9\xb1\x32\x55\x28\xe8\x6d"
"\x35\xc1\xb3\x57\x1f\x93\x64\x0f",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x10\x25\x03\x4c\xc8\x2c\xf7\x7d"
"\x44\xd5\x21\x8e\xe4\x23\x6b\x1c"
"\x3e\x6a\x34\x53\x97\xd0\xc8\x73"
"\x66\xcd\xea\x4d\xd5\xab\x4c\xc5",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x71\x6b\x37\x0b\x02\x61\x28\x12"
"\x83\xab\x66\x90\x84\xc7\xd1\xc5"
"\xb2\x7a\xb4\x7b\xb4\xfe\x02\xb2"
"\xc0\x00\x39\x13\xb5\x51\x68\x44"
"\xad",
.ilen = 33,
.result = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f"
"\xd3",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0"
"\x9e\x7c\xbc\xb6\x5b\xc8\x6a\x86"
"\xf7\xef\x91\x30\xf9\xf2\x04\xe6",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x4c\x49\x3d\xec\xd8\xa8\xa0\x98"
"\xc5\xb0\xd3\x1f\xde\x48\x2e\x22"
"\x69\x2c\x3f\xd7\x9c\x70\x4a\x8d"
"\x27\xfa\xc9\x26\xaf\x0a\xeb\x9c",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xaf\xa4\x34\x0d\x59\xe6\x1c\x2f"
"\x06\x3b\x52\x18\x49\x75\x1b\xf0"
"\x53\x09\x72\x7b\x45\x79\xe0\xbe"
"\x89\x85\x23\x15\xb8\x79\x07\x4c"
"\x53\x7a\x15\x37\x0a\xee\xb7\xfb"
"\xc4\x1f\x12\x27\xcf\x77\x90",
.ilen = 47,
.result = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25"
"\xfe\x8d\x45\x19\x1e\xc0\x0b\x99"
"\x88\x11\x39\x12\x1c\x3a\xbb",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6"
"\xc8\x3e\xc8\x3a\x60\x68\xec\xa0"
"\xb8\x1c\x70\x08\xd3\x51\xa3\xbd",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x89\x6e\x77\x8b\xe8\x23\x49\xb4"
"\x45\x8a\x85\xb1\xd8\x6c\xf1\x28"
"\x93\xef\x4b\x5b\xa1\x10\xcc\xa6"
"\xe8\x28\xa8\xfe\x89\x69\x8b\x72",
.assoc = "",
.alen = 0,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xe2\xc9\x0b\x33\x31\x02\xb3\xb4"
"\x33\xfe\xeb\xa8\xb7\x9b\xb2\xd7"
"\xeb\x0f\x05\x2b\xba\xb3\xca\xef"
"\xf6\xd1\xb6\xc0\xb9\x9b\x85\xc5"
"\xbf\x7a\x3e\xcc\x31\x76\x09\x80"
"\x32\x5d\xbb\xe8\x38\x0e\x77\xd3",
.ilen = 48,
.result = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b"
"\x28\x50\x51\x9d\x24\x60\x8d\xb3"
"\x49\x3e\x17\xea\xf6\x99\x5a\xdd",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad"
"\xf3\x00\xd4\xbf\x65\x08\x6e\xb9"
"\x7a\x4a\x4f\xe0\xad\xb0\x42\x93",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xc5\x93\xb0\x2a\xf8\x9f\xf1\xd0"
"\xc6\x64\x37\x42\xd2\x90\xb3\x2e"
"\xbd\xb1\x57\xe0\xa6\xb0\x4e\xc0"
"\xaa\x55\x87\xd6\x63\xc8\x2a\x49",
.assoc = "\xd5",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x96\x43\x30\xca\x6c\x4f\xd7\x12"
"\xba\xd9\xb3\x18\x86\xdf\xc3\x52",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3"
"\x1d\xc3\xdf\x43\x6a\xa8\xf0\xd3"
"\x3b\x77\x2e\xb9\x87\x0f\xe1\x6a",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
"\xe8\x73\x62\x64\xab\x50\xd0\xda"
"\x6b\x83\x66\xaf\x3e\x27\xc9\x1f",
.assoc = "\x11\x81\x78\x32\x4d\xb9\x44\x73"
"\x68\x75\x16\xf8\xcb\x7e\xa7",
.alen = 15,
.input = "\x2f\xab\x45\xe2\xa7\x46\xc5\x83"
"\x11\x9f\xb0\x74\xee\xc7\x03\xdd",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9"
"\x47\x85\xeb\xc7\x6f\x48\x72\xed"
"\xfc\xa5\x0d\x91\x61\x6e\x81\x40",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
"\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
"\x2d\xb0\x45\x87\x18\x86\x68\xf6",
.assoc = "\x4e\xa5\xb2\xd1\x5d\x35\xed\x8f"
"\xe8\x4f\xc8\x89\xc5\xa2\x69\xbc",
.alen = 16,
.input = "\x16\x44\x73\x33\x5d\xf2\xb9\x04"
"\x6b\x79\x98\xef\xdb\xd5\xc5\xf1",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf"
"\x72\x47\xf6\x4b\x74\xe8\xf4\x06"
"\xbe\xd3\xec\x6a\x3b\xcd\x20\x17",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
"\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
"\xee\xde\x23\x60\xf2\xe5\x08\xcc",
.assoc = "\x8a\xca\xec\x70\x6d\xb1\x96\xab"
"\x69\x29\x7a\x1b\xbf\xc7\x2c\xc2"
"\x07",
.alen = 17,
.input = "\xa4\x9b\xb8\x47\xc0\xed\x7a\x45"
"\x98\x54\x8c\xed\x3d\x17\xf0\xdd",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6"
"\x9c\x0a\x02\xd0\x79\x88\x76\x20"
"\x7f\x00\xca\x42\x15\x2c\xbf\xed",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47"
"\x67\xba\x85\xf1\xbb\x30\x56\x26"
"\xaf\x0b\x02\x38\xcc\x44\xa7\xa3",
.assoc = "\xc7\xef\x26\x10\x7d\x2c\x3f\xc6"
"\xea\x03\x2c\xac\xb9\xeb\xef\xc9"
"\x31\x6b\x08\x12\xfc\xd8\x37\x2d"
"\xe0\x17\x3a\x2e\x83\x5c\x8f",
.alen = 31,
.input = "\x20\x24\xe2\x33\x5c\x60\xc9\xf0"
"\xa4\x96\x2f\x0d\x53\xc2\xf8\xfc",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc"
"\xc6\xcc\x0e\x54\x7f\x28\xf8\x3a"
"\x40\x2e\xa9\x1a\xf0\x8b\x5e\xc4",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
"\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
"\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
.assoc = "\x03\x14\x5f\xaf\x8d\xa8\xe7\xe2"
"\x6b\xde\xde\x3e\xb3\x10\xb1\xcf"
"\x5c\x2d\x14\x96\x01\x78\xb9\x47"
"\xa1\x44\x19\x06\x5d\xbb\x2e\x2f",
.alen = 32,
.input = "\x6f\x4a\xb9\xe0\xff\x51\xa3\xf1"
"\xd2\x64\x3e\x66\x6a\xb2\x03\xc0",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2"
"\xf1\x8e\x19\xd8\x84\xc8\x7a\x53"
"\x02\x5b\x88\xf3\xca\xea\xfe\x9b",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x31\x6f\x0b\xe6\x59\x85\xe6\x77"
"\xcc\x81\x63\xab\xae\x6b\x43\x54"
"\xbb\x3f\x9c\xf9\xc5\x70\x5a\x5a"
"\x32\x67\xc0\xe9\x80\x02\xe5\x50",
.assoc = "\x40",
.alen = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\x2c\xfb\xad\x7e\xbe\xa0\x9a\x5b"
"\x7a\x3f\x81\xf7\xfc\x1b\x79\x83"
"\xc7",
.ilen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x4f",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8"
"\x1b\x50\x25\x5d\x89\x68\xfc\x6d"
"\xc3\x89\x67\xcb\xa4\x49\x9d\x71",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
"\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
"\xf4\x94\x9f\xc1\x5a\x61\x85\x27",
.assoc = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.alen = 15,
.input = "\x1f\x7f\xca\x3c\x2b\xe7\x27\xba"
"\x7e\x98\x83\x02\x34\x23\xf7\x94"
"\xde\x35\xe6\x1d\x14\x18\xe5\x38"
"\x14\x80\x6a\xa7\x1b\xae\x1d",
.ilen = 31,
.result = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67",
.rlen = 15,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf"
"\x46\x13\x31\xe1\x8e\x08\x7e\x87"
"\x85\xb6\x46\xa3\x7e\xa8\x3c\x48",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
"\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
"\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
.assoc = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.alen = 16,
.input = "\x05\x86\x9e\xd7\x2b\xa3\x97\x01"
"\xbe\x28\x98\x10\x6f\xe9\x61\x32"
"\x96\xbb\xb1\x2e\x8f\x0c\x44\xb9"
"\x46\x2d\x55\xe3\x42\x67\xf2\xaf",
.ilen = 32,
.result = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5"
"\x70\xd5\x3c\x65\x93\xa8\x00\xa0"
"\x46\xe4\x25\x7c\x58\x08\xdb\x1e",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
"\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
"\x76\xef\x5c\x72\x0f\x1f\xc3\xd4",
.assoc = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05",
.alen = 17,
.input = "\x9c\xe0\x06\x7b\x86\xcf\x2e\xd8"
"\x45\x65\x1b\x72\x9b\xaa\xa3\x1e"
"\x87\x9d\x26\xdf\xff\x81\x11\xd2"
"\x47\x41\xb9\x24\xc1\x8a\xa3\x8b"
"\x55",
.ilen = 33,
.result = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69"
"\xd0",
.rlen = 17,
}, {
.key = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb"
"\x9a\x97\x48\xe9\x98\x48\x82\xba"
"\x07\x11\x04\x54\x32\x67\x7b\xf5",
.klen = 32,
.iv = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
"\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
"\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa",
.assoc = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a",
.alen = 31,
.input = "\xa0\xc8\xde\x83\x0d\xc3\x4e\xd5"
"\x69\x7f\x7a\xdd\x8c\x46\xda\xba"
"\x0a\x5c\x0e\x7f\xac\xee\x02\xd2"
"\xe5\x4b\x0a\xba\xb8\xa4\x7b\x66"
"\xde\xae\xdb\xc2\xc0\x0b\xf7\x2b"
"\xdf\xb8\xea\xd8\xa9\x38\xed",
.ilen = 47,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70"
"\xfa\xa9\xd0\x4d\x5c\x40\x23\xcd"
"\x98\x34\xab\x37\x56\xae\x32",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1"
"\xc5\x5a\x53\x6e\x9d\xe8\x04\xd4"
"\xc9\x3f\xe2\x2d\x0c\xc6\x1a\xcb",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73"
"\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
"\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
.assoc = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
.alen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.input = "\xd3\x68\x14\x70\x3c\x01\x43\x86"
"\x02\xab\xbe\x75\xaa\xe7\xf5\x53"
"\x5c\x05\xbd\x9b\x19\xbb\x2a\x61"
"\x8f\x69\x05\x75\x8e\xca\x60\x0c"
"\x5b\xa2\x48\x61\x32\x74\x11\x2b"
"\xf6\xcf\x06\x78\x6f\x78\x1a\x4a",
.ilen = 48,
.result = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76"
"\x24\x6b\xdc\xd1\x61\xe0\xa5\xe7"
"\x5a\x61\x8a\x0f\x30\x0d\xd1\xec",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7"
"\xef\x1c\x5f\xf2\xa3\x88\x86\xed"
"\x8a\x6d\xc1\x05\xe7\x25\xb9\xa2",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
"\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
"\xba\x78\xf9\xfb\x9d\x3c\xa1\x58",
.assoc = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
"\x9d",
.alen = 33,
.input = "\x07\x0a\x35\xb0\x82\x03\x5a\xd2"
"\x15\x3a\x6c\x72\x83\x9b\xb1\x75"
"\xea\xf2\xfc\xff\xc6\xf1\x13\xa4"
"\x1a\x93\x33\x79\x97\x82\x81\xc0"
"\x96\xc2\x00\xab\x39\xae\xa1\x62"
"\x53\xa3\x86\xc9\x07\x8c\xaf\x22"
"\x47\x31\x29\xca\x4a\x95\xf5\xd5"
"\x20\x63\x5a\x54\x80\x2c\x4a\x63"
"\xfb\x18\x73\x31\x4f\x08\x21\x5d"
"\x20\xe9\xc3\x7e\xea\x25\x77\x3a"
"\x65",
.ilen = 81,
.result = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c"
"\x4f\x2e\xe8\x55\x66\x80\x27\x00"
"\x1b\x8f\x68\xe7\x0a\x6c\x71\xc3"
"\x21\x78\x55\x9d\x9c\x65\x7b\xcd"
"\x0a\x34\x97\xff\x47\x37\xb0\x2a"
"\x80\x0d\x19\x98\x33\xa9\x7a\xe3"
"\x2e\x4c\xc6\xf3\x8c\x88\x42\x01"
"\xbd",
.rlen = 65,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe"
"\x19\xde\x6b\x76\xa8\x28\x08\x07"
"\x4b\x9a\xa0\xdd\xc1\x84\x58\x79",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f"
"\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
"\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e",
.assoc = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
.alen = 65,
.input = "\x33\xc1\xda\xfa\x15\x21\x07\x8e"
"\x93\x68\xea\x64\x7b\x3d\x4b\x6b"
"\x71\x5e\x5e\x6b\x92\xaa\x65\xc2"
"\x7a\x2a\xc1\xa9\x0a\xa1\x24\x81"
"\x26\x3a\x5a\x09\xe8\xce\x73\x72"
"\xde\x7b\x58\x9e\x85\xb9\xa4\x28"
"\xda",
.ilen = 49,
.result = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82"
"\x79\xf0\xf3\xd9\x6c\x20\xa9\x1a"
"\xdc\xbc\x47\xc0\xe4\xcb\x10\x99"
"\x2f",
.rlen = 33,
}, {
.key = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04"
"\x44\xa1\x76\xfb\xad\xc8\x8a\x21"
"\x0d\xc8\x7f\xb6\x9b\xe3\xf8\x4f",
.klen = 32,
.iv = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
"\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
"\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
.assoc = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.alen = 16,
.input = "\x3e\xf8\x86\x3d\x39\xf8\x96\x02"
"\x0f\xdf\xc9\x6e\x37\x1e\x57\x99"
"\x07\x2a\x1a\xac\xd1\xda\xfd\x3b"
"\xc7\xff\xbd\xbc\x85\x09\x0b",
.ilen = 31,
.result = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a"
"\x6e\x63\x82\x7f\xb2\x68\x0c\x3a"
"\xce\xf5\x5e\x8e\x75\x42\x97\x26",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
"\x39\x14\x05\xa0\xf3\x10\xec\x41"
"\xff\x01\x95\x84\x2b\x59\x7f\xdb",
.assoc = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.alen = 16,
.input = "\x2f\xc4\xd8\x0d\xa6\x07\xef\x2e"
"\x6c\xd9\x84\x63\x70\x97\x61\x37"
"\x08\x2f\x16\x90\x9e\x62\x30\x0d"
"\x62\xd5\xc8\xf0\x46\x1a",
.ilen = 30,
.result = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.rlen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
}, {
.key = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10"
"\x98\x25\x8d\x03\xb7\x08\x8e\x54"
"\x90\x23\x3d\x67\x4f\xa1\x36\xfc",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92"
"\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
"\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
.assoc = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.alen = 16,
.input = "\xce\xf3\x17\x87\x49\xc2\x00\x46"
"\xc6\x12\x5c\x8f\x81\x38\xaa\x55"
"\xf8\x67\x75\xf1\x75\xe3\x2a\x24",
.ilen = 24,
.result = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.rlen = 16,
},
};
/*
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* MORUS-640 test vectors - generated via reference implementation from
* SUPERCOP (https://bench.cr.yp.to/supercop.html):
*
* https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
* (see crypto_aead/morus640128v2/)
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec morus640_enc_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
.assoc = "",
.alen = 0,
.input = "",
.ilen = 0,
.result = "\x89\x62\x7d\xf3\x07\x9d\x52\x05"
"\x53\xc3\x04\x60\x93\xb4\x37\x9a",
.rlen = 16,
}, {
.key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
"\x80\xda\xb2\x91\xf9\x24\xc2\x06",
.klen = 16,
.iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
.assoc = "",
.alen = 0,
.input = "\x69",
.ilen = 1,
.result = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78"
"\xb6\x10\x9a\x59\x5f\x61\x37\x70"
"\x09",
.rlen = 17,
}, {
.key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
"\x01\xb4\x64\x22\xf3\x48\x85\x0c",
.klen = 16,
.iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
.assoc = "",
.alen = 0,
.input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
"\x62\x58\xe9\x8f\xef\xa4\x17",
.ilen = 15,
.result = "\x76\xdd\xb9\x05\x3d\xce\x61\x38"
"\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5"
"\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b"
"\xd4\x6e\xfe\xd9\xc8\x63\x4b",
.rlen = 31,
}, {
.key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47\x12",
.klen = 16,
.iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
.assoc = "",
.alen = 0,
.input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
"\xe3\x32\x9b\x21\xe9\xc8\xd9\x97",
.ilen = 16,
.result = "\xdc\x72\xe8\x14\xfb\x63\xad\x72"
"\x1f\x57\x9a\x1f\x88\x81\xdb\xd6"
"\xc1\x91\x9d\xb9\x25\xc4\x99\x4c"
"\x97\xcd\x8a\x0c\x9d\x68\x00\x1c",
.rlen = 32,
}, {
.key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.klen = 16,
.iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
.assoc = "",
.alen = 0,
.input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
"\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
"\x09",
.ilen = 17,
.result = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82"
"\x0a\xb8\x55\xee\xeb\x73\x4d\x7f"
"\x54\x11\x3a\x8a\x31\xa3\xb5\xf2"
"\xcd\x49\xdb\xf3\xee\x26\xbd\xa2"
"\x0d",
.rlen = 33,
}, {
.key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
.klen = 16,
.iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
.assoc = "",
.alen = 0,
.input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
"\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
"\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
"\x57\x05\x01\x1c\x66\x22\xd3",
.ilen = 31,
.result = "\x59\xd1\x0f\x6b\xee\x27\x84\x92"
"\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5"
"\x50\x32\xb4\x9a\x2e\x35\x83\x55"
"\x36\x12\x12\xed\xa3\x31\xc5\x30"
"\xa7\xe2\x4a\x6d\x05\x59\x43\x91"
"\x75\xfa\x6c\x17\xc6\x73\xca",
.rlen = 47,
}, {
.key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
.klen = 16,
.iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
.assoc = "",
.alen = 0,
.input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
"\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
"\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
"\x19\x33\xe0\xf4\x40\x81\x72\x28",
.ilen = 32,
.result = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1"
"\xcf\x50\xb2\x4c\x32\xe1\xa6\x69"
"\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39"
"\x1b\xde\x68\x38\xcc\x27\x52\xc5"
"\xf6\x3e\x74\xea\x66\x5b\x5f\x0c"
"\x65\x9e\x58\xe6\x52\xa2\xfe\x59",
.rlen = 48,
}, {
.key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
.assoc = "\xc5",
.alen = 1,
.input = "",
.ilen = 0,
.result = "\x56\xe7\x24\x52\xdd\x95\x60\x5b"
"\x09\x48\x39\x69\x9c\xb3\x62\x46",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
"\x07\xd1\x90\x8b\xcf\x23\x15\x31",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
.assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76",
.alen = 15,
.input = "",
.ilen = 0,
.result = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01"
"\x13\xe5\x73\x46\x46\xf2\x5c\xe1",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
"\x88\xab\x42\x1c\xc9\x47\xd7\x38",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
.assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
.alen = 16,
.input = "",
.ilen = 0,
.result = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac"
"\xa9\x21\x45\x0b\x16\x52\xf7\xe1",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
"\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
.assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
"\x3c",
.alen = 17,
.input = "",
.ilen = 0,
.result = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9"
"\xbb\xa8\x62\xad\x0a\xf5\x48\x60",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
"\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
.assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47"
"\x67\xba\x85\xf1\xbb\x30\x56\x26"
"\xaf\x0b\x02\x38\xcc\x44\xa7",
.alen = 31,
.input = "",
.ilen = 0,
.result = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d"
"\x4b\xef\x75\x16\x0a\x99\xae\x6b",
.rlen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
}, {
.key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
"\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
.assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
"\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
"\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
.alen = 32,
.input = "",
.ilen = 0,
.result = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f"
"\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
"\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
.klen = 16,
.iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
.assoc = "\x31",
.alen = 1,
.input = "\x40",
.ilen = 1,
.result = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38"
"\x01\xfe\x84\x14\x85\xf8\xd1\xe3"
"\x22",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
"\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
.klen = 16,
.iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
.assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06",
.alen = 15,
.input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.ilen = 15,
.result = "\x77\x32\x61\xeb\xb4\x33\x29\x92"
"\x29\x95\xc5\x8e\x85\x76\xab\xfc"
"\x07\x95\xa7\x44\x74\xf7\x22\xff"
"\xd8\xd8\x36\x3d\x8a\x7f\x9e",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
.klen = 16,
.iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
.assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
.alen = 16,
.input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.ilen = 16,
.result = "\xd8\xfd\x44\x45\xf6\x42\x12\x38"
"\xf2\x0b\xea\x4f\x9e\x11\x61\x07"
"\x48\x67\x98\x18\x9b\xd0\x0c\x59"
"\x67\xa4\x11\xb3\x2b\xd6\xc1\x70",
.rlen = 32,
}, {
.key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.klen = 16,
.iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
.assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
"\x3b",
.alen = 17,
.input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05",
.ilen = 17,
.result = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6"
"\x71\x3a\x00\x9f\x41\x88\xb0\xb2"
"\x71\x83\x85\x5f\xc8\x79\x0a\x99"
"\x99\xdc\x89\x1c\x88\xd2\x3e\xf9"
"\x83",
.rlen = 33,
}, {
.key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
.klen = 16,
.iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
.assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
"\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
"\x38\x1d\x3b\x4a\xe9\x7e\x62",
.alen = 31,
.input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a",
.ilen = 31,
.result = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06"
"\x5c\x7b\xef\x64\x87\x00\xd1\x37"
"\xa7\x08\xbc\x7f\x8f\x41\x54\xd0"
"\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a"
"\x2d\x21\x30\xf9\x02\xdb\x06\x0c"
"\xf1\x5a\x66\x69\xe0\xca\x83",
.rlen = 47,
}, {
.key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70",
.klen = 16,
.iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
.assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73"
"\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
"\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
.alen = 32,
.input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
.ilen = 32,
.result = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2"
"\x70\x57\x37\xc5\xc2\x4f\x8d\x14"
"\xc6\xbf\x8b\xec\xf5\x62\x67\xf2"
"\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54"
"\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa"
"\x7a\x00\x2e\x4d\x7f\x31\x2e\x81",
.rlen = 48,
}, {
.key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76",
.klen = 16,
.iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
.assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
"\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
"\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
"\x1a",
.alen = 33,
.input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
"\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
"\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
"\x75\x73\x20\x30\x59\x54\xb2\xf0"
"\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
"\x8a",
.ilen = 65,
.result = "\xc7\xca\x26\x61\x57\xee\xa2\xb9"
"\xb1\x37\xde\x95\x06\x90\x11\x08"
"\x4d\x30\x9f\x24\xc0\x56\xb7\xe1"
"\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76"
"\x56\x9a\xb4\x58\xc5\x08\xfc\xb5"
"\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb"
"\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b"
"\xef\x35\x25\x48\xed\xcf\x29\xa8"
"\xac\xc3\xb9\xcb\x61\x8f\x73\x92"
"\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1"
"\xc4",
.rlen = 81,
}, {
.key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
.klen = 16,
.iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
.assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f"
"\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
"\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
"\x28\xce\x57\x34\xcd\x6e\x84\x4c"
"\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
"\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
"\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
"\x21",
.alen = 65,
.input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac",
.ilen = 33,
.result = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b"
"\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40"
"\xf3\x78\x63\x34\x89\x79\x39\x6b"
"\x61\x64\x4a\x9a\xfa\x70\xa4\xd3"
"\x54\x0b\xea\x05\xa6\x95\x64\xed"
"\x3d\x69\xa2\x0c\x27\x56\x2f\x34"
"\x66",
.rlen = 49,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
.klen = 16,
.iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
.assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
.alen = 16,
.input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.ilen = 16,
.result = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f"
"\x33\x98\x87\xde\x08\xb6\xb6\xae"
"\x3e\xa4\xf8\x19\xf1\x92\x60\x39"
"\xb9\x6b\x3f\xdf\xc8\xcb\x30",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.klen = 16,
.iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
.assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
.alen = 16,
.input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.ilen = 16,
.result = "\x74\x7d\x70\x07\xe9\xba\x01\xee"
"\x6c\xc6\x6f\x50\x25\x33\xbe\x50"
"\x17\xb8\x17\x62\xed\x80\xa2\xf5"
"\x03\xde\x85\x71\x5d\x34",
.rlen = 30,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.klen = 16,
.iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
.assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92",
.alen = 16,
.input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.ilen = 16,
.result = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38"
"\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf"
"\xba\xea\xd4\xfa\x3f\x11\x33\x98",
.rlen = 24,
}, {
.key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.klen = 16,
.iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
"\x36\xab\xde\xc6\x6d\x32\x70\x17",
.assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
"\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98",
.alen = 16,
.input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
"\x76\x18\x37\x0f\x6a\xc4\xd1\x1a",
.ilen = 16,
.result = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86"
"\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c"
"\x6e",
.rlen = 17,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec morus640_dec_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
.assoc = "",
.alen = 0,
.input = "\x89\x62\x7d\xf3\x07\x9d\x52\x05"
"\x53\xc3\x04\x60\x93\xb4\x37\x9a",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
"\x80\xda\xb2\x91\xf9\x24\xc2\x06",
.klen = 16,
.iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
.assoc = "",
.alen = 0,
.input = "\xa8\x8d\xe4\x90\xb5\x50\x8f\x78"
"\xb6\x10\x9a\x59\x5f\x61\x37\x70"
"\x09",
.ilen = 17,
.result = "\x69",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
"\x01\xb4\x64\x22\xf3\x48\x85\x0c",
.klen = 16,
.iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
.assoc = "",
.alen = 0,
.input = "\x76\xdd\xb9\x05\x3d\xce\x61\x38"
"\xf3\xef\xf7\xe5\xd7\xfd\x70\xa5"
"\xcf\x9d\x64\xb8\x0a\x9f\xfd\x8b"
"\xd4\x6e\xfe\xd9\xc8\x63\x4b",
.ilen = 31,
.result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
"\x62\x58\xe9\x8f\xef\xa4\x17",
.rlen = 15,
}, {
.key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47\x12",
.klen = 16,
.iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
.assoc = "",
.alen = 0,
.input = "\xdc\x72\xe8\x14\xfb\x63\xad\x72"
"\x1f\x57\x9a\x1f\x88\x81\xdb\xd6"
"\xc1\x91\x9d\xb9\x25\xc4\x99\x4c"
"\x97\xcd\x8a\x0c\x9d\x68\x00\x1c",
.ilen = 32,
.result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
"\xe3\x32\x9b\x21\xe9\xc8\xd9\x97",
.rlen = 16,
}, {
.key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.klen = 16,
.iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
.assoc = "",
.alen = 0,
.input = "\x6b\x4f\x3b\x90\x9a\xa2\xb3\x82"
"\x0a\xb8\x55\xee\xeb\x73\x4d\x7f"
"\x54\x11\x3a\x8a\x31\xa3\xb5\xf2"
"\xcd\x49\xdb\xf3\xee\x26\xbd\xa2"
"\x0d",
.ilen = 33,
.result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
"\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
"\x09",
.rlen = 17,
}, {
.key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
.klen = 16,
.iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
.assoc = "",
.alen = 0,
.input = "\x59\xd1\x0f\x6b\xee\x27\x84\x92"
"\xb7\xa9\xb5\xdd\x02\xa4\x12\xa5"
"\x50\x32\xb4\x9a\x2e\x35\x83\x55"
"\x36\x12\x12\xed\xa3\x31\xc5\x30"
"\xa7\xe2\x4a\x6d\x05\x59\x43\x91"
"\x75\xfa\x6c\x17\xc6\x73\xca",
.ilen = 47,
.result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
"\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
"\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
"\x57\x05\x01\x1c\x66\x22\xd3",
.rlen = 31,
}, {
.key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
.klen = 16,
.iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
.assoc = "",
.alen = 0,
.input = "\xdb\x49\x68\x0f\x91\x5b\x21\xb1"
"\xcf\x50\xb2\x4c\x32\xe1\xa6\x69"
"\xc0\xfb\x44\x1f\xa0\x9a\xeb\x39"
"\x1b\xde\x68\x38\xcc\x27\x52\xc5"
"\xf6\x3e\x74\xea\x66\x5b\x5f\x0c"
"\x65\x9e\x58\xe6\x52\xa2\xfe\x59",
.ilen = 48,
.result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
"\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
"\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
"\x19\x33\xe0\xf4\x40\x81\x72\x28",
.rlen = 32,
}, {
.key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
.klen = 16,
.iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
.assoc = "\xc5",
.alen = 1,
.input = "\x56\xe7\x24\x52\xdd\x95\x60\x5b"
"\x09\x48\x39\x69\x9c\xb3\x62\x46",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
"\x07\xd1\x90\x8b\xcf\x23\x15\x31",
.klen = 16,
.iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
.assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76",
.alen = 15,
.input = "\xdd\xfa\x6c\x1f\x5d\x86\x87\x01"
"\x13\xe5\x73\x46\x46\xf2\x5c\xe1",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
"\x88\xab\x42\x1c\xc9\x47\xd7\x38",
.klen = 16,
.iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
.assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b",
.alen = 16,
.input = "\xa6\x1b\xb9\xd7\x5e\x3c\xcf\xac"
"\xa9\x21\x45\x0b\x16\x52\xf7\xe1",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
"\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
.klen = 16,
.iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
.assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
"\x3c",
.alen = 17,
.input = "\x15\xff\xde\x3b\x34\xfc\xf6\xf9"
"\xbb\xa8\x62\xad\x0a\xf5\x48\x60",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
"\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
.klen = 16,
.iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
.assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47"
"\x67\xba\x85\xf1\xbb\x30\x56\x26"
"\xaf\x0b\x02\x38\xcc\x44\xa7",
.alen = 31,
.input = "\xd2\x9d\xf8\x3b\xd7\x84\xe9\x2d"
"\x4b\xef\x75\x16\x0a\x99\xae\x6b",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
"\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
.klen = 16,
.iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
.assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
"\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
"\x71\x39\xe1\x10\xa6\xa3\x46\x7a",
.alen = 32,
.input = "\xe4\x8d\xa7\xa7\x45\xc1\x31\x4f"
"\xce\xfb\xaf\xd6\xc2\xe6\xee\xc0",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
"\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
.klen = 16,
.iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
.assoc = "\x31",
.alen = 1,
.input = "\xe2\x67\x38\x4f\xb9\xad\x7d\x38"
"\x01\xfe\x84\x14\x85\xf8\xd1\xe3"
"\x22",
.ilen = 17,
.result = "\x40",
.rlen = 1,
}, {
.key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
"\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
.klen = 16,
.iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
.assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06",
.alen = 15,
.input = "\x77\x32\x61\xeb\xb4\x33\x29\x92"
"\x29\x95\xc5\x8e\x85\x76\xab\xfc"
"\x07\x95\xa7\x44\x74\xf7\x22\xff"
"\xd8\xd8\x36\x3d\x8a\x7f\x9e",
.ilen = 31,
.result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37",
.rlen = 15,
}, {
.key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
.klen = 16,
.iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
.assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60",
.alen = 16,
.input = "\xd8\xfd\x44\x45\xf6\x42\x12\x38"
"\xf2\x0b\xea\x4f\x9e\x11\x61\x07"
"\x48\x67\x98\x18\x9b\xd0\x0c\x59"
"\x67\xa4\x11\xb3\x2b\xd6\xc1\x70",
.ilen = 32,
.result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.klen = 16,
.iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
.assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
"\x3b",
.alen = 17,
.input = "\xb1\xab\x53\x4e\xc7\x40\x16\xb6"
"\x71\x3a\x00\x9f\x41\x88\xb0\xb2"
"\x71\x83\x85\x5f\xc8\x79\x0a\x99"
"\x99\xdc\x89\x1c\x88\xd2\x3e\xf9"
"\x83",
.ilen = 33,
.result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
.klen = 16,
.iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
.assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
"\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
"\x38\x1d\x3b\x4a\xe9\x7e\x62",
.alen = 31,
.input = "\x29\xc4\xf0\x03\xc1\x86\xdf\x06"
"\x5c\x7b\xef\x64\x87\x00\xd1\x37"
"\xa7\x08\xbc\x7f\x8f\x41\x54\xd0"
"\x3e\xf1\xc3\xa2\x96\x84\xdd\x2a"
"\x2d\x21\x30\xf9\x02\xdb\x06\x0c"
"\xf1\x5a\x66\x69\xe0\xca\x83",
.ilen = 47,
.result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70",
.klen = 16,
.iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
.assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73"
"\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
"\xf9\x4a\x1a\x23\xc3\xdd\x02\x81",
.alen = 32,
.input = "\xe2\x2e\x44\xdf\xd3\x60\x6d\xb2"
"\x70\x57\x37\xc5\xc2\x4f\x8d\x14"
"\xc6\xbf\x8b\xec\xf5\x62\x67\xf2"
"\x2f\xa1\xe6\xd6\xa7\xb1\x8c\x54"
"\xe5\x6b\x49\xf9\x6e\x90\xc3\xaa"
"\x7a\x00\x2e\x4d\x7f\x31\x2e\x81",
.ilen = 48,
.result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76",
.klen = 16,
.iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
.assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
"\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
"\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
"\x1a",
.alen = 33,
.input = "\xc7\xca\x26\x61\x57\xee\xa2\xb9"
"\xb1\x37\xde\x95\x06\x90\x11\x08"
"\x4d\x30\x9f\x24\xc0\x56\xb7\xe1"
"\x0b\x9f\xd2\x57\xe9\xd2\xb1\x76"
"\x56\x9a\xb4\x58\xc5\x08\xfc\xb5"
"\xf2\x31\x9b\xc9\xcd\xb3\x64\xdb"
"\x6f\x50\xbf\xf4\x73\x9d\xfb\x6b"
"\xef\x35\x25\x48\xed\xcf\x29\xa8"
"\xac\xc3\xb9\xcb\x61\x8f\x73\x92"
"\x2c\x7a\x6f\xda\xf9\x09\x6f\xe1"
"\xc4",
.ilen = 81,
.result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
"\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
"\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
"\x75\x73\x20\x30\x59\x54\xb2\xf0"
"\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
"\x8a",
.rlen = 65,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
.klen = 16,
.iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
.assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f"
"\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
"\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
"\x28\xce\x57\x34\xcd\x6e\x84\x4c"
"\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
"\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
"\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
"\x21",
.alen = 65,
.input = "\x57\xcd\x3d\x46\xc5\xf9\x68\x3b"
"\x2c\x0f\xb4\x7e\x7b\x64\x3e\x40"
"\xf3\x78\x63\x34\x89\x79\x39\x6b"
"\x61\x64\x4a\x9a\xfa\x70\xa4\xd3"
"\x54\x0b\xea\x05\xa6\x95\x64\xed"
"\x3d\x69\xa2\x0c\x27\x56\x2f\x34"
"\x66",
.ilen = 49,
.result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
.klen = 16,
.iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
.assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85",
.alen = 16,
.input = "\xfc\x85\x06\x28\x8f\xe8\x23\x1f"
"\x33\x98\x87\xde\x08\xb6\xb6\xae"
"\x3e\xa4\xf8\x19\xf1\x92\x60\x39"
"\xb9\x6b\x3f\xdf\xc8\xcb\x30",
.ilen = 31,
.result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.klen = 16,
.iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
.assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c",
.alen = 16,
.input = "\x74\x7d\x70\x07\xe9\xba\x01\xee"
"\x6c\xc6\x6f\x50\x25\x33\xbe\x50"
"\x17\xb8\x17\x62\xed\x80\xa2\xf5"
"\x03\xde\x85\x71\x5d\x34",
.ilen = 30,
.result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d",
.rlen = 16,
}, {
.key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.klen = 16,
.iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
.assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92",
.alen = 16,
.input = "\xf4\xb3\x85\xf9\xac\xde\xb1\x38"
"\x29\xfd\x6c\x7c\x49\xe5\x1d\xaf"
"\xba\xea\xd4\xfa\x3f\x11\x33\x98",
.ilen = 24,
.result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13",
.rlen = 16,
}, {
.key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.klen = 16,
.iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
"\x36\xab\xde\xc6\x6d\x32\x70\x17",
.assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
"\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98",
.alen = 16,
.input = "\xe6\x5c\x49\x4f\x78\xf3\x62\x86"
"\xe1\xb7\xa5\xc3\x32\x88\x3c\x8c"
"\x6e",
.ilen = 17,
.result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
"\x76\x18\x37\x0f\x6a\xc4\xd1\x1a",
.rlen = 16,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* MORUS-1280 test vectors - generated via reference implementation from
* SUPERCOP (https://bench.cr.yp.to/supercop.html):
*
* https://bench.cr.yp.to/supercop/supercop-20170228.tar.xz
* (see crypto_aead/morus1280128v2/ and crypto_aead/morus1280256v2/ )
*/
static const struct aead_testvec morus1280_enc_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
.assoc = "",
.alen = 0,
.input = "",
.ilen = 0,
.result = "\x91\x85\x0f\xf5\x52\x9e\xce\xce"
"\x65\x99\xc7\xbf\xd3\x76\xe8\x98",
.rlen = 16,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
"\x80\xda\xb2\x91\xf9\x24\xc2\x06",
.klen = 16,
.iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
.assoc = "",
.alen = 0,
.input = "\x69",
.ilen = 1,
.result = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13"
"\x96\xda\x76\x34\x33\x4e\xd5\x39"
"\x73",
.rlen = 17,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
"\x01\xb4\x64\x22\xf3\x48\x85\x0c",
.klen = 16,
.iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
.assoc = "",
.alen = 0,
.input = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
"\x62\x58\xe9\x8f\xef\xa4\x17\x91"
"\xb4\x96\x9f\x6b\xce\x38\xa5\x46"
"\x13\x7d\x64\x93\xd7\x05\xf5",
.ilen = 31,
.result = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22"
"\x75\x0b\x24\xa6\x0e\xc3\xde\x52"
"\x97\x0b\x64\xd4\xce\x90\x52\xf7"
"\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d"
"\xe0\x61\x33\x24\xc6\x4d\x51\xbc"
"\xa4\x21\x74\xcf\x19\x16\x59",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47\x12",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
.assoc = "",
.alen = 0,
.input = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
"\xe3\x32\x9b\x21\xe9\xc8\xd9\x97"
"\xde\x58\xab\xf0\xd3\xd8\x27\x60"
"\xd5\xaa\x43\x6b\xb1\x64\x95\xa4",
.ilen = 32,
.result = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f"
"\xde\x9f\x77\xb2\xda\x92\x61\x5c"
"\x09\x0b\x2d\x9a\x26\xaa\x1c\x06"
"\xab\x74\xb7\x2b\x95\x5f\x9f\xa1"
"\x9a\xff\x50\xa0\xa2\xff\xc5\xad"
"\x21\x8e\x84\x5c\x12\x61\xb2\xae",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.klen = 16,
.iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
.assoc = "",
.alen = 0,
.input = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
"\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
"\x09\x1a\xb7\x74\xd8\x78\xa9\x79"
"\x96\xd8\x22\x43\x8c\xc3\x34\x7b"
"\xc4",
.ilen = 33,
.result = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17"
"\xc1\x1d\x2a\xdd\x88\x67\xda\x1f"
"\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f"
"\xa6\xec\xc6\x92\x05\x4b\xc0\xa3"
"\x63\xef\x88\xa4\x9b\x0a\x5c\xed"
"\x2b\x6a\xac\x63\x52\xaa\x10\x94"
"\xd0",
.rlen = 49,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
.assoc = "",
.alen = 0,
.input = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
"\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
"\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
"\x57\x05\x01\x1c\x66\x22\xd3\x51"
"\xd3\xdf\x18\xc9\x30\x66\xed\xb1"
"\x96\x58\xd5\x8c\x64\x8c\x7c\xf5"
"\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1"
"\xe6\x16\xa2\xac\xde\x47\x40",
.ilen = 63,
.result = "\x7d\x61\x1a\x35\x20\xcc\x07\x88"
"\x03\x98\x87\xcf\xc0\x6e\x4d\x19"
"\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a"
"\x3a\x06\x77\xce\x71\x2c\xcd\xdd"
"\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc"
"\x6c\xbe\x77\xed\x74\x0e\x20\x85"
"\xd0\x65\xde\x24\x6f\xe3\x25\xc5"
"\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9"
"\xe5\x81\x37\xde\x84\x7a\xf6\x84"
"\x99\x7a\x72\x9c\x54\x31\xa1",
.rlen = 79,
}, {
.key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
.assoc = "",
.alen = 0,
.input = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
"\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
"\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
"\x19\x33\xe0\xf4\x40\x81\x72\x28"
"\xe1\x8b\x1c\xf8\x91\x78\xff\xaf"
"\xb0\x68\x69\xf2\x27\x35\x91\x84"
"\x2e\x37\x5b\x00\x04\xff\x16\x9c"
"\xb5\x19\x39\xeb\xd9\xcd\x29\x9a",
.ilen = 64,
.result = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c"
"\xa5\x07\x12\xa7\x12\x39\x60\x66"
"\x30\x81\x4a\x03\x78\x28\x45\x52"
"\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66"
"\x6f\x45\xd7\x3b\x67\x6f\x51\xb9"
"\xc0\x3d\x6c\xca\x1e\xae\xff\xb6"
"\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf"
"\xeb\x71\x40\xc9\x2c\x40\x45\x6d"
"\x73\x77\x01\xf3\x4f\xf3\x9d\x2a"
"\x5d\x57\xa8\xa1\x18\xa2\xad\xcb",
.rlen = 80,
}, {
.key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
.klen = 16,
.iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
.assoc = "\xc5",
.alen = 1,
.input = "",
.ilen = 0,
.result = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e"
"\x89\x3b\x9d\x0f\x83\x1c\x08\xc3",
.rlen = 16,
}, {
.key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
"\x07\xd1\x90\x8b\xcf\x23\x15\x31",
.klen = 16,
.iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
.assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
"\xe8\x73\x62\x64\xab\x50\xd0\xda"
"\x6b\x83\x66\xaf\x3e\x27\xc9",
.alen = 31,
.input = "",
.ilen = 0,
.result = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38"
"\x03\x12\xf9\xcc\x9e\x46\x42\x92",
.rlen = 16,
}, {
.key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
"\x88\xab\x42\x1c\xc9\x47\xd7\x38",
.klen = 16,
.iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
.assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
"\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
"\x2d\xb0\x45\x87\x18\x86\x68\xf6",
.alen = 32,
.input = "",
.ilen = 0,
.result = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2"
"\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0",
.rlen = 16,
}, {
.key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
"\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
.klen = 16,
.iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
.assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
"\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
"\xee\xde\x23\x60\xf2\xe5\x08\xcc"
"\x97",
.alen = 33,
.input = "",
.ilen = 0,
.result = "\x28\x64\x78\x51\x55\xd8\x56\x4a"
"\x58\x3e\xf7\xbe\xee\x21\xfe\x94",
.rlen = 16,
}, {
.key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
"\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
.klen = 16,
.iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
.assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47"
"\x67\xba\x85\xf1\xbb\x30\x56\x26"
"\xaf\x0b\x02\x38\xcc\x44\xa7\xa3"
"\xa6\xbf\x31\x93\x60\xcd\xda\x63"
"\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb"
"\x03\xa1\xe8\xbe\x37\x54\xec\xa2"
"\xcd\x2c\x45\x58\xbd\x8e\x80",
.alen = 63,
.input = "",
.ilen = 0,
.result = "\xb3\xa6\x00\x4e\x09\x20\xac\x21"
"\x77\x72\x69\x76\x2d\x36\xe5\xc8",
.rlen = 16,
}, {
.key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
"\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
.klen = 16,
.iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
.assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
"\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
"\x71\x39\xe1\x10\xa6\xa3\x46\x7a"
"\xb4\x6b\x35\xc2\xc1\xdf\xed\x60"
"\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a"
"\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d"
"\x9c\x2f\xdb\x97\xb8\x15\x69\x01",
.alen = 64,
.input = "",
.ilen = 0,
.result = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd"
"\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14",
.rlen = 16,
}, {
.key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
"\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
.klen = 16,
.iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
.assoc = "\x31",
.alen = 1,
.input = "\x40",
.ilen = 1,
.result = "\x1d\x47\x17\x34\x86\xf5\x54\x1a"
"\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9"
"\xbf",
.rlen = 17,
}, {
.key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
"\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
.klen = 16,
.iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
.assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
"\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
"\xf4\x94\x9f\xc1\x5a\x61\x85",
.alen = 31,
.input = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37\xdb"
"\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a"
"\x24\xa0\xd6\xb7\x11\x79\x6c",
.ilen = 31,
.result = "\x78\x90\x52\xae\x0f\xf7\x2e\xef"
"\x63\x09\x08\x58\xb5\x56\xbd\x72"
"\x6e\x42\xcf\x27\x04\x7c\xdb\x92"
"\x18\xe9\xa4\x33\x90\xba\x62\xb5"
"\x70\xd3\x88\x9b\x4f\x05\xa7\x51"
"\x85\x87\x17\x09\x42\xed\x4e",
.rlen = 47,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
.klen = 16,
.iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
.assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
"\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
"\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
.alen = 32,
.input = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2"
"\xdb\x74\x36\x23\x11\x58\x3f\x93"
"\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3",
.ilen = 32,
.result = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41"
"\x2e\x71\xc8\x3b\x92\x43\x58\xaf"
"\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e"
"\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a"
"\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6"
"\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7",
.rlen = 48,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
.assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
"\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
"\x76\xef\x5c\x72\x0f\x1f\xc3\xd4"
"\xee",
.alen = 33,
.input = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05\x36\x42\xa7\x16\xf8\xc1\xad"
"\xa7\xfb\x94\x68\xc5\x37\xab\x8a"
"\x72",
.ilen = 33,
.result = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc"
"\xfd\x2e\x4b\x46\x84\xff\x78\x4e"
"\x50\xda\x5c\xb9\x61\x1d\xf5\xb9"
"\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd"
"\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37"
"\x08\x06\x5a\xe5\x96\x10\x95\xc2"
"\x5e",
.rlen = 49,
}, {
.key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
.assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
"\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
"\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa"
"\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54"
"\xc8\x0e\x24\x7f\x5e\x10\x7a\x45"
"\x10\x0b\x56\x85\xad\x54\xaa\x66"
"\xa8\x43\xcd\xd4\x9b\xb7\xfa",
.alen = 63,
.input = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a\x60"
"\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93"
"\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8"
"\x1b\xa5\x50\xed\x87\xa9\x72\x59"
"\x9c\x44\xb2\xa4\x99\x98\x34",
.ilen = 63,
.result = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22"
"\x49\x2d\x07\x92\xfc\x3d\x6d\x5f"
"\xef\x36\x19\xae\x91\xfa\xd6\x63"
"\x46\xea\x8a\x39\x14\x21\xa6\x37"
"\x18\xfc\x97\x3e\x16\xa5\x4d\x39"
"\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d"
"\x5e\xa2\xbf\xac\x83\x32\x72\x52"
"\x58\x58\x23\x40\xfd\xa5\xc2\xe6"
"\xe9\x5a\x50\x98\x00\x58\xc9\x86"
"\x4f\x20\x37\xdb\x7b\x22\xa3",
.rlen = 79,
}, {
.key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
.assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73"
"\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
"\xf9\x4a\x1a\x23\xc3\xdd\x02\x81"
"\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51"
"\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4"
"\x3d\x72\x3e\x26\x16\xa9\xca\x32"
"\x77\x47\x63\x14\x95\x3d\xe4\x34",
.alen = 64,
.input = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37"
"\x8f\xa1\x50\x23\x22\x4f\xe3\x91"
"\xe9\x21\x5e\xbf\x52\x23\x95\x37"
"\x48\x0c\x38\x8f\xf0\xff\x92\x24"
"\x6b\x47\x49\xe3\x94\x1f\x1e\x01",
.ilen = 64,
.result = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb"
"\x23\xec\x35\xe3\xae\xc9\xfb\x0b"
"\x90\x14\x46\xeb\xa8\x8d\xb0\x9b"
"\x39\xda\x8b\x48\xec\xb2\x00\x4e"
"\x80\x6f\x46\x4f\x9b\x1e\xbb\x35"
"\xea\x5a\xbc\xa2\x36\xa5\x89\x45"
"\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56"
"\xec\x99\x7d\x61\xb3\x15\x93\xed"
"\x83\x1e\xd9\x48\x84\x0b\x37\xfe"
"\x95\x74\x44\xd5\x54\xa6\x27\x06",
.rlen = 80,
}, {
.key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
.assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
"\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
"\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
"\x1a\x22\x53\x05\x6b\x5c\x71\x4f"
"\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63"
"\x6a\xda\x26\xc8\x7f\xff\xea\xfd"
"\x46\x4a\xfa\x53\x8f\xc4\xcd\x68"
"\x58",
.alen = 65,
.input = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
"\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
"\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
"\x75\x73\x20\x30\x59\x54\xb2\xf0"
"\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
"\x8a\xdf\x27\xa0\xe4\x60\x99\xae"
"\x8e\x43\xd9\x39\x7b\x10\x40\x67"
"\x5c\x7e\xc9\x70\x63\x34\xca\x59"
"\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d"
"\x6a\x41\x64\x6f\x16\x7f\x65\x7e"
"\x89\x84\x68\xeb\xb0\x51\xbe\x55"
"\x33\x16\x59\x6c\x3b\xef\x88\xad"
"\x2f\xab\xbc\x25\x76\x87\x41\x2f"
"\x36",
.ilen = 129,
.result = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9"
"\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb"
"\x52\xb5\xb3\xab\x50\x99\x3f\xa0"
"\x38\xa4\x74\xa5\x04\x15\x63\x05"
"\x8f\x54\x81\x06\x5a\x6b\xa4\x63"
"\x6d\xa7\x21\xcb\xff\x42\x30\x8e"
"\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3"
"\x42\x01\xe6\xbc\x75\x15\x87\xee"
"\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f"
"\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0"
"\xed\x5d\x14\x7c\x3f\x40\xb1\x0b"
"\x72\xef\x94\x8d\x7a\x85\x56\xe5"
"\x56\x08\x15\x56\xba\xaf\xbd\xf0"
"\x20\xef\xa0\xf6\xa9\xad\xa2\xc9"
"\x1c\x3b\x28\x51\x7e\x77\xb2\x18"
"\x4f\x61\x64\x37\x22\x36\x6d\x78"
"\xed\xed\x35\xe8\x83\xa5\xec\x25"
"\x6b\xff\x5f\x1a\x09\x96\x3d\xdc"
"\x20",
.rlen = 145,
}, {
.key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
.assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f"
"\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
"\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
"\x28\xce\x57\x34\xcd\x6e\x84\x4c"
"\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
"\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
"\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
"\x21\xf7\x42\x89\xac\x12\x2a\x54"
"\x69\xee\x18\xc7\x8d\xed\xe8\xfd"
"\xbb\x04\x28\xe6\x8a\x3c\x98\xc1"
"\x04\x2d\xa9\xa1\x24\x83\xff\xe9"
"\x55\x7a\xf0\xd1\xf6\x63\x05\xe1"
"\xd9\x1e\x75\x72\xc1\x9f\xae\x32"
"\xe1\x6b\xcd\x9e\x61\x19\x23\x86"
"\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9"
"\x51",
.alen = 129,
.input = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
.ilen = 65,
.result = "\x36\x78\xb9\x22\xde\x62\x35\x55"
"\x1a\x7a\xf5\x45\xbc\xd7\x15\x82"
"\x01\xe9\x5a\x07\xea\x46\xaf\x91"
"\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2"
"\xdb\xd2\x9d\x59\xde\xfc\x83\x00"
"\xf5\x46\xac\x97\xd5\x57\xa9\xb9"
"\x1f\x8c\xe8\xca\x68\x8b\x91\x0c"
"\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4"
"\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19"
"\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf"
"\xa2",
.rlen = 81,
}, {
.key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
.assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
"\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
"\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
.alen = 32,
.input = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07"
"\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d"
"\x6e\xde\xee\xa2\x08\x12\xc7\xba",
.ilen = 32,
.result = "\x08\x1b\x95\x0e\x41\x95\x02\x4b"
"\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e"
"\x89\x14\x33\x70\x0a\xbc\xea\x39"
"\x88\xaa\x2b\xd5\x73\x11\x55\xf5"
"\x33\x33\x9c\xd7\x42\x34\x49\x8e"
"\x2f\x03\x30\x05\x47\xaf\x34",
.rlen = 47,
}, {
.key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.klen = 16,
.iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
.assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
"\x39\x14\x05\xa0\xf3\x10\xec\x41"
"\xff\x01\x95\x84\x2b\x59\x7f\xdb",
.alen = 32,
.input = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d"
"\x03\xc4\x88\xc1\x35\xb8\xcd\x47"
"\x2f\x0c\xcd\x7a\xe2\x71\x66\x91",
.ilen = 32,
.result = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68"
"\x0c\x60\xb9\x27\xdf\xaa\x41\xc6"
"\x25\xd8\xf7\x1f\x10\x15\x48\x61"
"\x4c\x95\x00\xdf\x51\x9b\x7f\xe6"
"\x24\x40\x9e\xbe\x3b\xeb\x1b\x98"
"\xb9\x9c\xe5\xef\xf2\x05",
.rlen = 46,
}, {
.key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.klen = 16,
.iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
.assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92"
"\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
"\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
.alen = 32,
.input = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13"
"\x2e\x86\x93\x45\x3a\x58\x4f\x61"
"\xf0\x3a\xac\x53\xbc\xd0\x06\x68",
.ilen = 32,
.result = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d"
"\xb5\xec\x9b\x4e\x12\x23\xa3\xcf"
"\x1a\x5a\x70\x15\x5a\x10\x40\x51"
"\xca\x47\x4c\x9d\xc9\x97\xf4\x77"
"\xdb\xc8\x10\x2d\xdc\x65\x20\x3f",
.rlen = 40,
}, {
.key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.klen = 16,
.iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
"\x36\xab\xde\xc6\x6d\x32\x70\x17",
.assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
"\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98"
"\x8d\x98\x1c\xa8\xfe\x50\xf0\x74"
"\x81\x5c\x53\x35\xe0\x17\xbd\x88",
.alen = 32,
.input = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
"\x76\x18\x37\x0f\x6a\xc4\xd1\x1a"
"\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a"
"\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e",
.ilen = 32,
.result = "\xf1\x62\x44\xc7\x5f\x19\xca\x43"
"\x47\x2c\xaf\x68\x82\xbd\x51\xef"
"\x3d\x65\xd8\x45\x2d\x06\x07\x78"
"\x08\x2e\xb3\x23\xcd\x81\x12\x55"
"\x1a",
.rlen = 33,
}, {
.key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7"
"\x96\x4e\x63\x33\x69\x8d\x02\x9b"
"\x23\xf9\x22\xeb\x80\xa0\xb1\x81"
"\xe2\x73\xc3\x21\x4d\x47\x8d\xf4",
.klen = 32,
.iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e"
"\xb7\x85\x90\x58\x67\x57\x33\x1d",
.assoc = "",
.alen = 0,
.input = "",
.ilen = 0,
.result = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf"
"\xb9\xd2\x41\xf6\x80\xa1\x52\x70",
.rlen = 16,
}, {
.key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3"
"\x17\x29\x15\xc5\x63\xb2\xc5\xa1"
"\x4d\xbc\x2d\x6f\x85\x40\x33\x9a"
"\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca",
.klen = 32,
.iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a"
"\x38\x5f\x42\xe9\x61\x7b\xf5\x23",
.assoc = "",
.alen = 0,
.input = "\x53",
.ilen = 1,
.result = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7"
"\x01\xf4\x08\xe3\x0d\xf7\xf0\x78"
"\x53",
.rlen = 17,
}, {
.key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef"
"\x98\x03\xc7\x56\x5d\xd6\x87\xa8"
"\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4"
"\x65\xce\x80\xd2\x01\x05\xcb\xa1",
.klen = 32,
.iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75"
"\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29",
.assoc = "",
.alen = 0,
.input = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83"
"\xf9\xa6\x4d\xc3\x58\x31\x19\x2c"
"\xd7\x90\xc2\x56\x4e\xd8\x57\xc7"
"\xf6\xf0\x27\xb4\x25\x4c\x83",
.ilen = 31,
.result = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07"
"\xff\x8e\x74\xf8\xa1\xa6\xd5\x37"
"\xa5\x64\x31\x5c\xca\x73\x9b\x43"
"\xe6\x70\x63\x46\x95\xcb\xf7\xb5"
"\x20\x8c\x75\x7a\x2a\x17\x2f\xa9"
"\xb8\x4d\x11\x42\xd1\xf8\xf1",
.rlen = 47,
}, {
.key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a"
"\x19\xdd\x79\xe8\x57\xfb\x4a\xae"
"\xa2\x40\x45\x77\x90\x80\x37\xce"
"\x26\xfb\x5f\xaa\xdb\x64\x6b\x77",
.klen = 32,
.iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91"
"\x39\x14\xa6\x0c\x55\xc4\x7b\x30",
.assoc = "",
.alen = 0,
.input = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f"
"\x7a\x81\xff\x55\x52\x56\xdc\x33"
"\x01\x52\xcd\xdb\x53\x78\xd9\xe1"
"\xb7\x1d\x06\x8d\xff\xab\x22\x98",
.ilen = 32,
.result = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37"
"\x0a\xee\xc4\x30\x19\xd7\x3a\x6f"
"\xf8\x2b\x67\xf5\x3b\x84\x87\x2a"
"\xfb\x07\x7a\x82\xb5\xe4\x85\x26"
"\x1e\xa8\xe5\x04\x54\xce\xe5\x5f"
"\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6",
.rlen = 48,
}, {
.key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26"
"\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4"
"\xcc\x03\x50\xfc\x95\x20\xb9\xe7"
"\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e",
.klen = 32,
.iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad"
"\xba\xee\x58\x9d\x4f\xe8\x3d\x36",
.assoc = "",
.alen = 0,
.input = "\x08\x84\x34\x44\x9f\xde\x1c\xbb"
"\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39"
"\x2c\x14\xd9\x5f\x59\x18\x5b\xfb"
"\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f"
"\x2e",
.ilen = 33,
.result = "\xc2\xf4\x40\x55\xf9\x59\xff\x73"
"\x08\xf5\x98\x92\x0c\x7b\x35\x9a"
"\xa8\xf4\x42\x7e\x6f\x93\xca\x22"
"\x23\x06\x1e\xf8\x89\x22\xf4\x46"
"\x7c\x7c\x67\x75\xab\xe5\x75\xaa"
"\x15\xd7\x83\x19\xfd\x31\x59\x5b"
"\x32",
.rlen = 49,
}, {
.key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42"
"\x1b\x91\xdd\x0a\x4b\x43\xcf\xba"
"\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01"
"\xa9\x56\x1d\x5b\x8f\x22\xa9\x25",
.klen = 32,
.iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9"
"\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c",
.assoc = "",
.alen = 0,
.input = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7"
"\x7c\x35\x63\x77\x46\x9f\x61\x3f"
"\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14"
"\x3a\x79\xc4\x3e\xb3\x69\x61\x46"
"\x3c\xb6\x83\x4e\xb4\x26\xc7\x73"
"\x22\xda\x52\x8b\x7d\x11\x98\xea"
"\x62\xe1\x14\x1e\xdc\xfe\x0f\xad"
"\x20\x76\x5a\xdc\x4e\x71\x13",
.ilen = 63,
.result = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb"
"\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28"
"\x2a\xdc\xfa\x01\x84\x87\x9a\x70"
"\x81\x75\x37\x0a\xd2\x75\xa9\xb6"
"\x21\x72\xee\x7e\x65\x95\xe5\xcc"
"\x01\xb7\x39\xa6\x51\x15\xca\xff"
"\x61\xdc\x97\x38\xcc\xf4\xca\xc7"
"\x83\x9b\x05\x11\x72\x60\xf0\xb4"
"\x7e\x06\xab\x0a\xc0\xbb\x59\x23"
"\xaa\x2d\xfc\x4e\x35\x05\x59",
.rlen = 79,
}, {
.key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e"
"\x9c\x6c\x8f\x9c\x45\x68\x92\xc1"
"\x21\x87\x67\x04\x9f\x60\xbd\x1b"
"\x6a\x84\xfc\x34\x6a\x81\x48\xfb",
.klen = 32,
.iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5"
"\xbc\xa2\xbc\xc0\x43\x31\xc2\x42",
.assoc = "",
.alen = 0,
.input = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3"
"\xfd\x0f\x15\x09\x40\xc3\x24\x45"
"\x81\x99\xf0\x67\x63\x58\x5e\x2e"
"\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c"
"\x4b\x62\x87\x7c\x15\x38\xda\x70"
"\x3d\xea\xe7\xf2\x40\xba\xae\x79"
"\x8f\x48\xfc\xbf\x45\x53\x2e\x78"
"\xef\x79\xf0\x1b\x49\xf7\xfd\x9c",
.ilen = 64,
.result = "\x11\x7c\x7d\xef\xce\x29\x95\xec"
"\x7e\x9f\x42\xa6\x26\x07\xa1\x75"
"\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa"
"\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc"
"\x5f\x8c\x1c\x60\x15\x4f\x9b\x20"
"\x7b\xff\xcd\x82\x60\x84\xf4\xa5"
"\x20\x9a\x05\x19\x5b\x02\x0a\x72"
"\x43\x11\x26\x58\xcf\xc5\x41\xcf"
"\x13\xcc\xde\x32\x92\xfa\x86\xf2"
"\xaf\x16\xe8\x8f\xca\xb6\xfd\x54",
.rlen = 80,
}, {
.key = "\x90\x96\x36\xea\x03\x74\x18\x7a"
"\x1d\x46\x42\x2d\x3f\x8c\x54\xc7"
"\x4b\x4a\x73\x89\xa4\x00\x3f\x34"
"\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2",
.klen = 32,
.iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01"
"\x3d\x7c\x6e\x52\x3d\x55\x85\x48",
.assoc = "\xaf",
.alen = 1,
.input = "",
.ilen = 0,
.result = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe"
"\x69\xdf\xc4\xc4\x02\x46\x3a\xf0",
.rlen = 16,
}, {
.key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95"
"\x9e\x20\xf4\xbf\x39\xb1\x17\xcd"
"\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e"
"\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8",
.klen = 32,
.iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c"
"\xbe\x57\x20\xe3\x37\x7a\x48\x4f",
.assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3"
"\xde\x8d\x4d\x07\x36\x43\x78\xd0"
"\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b"
"\x4e\xf6\x29\xd1\x8b\x6f\x56",
.alen = 31,
.input = "",
.ilen = 0,
.result = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d"
"\x2e\x9a\xd6\x61\x43\xc0\x74\x69",
.rlen = 16,
}, {
.key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1"
"\x1f\xfa\xa6\x50\x33\xd5\xda\xd3"
"\xa0\xce\x8a\x91\xae\x40\x43\x68"
"\xae\x0d\x98\xbd\xf8\x9e\x26\x7f",
.klen = 32,
.iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38"
"\x3f\x31\xd2\x74\x31\x9e\x0a\x55",
.assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf"
"\x5f\x67\xff\x99\x30\x67\x3b\xd6"
"\x35\x2f\x90\xd3\x31\x90\x04\x74"
"\x0f\x23\x08\xa9\x65\xce\xf6\xea",
.alen = 32,
.input = "",
.ilen = 0,
.result = "\xb9\x57\x13\x3e\x82\x31\x61\x65"
"\x0d\x7f\x6c\x96\x93\x5c\x50\xe2",
.rlen = 16,
}, {
.key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd"
"\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda"
"\xca\x91\x96\x15\xb4\xe0\xc5\x81"
"\x70\x3a\x77\x95\xd2\xfd\xc5\x55",
.klen = 32,
.iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54"
"\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b",
.assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb"
"\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd"
"\x5f\xf2\x9c\x58\x36\x30\x86\x8e"
"\xd1\x51\xe6\x81\x3f\x2d\x95\xc1"
"\x01",
.alen = 33,
.input = "",
.ilen = 0,
.result = "\x81\x96\x34\xde\xbb\x36\xdd\x3e"
"\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1",
.rlen = 16,
}, {
.key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9"
"\x20\xaf\x0a\x73\x27\x1e\x5f\xe0"
"\xf5\x53\xa1\x9a\xb9\x80\x47\x9b"
"\x31\x68\x56\x6e\xac\x5c\x65\x2c",
.klen = 32,
.iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70"
"\x41\xe5\x36\x97\x25\xe7\x90\x61",
.assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7"
"\x61\x1c\x63\xbc\x24\xb0\xc0\xe3"
"\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8"
"\x92\x7f\xc5\x5a\x19\x8c\x34\x97"
"\x0f\x95\x9b\x18\xe4\x8d\xb4\x24"
"\xb9\x33\x28\x18\xe1\x9d\x14\xe0"
"\x64\xb2\x89\x7d\x78\xa8\x05\x7e"
"\x07\x8c\xfc\x88\x2d\xb8\x53",
.alen = 63,
.input = "",
.ilen = 0,
.result = "\x2e\x99\xb6\x79\x57\x56\x80\x36"
"\x8e\xc4\x1c\x12\x7d\x71\x36\x0c",
.rlen = 16,
}, {
.key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05"
"\xa1\x89\xbc\x04\x21\x42\x22\xe6"
"\x1f\x15\xad\x1e\xbe\x20\xc9\xb4"
"\xf3\x95\x35\x46\x86\xbb\x04\x03",
.klen = 32,
.iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c"
"\xc2\xbf\xe8\x29\x1f\x0b\x52\x68",
.assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13"
"\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9"
"\xb4\x76\xb3\x60\x40\x70\x8a\xc1"
"\x53\xac\xa4\x32\xf3\xeb\xd3\x6e"
"\x1e\x42\xa0\x46\x45\x9f\xc7\x22"
"\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f"
"\x91\x19\x70\x1e\xe1\xfe\x25\x49"
"\xd6\x8f\x93\xc7\x28\x3f\x3d\x03",
.alen = 64,
.input = "",
.ilen = 0,
.result = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce"
"\x3b\x89\x40\x36\xba\x6d\x0e\xa2",
.rlen = 16,
}, {
.key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21"
"\x22\x63\x6e\x96\x1b\x67\xe4\xec"
"\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce"
"\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9",
.klen = 32,
.iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7"
"\x42\x9a\x9a\xba\x19\x30\x15\x6e",
.assoc = "\x1a",
.alen = 1,
.input = "\x29",
.ilen = 1,
.result = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6"
"\x17\x75\x81\x16\xdf\x26\xff\x67"
"\x92",
.rlen = 17,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
}, {
.key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c"
"\xa3\x3d\x20\x27\x15\x8b\xa7\xf2"
"\x74\x9a\xc4\x27\xc8\x60\xcd\xe8"
"\x75\xf0\xf2\xf7\x3b\x79\x42\xb0",
.klen = 32,
.iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3"
"\xc3\x74\x4c\x4c\x13\x54\xd8\x74",
.assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a"
"\xe4\xaa\x79\x70\x12\x1d\x08\xf6"
"\x09\xfb\xca\x69\x4b\xb0\x8e\xf5"
"\xd6\x07\x62\xe3\xa8\xa9\x12",
.alen = 31,
.input = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1"
"\x04\xe1\xa6\x94\x10\xe6\x39\x77"
"\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb"
"\x06\x13\x9a\xd9\x5e\xc0\xfa",
.ilen = 31,
.result = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd"
"\x3c\xd1\x2a\xd4\x15\x86\x9d\xda"
"\xea\x6c\x6f\xa1\x33\xb0\x7a\x01"
"\x57\xe7\xf3\x7b\x73\xe7\x54\x10"
"\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6"
"\x76\xc3\xf5\x3a\x76\xfd\x4a",
.rlen = 47,
}, {
.key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58"
"\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9"
"\x9e\x5c\xd0\xab\xcd\x00\x4f\x01"
"\x37\x1e\xd1\xcf\x15\xd8\xe2\x86",
.klen = 32,
.iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf"
"\x44\x4e\xff\xdd\x0d\x78\x9a\x7a",
.assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66"
"\x65\x84\x2b\x01\x0b\x42\xcb\xfc"
"\x33\xbd\xd6\xed\x50\x50\x10\x0e"
"\x97\x35\x41\xbb\x82\x08\xb1\xf2",
.alen = 32,
.input = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed"
"\x85\xbb\x58\x26\x0a\x0b\xfc\x7d"
"\xfe\x6e\x59\x0e\x91\xf8\xf0\x15"
"\xc8\x40\x78\xb1\x38\x1f\x99\xa7",
.ilen = 32,
.result = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a"
"\x71\xce\xe4\xaa\x45\x70\xe6\x84"
"\x62\x48\x08\x64\x86\x6a\xdf\xec"
"\xb4\xa0\xfb\x34\x03\x0c\x19\xf4"
"\x2b\x7b\x36\x73\xec\x54\xa9\x1e"
"\x30\x85\xdb\xe4\xac\xe9\x2c\xca",
.rlen = 48,
}, {
.key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74"
"\xa5\xf2\x84\x4a\x08\xd4\x2c\xff"
"\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b"
"\xf8\x4c\xb0\xa8\xef\x37\x81\x5d",
.klen = 32,
.iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb"
"\xc5\x28\xb1\x6e\x07\x9d\x5d\x81",
.assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82"
"\xe5\x5f\xdd\x93\x05\x66\x8e\x02"
"\x5e\x80\xe1\x71\x55\xf0\x92\x28"
"\x59\x62\x20\x94\x5c\x67\x50\xc8"
"\x58",
.alen = 33,
.input = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09"
"\x06\x95\x0a\xb7\x04\x2f\xbe\x84"
"\x28\x30\x64\x92\x96\x98\x72\x2e"
"\x89\x6e\x57\x8a\x13\x7e\x38\x7e"
"\xdb",
.ilen = 33,
.result = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60"
"\xcb\x4a\x54\x94\xcf\xf5\x7e\x34"
"\xe9\xf8\x80\x65\x53\xd0\x72\x70"
"\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c"
"\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67"
"\x63\x0f\x1a\x59\xb7\x89\xdb\xf4"
"\xc3",
.rlen = 49,
}, {
.key = "\xee\x05\x77\x23\xa5\x49\xb0\x90"
"\x26\xcc\x36\xdc\x02\xf8\xef\x05"
"\xf3\xe1\xe7\xb3\xd8\x40\x53\x35"
"\xb9\x79\x8f\x80\xc9\x96\x20\x33",
.klen = 32,
.iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17"
"\x46\x02\x63\x00\x01\xc1\x20\x87",
.assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e"
"\x66\x39\x8f\x24\xff\x8a\x50\x08"
"\x88\x42\xed\xf6\x5a\x90\x14\x42"
"\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f"
"\x66\xa0\xb5\x2d\x2c\xf8\x25\x15"
"\x55\x90\xa2\x7e\x77\x94\x96\x3a"
"\x71\x1c\xf7\x44\xee\xa8\xc3\x42"
"\xe2\xa3\x84\x04\x0b\xe1\xce",
.alen = 63,
.input = "\x1b\x61\x23\x5b\x71\x26\xae\x25"
"\x87\x6f\xbc\x49\xfe\x53\x81\x8a"
"\x53\xf2\x70\x17\x9b\x38\xf4\x48"
"\x4b\x9b\x36\x62\xed\xdd\xd8\x54"
"\xea\xcb\xb6\x79\x45\xfc\xaa\x54"
"\x5c\x94\x47\x58\xa7\xff\x9c\x9e"
"\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35"
"\xd5\xa4\x6a\xd4\x09\xc2\x08",
.ilen = 63,
.result = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a"
"\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8"
"\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b"
"\x59\xc0\x79\xbc\x17\xa0\x15\x01"
"\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3"
"\x1b\x49\x21\x34\x23\x63\x55\x5e"
"\xee\x4f\x34\x17\xfa\xfe\xa5\x0c"
"\xed\x0b\x23\xea\x9b\xda\x57\x2f"
"\xf6\xa9\xae\x0d\x4e\x40\x96\x45"
"\x7f\xfa\xf0\xbf\xc4\x98\x78",
.rlen = 79,
}, {
.key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac"
"\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b"
"\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e"
"\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a",
.klen = 32,
.iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33"
"\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d",
.assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba"
"\xe7\x13\x41\xb6\xf9\xaf\x13\x0f"
"\xb2\x04\xf8\x7a\x5f\x30\x96\x5b"
"\xdc\xbd\xdd\x44\x10\x25\x8f\x75"
"\x75\x4d\xb9\x5b\x8e\x0a\x38\x13"
"\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9"
"\x9d\x83\xde\xe5\x57\xfd\xe3\x0e"
"\xb1\xa7\x1b\x44\x05\x67\xb7\x37",
.alen = 64,
.input = "\x58\x85\x5c\xfa\x81\xa1\x57\x40"
"\x08\x4a\x6e\xda\xf8\x78\x44\x90"
"\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62"
"\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b"
"\xf8\x78\xba\xa7\xa6\x0e\xbd\x52"
"\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d"
"\xa9\x1d\xd8\x4e\x31\x53\xab\x00"
"\xa5\xa7\x01\x13\x04\x49\xf2\x04",
.ilen = 64,
.result = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1"
"\x58\x06\x1a\x9b\x8c\x67\xdf\xeb"
"\x35\x35\x60\x9d\x06\x40\x65\xc1"
"\x93\xe8\xb3\x82\x50\x29\xdd\xb5"
"\x2b\xcb\xde\x18\x78\x6b\x42\xbe"
"\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f"
"\x4a\x18\x98\xad\x8c\xf2\x97\xb4"
"\xf4\x77\xe4\xbf\x41\x3b\xc4\x06"
"\xce\x9e\x34\x81\xf0\x89\x11\x13"
"\x02\x65\xa1\x7c\xdf\x07\x33\x06",
.rlen = 80,
}, {
.key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7"
"\x28\x80\x9a\xfe\xf6\x41\x74\x12"
"\x48\x65\xfe\xbc\xe2\x80\x57\x68"
"\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1",
.klen = 32,
.iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e"
"\x48\xb7\xc7\x23\xf5\x0a\xa5\x93",
.assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5"
"\x68\xed\xf3\x47\xf3\xd3\xd6\x15"
"\xdd\xc7\x04\xfe\x64\xd0\x18\x75"
"\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c"
"\x83\xf9\xbe\x8a\xef\x1c\x4b\x10"
"\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58"
"\xca\xea\xc6\x87\xc0\x53\x03\xd9"
"\x80\xaa\xb2\x83\xff\xee\xa1\x6a"
"\x04",
.alen = 65,
.input = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c"
"\x88\x24\x20\x6b\xf2\x9c\x06\x96"
"\xa7\x77\x87\x1f\xa6\x78\xf8\x7b"
"\xcd\xf6\xf4\x13\xa1\x9b\x16\x02"
"\x07\x24\xbf\xd5\x08\x20\xd0\x4f"
"\x90\xb3\x70\x24\x2f\x51\xc7\xbb"
"\xd6\x84\xc0\xef\x9a\xa8\xca\xcc"
"\x74\xab\x97\x53\xfe\xd0\xdb\x37"
"\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3"
"\x1b\x34\x6d\x51\x72\x2b\x17\xe7"
"\x4d\xaa\x2c\x18\xda\xa3\x33\x89"
"\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f"
"\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0"
"\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2"
"\x27\x7f\xe3\x34\x80\x02\x49\x4b"
"\x07\x68\x22\x2a\x88\x25\x53\xb2"
"\x2f",
.ilen = 129,
.result = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6"
"\x85\x43\x88\xd0\xd7\x78\x60\x19"
"\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec"
"\xf7\x84\x85\xc7\x27\x0f\x74\x57"
"\x28\x9e\xdd\x90\x3c\x43\x12\xc5"
"\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b"
"\x57\x04\xf1\x6d\xfe\x9b\x84\x27"
"\xe8\xeb\x4d\xda\x02\x0a\xc5\x49"
"\x1a\x55\x5e\x50\x56\x4d\x94\xda"
"\x20\xf8\x12\x54\x50\xb3\x11\xda"
"\xed\x44\x27\x67\xd5\xd1\x8b\x4b"
"\x38\x67\x56\x65\x59\xda\xe6\x97"
"\x81\xae\x2f\x92\x3b\xae\x22\x1c"
"\x91\x59\x38\x18\x00\xe8\xba\x92"
"\x04\x19\x56\xdf\xb0\x82\xeb\x6f"
"\x2e\xdb\x54\x3c\x4b\xbb\x60\x90"
"\x4c\x50\x10\x62\xba\x7a\xb1\x68"
"\x37\xd7\x87\x4e\xe4\x66\x09\x1f"
"\xa5",
.rlen = 145,
}, {
.key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3"
"\xa9\x5a\x4c\x90\xf0\x65\x37\x18"
"\x72\x28\x0a\x40\xe7\x20\xd9\x82"
"\xfe\x02\x2b\x09\x57\xb3\xfe\xb7",
.klen = 32,
.iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a"
"\xc9\x91\x79\xb4\xef\x2e\x68\x99",
.assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1"
"\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b"
"\x07\x89\x10\x82\x6a\x70\x9a\x8f"
"\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22"
"\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e"
"\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7"
"\xf7\x52\xae\x28\x29\xa8\x22\xa4"
"\x4f\xae\x48\xc2\xfa\x75\x8b\x9e"
"\xce\x83\x2a\x88\x07\x55\xbb\x89"
"\xf6\xdf\xac\xdf\x83\x08\xbf\x7d"
"\xac\x30\x8b\x8e\x02\xac\x00\xf1"
"\x30\x46\xe1\xbc\x75\xbf\x49\xbb"
"\x26\x4e\x29\xf0\x2f\x21\xc6\x13"
"\x92\xd9\x3d\x11\xe4\x10\x00\x8e"
"\xd4\xd4\x58\x65\xa6\x2b\xe3\x25"
"\xb1\x8f\x15\x93\xe7\x71\xb9\x2c"
"\x4b",
.alen = 129,
.input = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78"
"\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d"
"\xd2\x39\x93\xa3\xab\x18\x7a\x95"
"\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8"
"\x15\xd1\xc3\x04\x69\x32\xe3\x4d"
"\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a"
"\x02\xeb\xa8\x90\x03\xfd\xea\x97"
"\x43\xaf\x2e\x92\xf8\x57\xc5\x6a"
"\x00",
.ilen = 65,
.result = "\x7d\xde\x53\x22\xe4\x23\x3b\x30"
"\x78\xde\x35\x90\x7a\xd9\x0b\x93"
"\xf6\x0e\x0b\xed\x40\xee\x10\x9c"
"\x96\x3a\xd3\x34\xb2\xd0\x67\xcf"
"\x63\x7f\x2d\x0c\xcf\x96\xec\x64"
"\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b"
"\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0"
"\x87\x4d\xb1\xbc\xd8\x78\x2c\x17"
"\xf2\x3b\xd8\x28\x40\xe2\x76\xf6"
"\x20\x13\x83\x46\xaf\xff\xe3\x0f"
"\x72",
.rlen = 81,
}, {
.key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff"
"\x2a\x35\xfe\x21\xea\x8a\xfa\x1e"
"\x9c\xea\x15\xc5\xec\xc0\x5b\x9b"
"\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e",
.klen = 32,
.iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86"
"\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0",
.assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d"
"\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21"
"\x31\x4b\x1b\x07\x6f\x10\x1c\xa8"
"\x20\x46\x7a\xce\x9f\x42\x6d\xf9",
.alen = 32,
.input = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94"
"\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3"
"\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf"
"\x50\x52\xb1\xc4\x55\x59\x55\xaf",
.ilen = 32,
.result = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe"
"\x53\xc7\xaa\x9a\x60\x74\x9c\xc4"
"\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc"
"\xbb\x51\x7e\x9c\x89\x73\xde\x4e"
"\x24\xf8\x52\x7c\x15\x41\x0e\xba"
"\x69\x0e\x36\x5f\x2f\x22\x8c",
.rlen = 47,
}, {
.key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b"
"\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24"
"\xc7\xac\x21\x49\xf1\x60\xdd\xb5"
"\x80\x5d\xe9\xba\x0c\x71\x3c\x64",
.klen = 32,
.iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2"
"\xcb\x45\xdd\xd7\xe3\x77\xed\xa6",
.assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29"
"\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27"
"\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2"
"\xe1\x74\x59\xa6\x79\xa1\x0c\xd0",
.alen = 32,
.input = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0"
"\x0b\xb2\x36\x20\xe0\x09\x4e\xa9"
"\x26\xbe\xaa\xac\xb5\x58\x7e\xc8"
"\x11\x7f\x90\x9c\x2f\xb8\xf4\x85",
.ilen = 32,
.result = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51"
"\xb8\xda\x92\x3c\xfd\xda\xac\x8e"
"\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1"
"\xab\xd6\x7c\x76\xad\xea\x7d\x76"
"\x53\xee\xb0\xcd\xd0\x02\xbb\x70"
"\x5b\x6f\x7b\xe2\x8c\xe8",
.rlen = 46,
}, {
.key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37"
"\x2b\xe9\x63\x44\xde\xd3\x7f\x2b"
"\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf"
"\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b",
.klen = 32,
.iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe"
"\x4c\x20\x8f\x68\xdd\x9c\xb0\xac",
.assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45"
"\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e"
"\x86\xd0\x32\x0f\x79\x50\x20\xdb"
"\xa2\xa1\x37\x7e\x53\x00\xab\xa6",
.alen = 32,
.input = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc"
"\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf"
"\x51\x80\xb5\x30\xba\xf8\x00\xe2"
"\xd3\xad\x6f\x75\x09\x18\x93\x5c",
.ilen = 32,
.result = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b"
"\xe7\x68\x81\x51\xbb\xfb\xdf\x60"
"\xbb\xac\xe8\xc1\xdc\x68\xae\x68"
"\x3a\xcd\x7a\x06\x49\xfe\x80\x11"
"\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf",
.rlen = 40,
}, {
.key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53"
"\xac\xc3\x15\xd6\xd8\xf7\x42\x31"
"\x1b\x31\x38\x51\xfc\xa0\xe1\xe8"
"\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11",
.klen = 32,
.iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9"
"\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2",
.assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60"
"\xed\x30\x6e\x1e\xd5\x89\xa3\x34"
"\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5"
"\x64\xcf\x16\x57\x2d\x5f\x4a\x7d",
.alen = 32,
.input = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7"
"\x0d\x67\x9a\x43\xd4\x52\xd4\xb5"
"\x7b\x43\xc1\xb5\xbf\x98\x82\xfc"
"\x94\xda\x4e\x4d\xe4\x77\x32\x32",
.ilen = 32,
.result = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e"
"\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c"
"\x73\xc7\xd9\x6b\xbe\xce\x9b\x70"
"\xc7\x4f\x96\x16\x03\xfc\xea\xfb"
"\x56",
.rlen = 33,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct aead_testvec morus1280_dec_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.iv = "\x0f\xc9\x8e\x67\x44\x9e\xaa\x86"
"\x20\x36\x2c\x24\xfe\xc9\x30\x81",
.assoc = "",
.alen = 0,
.input = "\x91\x85\x0f\xf5\x52\x9e\xce\xce"
"\x65\x99\xc7\xbf\xd3\x76\xe8\x98",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3c\x24\x39\x9f\x10\x7b\xa8\x1b"
"\x80\xda\xb2\x91\xf9\x24\xc2\x06",
.klen = 16,
.iv = "\x4b\xed\xc8\x07\x54\x1a\x52\xa2"
"\xa1\x10\xde\xb5\xf8\xed\xf3\x87",
.assoc = "",
.alen = 0,
.input = "\x88\xc3\x4c\xf0\x2f\x43\x76\x13"
"\x96\xda\x76\x34\x33\x4e\xd5\x39"
"\x73",
.ilen = 17,
.result = "\x69",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x79\x49\x73\x3e\x20\xf7\x51\x37"
"\x01\xb4\x64\x22\xf3\x48\x85\x0c",
.klen = 16,
.iv = "\x88\x12\x01\xa6\x64\x96\xfb\xbe"
"\x22\xea\x90\x47\xf2\x11\xb5\x8e",
.assoc = "",
.alen = 0,
.input = "\x3e\x5c\x3b\x58\x3b\x7d\x2a\x22"
"\x75\x0b\x24\xa6\x0e\xc3\xde\x52"
"\x97\x0b\x64\xd4\xce\x90\x52\xf7"
"\xef\xdb\x6a\x38\xd2\xa8\xa1\x0d"
"\xe0\x61\x33\x24\xc6\x4d\x51\xbc"
"\xa4\x21\x74\xcf\x19\x16\x59",
.ilen = 47,
.result = "\xa6\xa4\x1e\x76\xec\xd4\x50\xcc"
"\x62\x58\xe9\x8f\xef\xa4\x17\x91"
"\xb4\x96\x9f\x6b\xce\x38\xa5\x46"
"\x13\x7d\x64\x93\xd7\x05\xf5",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xb5\x6e\xad\xdd\x30\x72\xfa\x53"
"\x82\x8e\x16\xb4\xed\x6d\x47\x12",
.klen = 16,
.iv = "\xc4\x37\x3b\x45\x74\x11\xa4\xda"
"\xa2\xc5\x42\xd8\xec\x36\x78\x94",
.assoc = "",
.alen = 0,
.input = "\x30\x82\x9c\x2b\x67\xcb\xf9\x1f"
"\xde\x9f\x77\xb2\xda\x92\x61\x5c"
"\x09\x0b\x2d\x9a\x26\xaa\x1c\x06"
"\xab\x74\xb7\x2b\x95\x5f\x9f\xa1"
"\x9a\xff\x50\xa0\xa2\xff\xc5\xad"
"\x21\x8e\x84\x5c\x12\x61\xb2\xae",
.ilen = 48,
.result = "\xe2\xc9\x58\x15\xfc\x4f\xf8\xe8"
"\xe3\x32\x9b\x21\xe9\xc8\xd9\x97"
"\xde\x58\xab\xf0\xd3\xd8\x27\x60"
"\xd5\xaa\x43\x6b\xb1\x64\x95\xa4",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf2\x92\xe6\x7d\x40\xee\xa3\x6f"
"\x03\x68\xc8\x45\xe7\x91\x0a\x18",
.klen = 16,
.iv = "\x01\x5c\x75\xe5\x84\x8d\x4d\xf6"
"\x23\x9f\xf4\x6a\xe6\x5a\x3b\x9a",
.assoc = "",
.alen = 0,
.input = "\x67\x5d\x8e\x45\xc8\x39\xf5\x17"
"\xc1\x1d\x2a\xdd\x88\x67\xda\x1f"
"\x6d\xe8\x37\x28\x5a\xc1\x5e\x9f"
"\xa6\xec\xc6\x92\x05\x4b\xc0\xa3"
"\x63\xef\x88\xa4\x9b\x0a\x5c\xed"
"\x2b\x6a\xac\x63\x52\xaa\x10\x94"
"\xd0",
.ilen = 49,
.result = "\x1f\xee\x92\xb4\x0c\xcb\xa1\x04"
"\x64\x0c\x4d\xb2\xe3\xec\x9c\x9d"
"\x09\x1a\xb7\x74\xd8\x78\xa9\x79"
"\x96\xd8\x22\x43\x8c\xc3\x34\x7b"
"\xc4",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x2e\xb7\x20\x1c\x50\x6a\x4b\x8b"
"\x84\x42\x7a\xd7\xe1\xb5\xcd\x1f",
.klen = 16,
.iv = "\x3d\x80\xae\x84\x94\x09\xf6\x12"
"\xa4\x79\xa6\xfb\xe0\x7f\xfd\xa0",
.assoc = "",
.alen = 0,
.input = "\x7d\x61\x1a\x35\x20\xcc\x07\x88"
"\x03\x98\x87\xcf\xc0\x6e\x4d\x19"
"\xe3\xd4\x0b\xfb\x29\x8f\x49\x1a"
"\x3a\x06\x77\xce\x71\x2c\xcd\xdd"
"\xed\xf6\xc9\xbe\xa6\x3b\xb8\xfc"
"\x6c\xbe\x77\xed\x74\x0e\x20\x85"
"\xd0\x65\xde\x24\x6f\xe3\x25\xc5"
"\xdf\x5b\x0f\xbd\x8a\x88\x78\xc9"
"\xe5\x81\x37\xde\x84\x7a\xf6\x84"
"\x99\x7a\x72\x9c\x54\x31\xa1",
.ilen = 79,
.result = "\x5c\x13\xcb\x54\x1c\x47\x4a\x1f"
"\xe5\xe6\xff\x44\xdd\x11\x5f\xa3"
"\x33\xdd\xc2\xf8\xdd\x18\x2b\x93"
"\x57\x05\x01\x1c\x66\x22\xd3\x51"
"\xd3\xdf\x18\xc9\x30\x66\xed\xb1"
"\x96\x58\xd5\x8c\x64\x8c\x7c\xf5"
"\x01\xd0\x74\x5f\x9b\xaa\xf6\xd1"
"\xe6\x16\xa2\xac\xde\x47\x40",
.rlen = 63,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x6b\xdc\x5a\xbb\x60\xe5\xf4\xa6"
"\x05\x1d\x2c\x68\xdb\xda\x8f\x25",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x7a\xa5\xe8\x23\xa4\x84\x9e\x2d"
"\x25\x53\x58\x8c\xda\xa3\xc0\xa6",
.assoc = "",
.alen = 0,
.input = "\x05\xc5\xb1\xf9\x1b\xb9\xab\x2c"
"\xa5\x07\x12\xa7\x12\x39\x60\x66"
"\x30\x81\x4a\x03\x78\x28\x45\x52"
"\xd2\x2b\x24\xfd\x8b\xa5\xb7\x66"
"\x6f\x45\xd7\x3b\x67\x6f\x51\xb9"
"\xc0\x3d\x6c\xca\x1e\xae\xff\xb6"
"\x79\xa9\xe4\x82\x5d\x4c\x2d\xdf"
"\xeb\x71\x40\xc9\x2c\x40\x45\x6d"
"\x73\x77\x01\xf3\x4f\xf3\x9d\x2a"
"\x5d\x57\xa8\xa1\x18\xa2\xad\xcb",
.ilen = 80,
.result = "\x98\x37\x05\xf3\x2c\xc2\xf3\x3b"
"\x66\xc0\xb1\xd5\xd7\x35\x21\xaa"
"\x5d\x9f\xce\x7c\xe2\xb8\xad\xad"
"\x19\x33\xe0\xf4\x40\x81\x72\x28"
"\xe1\x8b\x1c\xf8\x91\x78\xff\xaf"
"\xb0\x68\x69\xf2\x27\x35\x91\x84"
"\x2e\x37\x5b\x00\x04\xff\x16\x9c"
"\xb5\x19\x39\xeb\xd9\xcd\x29\x9a",
.rlen = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xa7\x00\x93\x5b\x70\x61\x9d\xc2"
"\x86\xf7\xde\xfa\xd5\xfe\x52\x2b",
.klen = 16,
.iv = "\xb6\xca\x22\xc3\xb4\x00\x47\x49"
"\xa6\x2d\x0a\x1e\xd4\xc7\x83\xad",
.assoc = "\xc5",
.alen = 1,
.input = "\x4d\xbf\x11\xac\x7f\x97\x0b\x2e"
"\x89\x3b\x9d\x0f\x83\x1c\x08\xc3",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe4\x25\xcd\xfa\x80\xdd\x46\xde"
"\x07\xd1\x90\x8b\xcf\x23\x15\x31",
.klen = 16,
.iv = "\xf3\xee\x5c\x62\xc4\x7c\xf0\x65"
"\x27\x08\xbd\xaf\xce\xec\x45\xb3",
.assoc = "\x02\xb8\xea\xca\x09\x1b\x9a\xec"
"\x47\x3e\xe9\xd4\xcc\xb5\x76\x34"
"\xe8\x73\x62\x64\xab\x50\xd0\xda"
"\x6b\x83\x66\xaf\x3e\x27\xc9",
.alen = 31,
.input = "\x5b\xc0\x8d\x54\xe4\xec\xbe\x38"
"\x03\x12\xf9\xcc\x9e\x46\x42\x92",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x20\x4a\x07\x99\x91\x58\xee\xfa"
"\x88\xab\x42\x1c\xc9\x47\xd7\x38",
.klen = 16,
.iv = "\x2f\x13\x95\x01\xd5\xf7\x99\x81"
"\xa8\xe2\x6f\x41\xc8\x10\x08\xb9",
.assoc = "\x3f\xdc\x24\x69\x19\x96\x43\x08"
"\xc8\x18\x9b\x65\xc6\xd9\x39\x3b"
"\x12\x35\x6e\xe8\xb0\xf0\x52\xf3"
"\x2d\xb0\x45\x87\x18\x86\x68\xf6",
.alen = 32,
.input = "\x48\xc5\xc3\x4c\x40\x2e\x2f\xc2"
"\x6d\x65\xe0\x67\x9c\x1d\xa0\xf0",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x5d\x6f\x41\x39\xa1\xd4\x97\x16"
"\x09\x85\xf4\xae\xc3\x6b\x9a\x3e",
.klen = 16,
.iv = "\x6c\x38\xcf\xa1\xe5\x73\x41\x9d"
"\x29\xbc\x21\xd2\xc2\x35\xcb\xbf",
.assoc = "\x7b\x01\x5d\x08\x29\x12\xec\x24"
"\x49\xf3\x4d\xf7\xc0\xfe\xfb\x41"
"\x3c\xf8\x79\x6c\xb6\x90\xd4\x0d"
"\xee\xde\x23\x60\xf2\xe5\x08\xcc"
"\x97",
.alen = 33,
.input = "\x28\x64\x78\x51\x55\xd8\x56\x4a"
"\x58\x3e\xf7\xbe\xee\x21\xfe\x94",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x99\x93\x7a\xd8\xb1\x50\x40\x31"
"\x8a\x60\xa6\x3f\xbd\x90\x5d\x44",
.klen = 16,
.iv = "\xa8\x5c\x09\x40\xf5\xef\xea\xb8"
"\xaa\x96\xd3\x64\xbc\x59\x8d\xc6",
.assoc = "\xb8\x26\x97\xa8\x39\x8e\x94\x3f"
"\xca\xcd\xff\x88\xba\x22\xbe\x47"
"\x67\xba\x85\xf1\xbb\x30\x56\x26"
"\xaf\x0b\x02\x38\xcc\x44\xa7\xa3"
"\xa6\xbf\x31\x93\x60\xcd\xda\x63"
"\x2c\xb1\xaa\x19\xc8\x19\xf8\xeb"
"\x03\xa1\xe8\xbe\x37\x54\xec\xa2"
"\xcd\x2c\x45\x58\xbd\x8e\x80",
.alen = 63,
.input = "\xb3\xa6\x00\x4e\x09\x20\xac\x21"
"\x77\x72\x69\x76\x2d\x36\xe5\xc8",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\xd6\xb8\xb4\x77\xc1\xcb\xe9\x4d"
"\x0a\x3a\x58\xd1\xb7\xb4\x1f\x4a",
.klen = 16,
.iv = "\xe5\x81\x42\xdf\x05\x6a\x93\xd4"
"\x2b\x70\x85\xf5\xb6\x7d\x50\xcc",
.assoc = "\xf4\x4a\xd1\x47\x49\x09\x3d\x5b"
"\x4b\xa7\xb1\x19\xb4\x46\x81\x4d"
"\x91\x7c\x91\x75\xc0\xd0\xd8\x40"
"\x71\x39\xe1\x10\xa6\xa3\x46\x7a"
"\xb4\x6b\x35\xc2\xc1\xdf\xed\x60"
"\x46\xc1\x3e\x7f\x8c\xc2\x0e\x7a"
"\x30\x08\xd0\x5f\xa0\xaa\x0c\x6d"
"\x9c\x2f\xdb\x97\xb8\x15\x69\x01",
.alen = 64,
.input = "\x65\x33\x7b\xa1\x63\xf4\x20\xdd"
"\xe4\xb9\x4a\xaa\x9a\x21\xaa\x14",
.ilen = 16,
.result = "",
.rlen = 0,
}, {
.key = "\x12\xdd\xee\x17\xd1\x47\x92\x69"
"\x8b\x14\x0a\x62\xb1\xd9\xe2\x50",
.klen = 16,
.iv = "\x22\xa6\x7c\x7f\x15\xe6\x3c\xf0"
"\xac\x4b\x37\x86\xb0\xa2\x13\xd2",
.assoc = "\x31",
.alen = 1,
.input = "\x1d\x47\x17\x34\x86\xf5\x54\x1a"
"\x6d\x28\xb8\x5d\x6c\xcf\xa0\xb9"
"\xbf",
.ilen = 17,
.result = "\x40",
.rlen = 1,
}, {
.key = "\x4f\x01\x27\xb6\xe1\xc3\x3a\x85"
"\x0c\xee\xbc\xf4\xab\xfd\xa5\x57",
.klen = 16,
.iv = "\x5e\xcb\xb6\x1e\x25\x62\xe4\x0c"
"\x2d\x25\xe9\x18\xaa\xc6\xd5\xd8",
.assoc = "\x6d\x94\x44\x86\x69\x00\x8f\x93"
"\x4d\x5b\x15\x3c\xa8\x8f\x06\x5a"
"\xe6\x01\xa8\x7e\xca\x10\xdc\x73"
"\xf4\x94\x9f\xc1\x5a\x61\x85",
.alen = 31,
.input = "\x78\x90\x52\xae\x0f\xf7\x2e\xef"
"\x63\x09\x08\x58\xb5\x56\xbd\x72"
"\x6e\x42\xcf\x27\x04\x7c\xdb\x92"
"\x18\xe9\xa4\x33\x90\xba\x62\xb5"
"\x70\xd3\x88\x9b\x4f\x05\xa7\x51"
"\x85\x87\x17\x09\x42\xed\x4e",
.ilen = 47,
.result = "\x7c\x5d\xd3\xee\xad\x9f\x39\x1a"
"\x6d\x92\x42\x61\xa7\x58\x37\xdb"
"\xb0\xb2\x2b\x9f\x0b\xb8\xbd\x7a"
"\x24\xa0\xd6\xb7\x11\x79\x6c",
.rlen = 31,
}, {
.key = "\x8b\x26\x61\x55\xf1\x3e\xe3\xa1"
"\x8d\xc8\x6e\x85\xa5\x21\x67\x5d",
.klen = 16,
.iv = "\x9b\xef\xf0\xbd\x35\xdd\x8d\x28"
"\xad\xff\x9b\xa9\xa4\xeb\x98\xdf",
.assoc = "\xaa\xb8\x7e\x25\x79\x7c\x37\xaf"
"\xce\x36\xc7\xce\xa2\xb4\xc9\x60"
"\x10\xc3\xb3\x02\xcf\xb0\x5e\x8d"
"\xb5\xc2\x7e\x9a\x35\xc0\x24\xfd",
.alen = 32,
.input = "\x1d\x2c\x57\xe0\x50\x38\x3d\x41"
"\x2e\x71\xc8\x3b\x92\x43\x58\xaf"
"\x5a\xfb\xad\x8f\xd9\xd5\x8a\x5e"
"\xdb\xf3\xcd\x3a\x2b\xe1\x2c\x1a"
"\xb0\xed\xe3\x0c\x6e\xf9\xf2\xd6"
"\x90\xe6\xb1\x0e\xa5\x8a\xac\xb7",
.ilen = 48,
.result = "\xb9\x82\x0c\x8d\xbd\x1b\xe2\x36"
"\xee\x6c\xf4\xf2\xa1\x7d\xf9\xe2"
"\xdb\x74\x36\x23\x11\x58\x3f\x93"
"\xe5\xcd\xb5\x90\xeb\xd8\x0c\xb3",
.rlen = 32,
}, {
.key = "\xc8\x4b\x9b\xf5\x01\xba\x8c\xbd"
"\x0e\xa3\x21\x16\x9f\x46\x2a\x63",
.klen = 16,
.iv = "\xd7\x14\x29\x5d\x45\x59\x36\x44"
"\x2e\xd9\x4d\x3b\x9e\x0f\x5b\xe5",
.assoc = "\xe6\xdd\xb8\xc4\x89\xf8\xe0\xca"
"\x4f\x10\x7a\x5f\x9c\xd8\x8b\x66"
"\x3b\x86\xbf\x86\xd4\x50\xe0\xa7"
"\x76\xef\x5c\x72\x0f\x1f\xc3\xd4"
"\xee",
.alen = 33,
.input = "\x59\x10\x84\x1c\x83\x4c\x8b\xfc"
"\xfd\x2e\x4b\x46\x84\xff\x78\x4e"
"\x50\xda\x5c\xb9\x61\x1d\xf5\xb9"
"\xfe\xbb\x7f\xae\x8c\xc1\x24\xbd"
"\x8c\x6f\x1f\x9b\xce\xc6\xc1\x37"
"\x08\x06\x5a\xe5\x96\x10\x95\xc2"
"\x5e",
.ilen = 49,
.result = "\xf5\xa6\x46\x2c\xce\x97\x8a\x51"
"\x6f\x46\xa6\x83\x9b\xa1\xbc\xe8"
"\x05\x36\x42\xa7\x16\xf8\xc1\xad"
"\xa7\xfb\x94\x68\xc5\x37\xab\x8a"
"\x72",
.rlen = 33,
}, {
.key = "\x05\x70\xd5\x94\x12\x36\x35\xd8"
"\x8f\x7d\xd3\xa8\x99\x6a\xed\x69",
.klen = 16,
.iv = "\x14\x39\x63\xfc\x56\xd5\xdf\x5f"
"\xaf\xb3\xff\xcc\x98\x33\x1d\xeb",
.assoc = "\x23\x02\xf1\x64\x9a\x73\x89\xe6"
"\xd0\xea\x2c\xf1\x96\xfc\x4e\x6d"
"\x65\x48\xcb\x0a\xda\xf0\x62\xc0"
"\x38\x1d\x3b\x4a\xe9\x7e\x62\xaa"
"\xfd\xc9\x4a\xa9\xa9\x39\x4b\x54"
"\xc8\x0e\x24\x7f\x5e\x10\x7a\x45"
"\x10\x0b\x56\x85\xad\x54\xaa\x66"
"\xa8\x43\xcd\xd4\x9b\xb7\xfa",
.alen = 63,
.input = "\x9a\x12\xbc\xdf\x72\xa8\x56\x22"
"\x49\x2d\x07\x92\xfc\x3d\x6d\x5f"
"\xef\x36\x19\xae\x91\xfa\xd6\x63"
"\x46\xea\x8a\x39\x14\x21\xa6\x37"
"\x18\xfc\x97\x3e\x16\xa5\x4d\x39"
"\x45\x2e\x69\xcc\x9c\x5f\xdf\x6d"
"\x5e\xa2\xbf\xac\x83\x32\x72\x52"
"\x58\x58\x23\x40\xfd\xa5\xc2\xe6"
"\xe9\x5a\x50\x98\x00\x58\xc9\x86"
"\x4f\x20\x37\xdb\x7b\x22\xa3",
.ilen = 79,
.result = "\x32\xcb\x80\xcc\xde\x12\x33\x6d"
"\xf0\x20\x58\x15\x95\xc6\x7f\xee"
"\x2f\xf9\x4e\x2c\x1b\x98\x43\xc7"
"\x68\x28\x73\x40\x9f\x96\x4a\x60"
"\x80\xf4\x4b\xf4\xc1\x3d\xd0\x93"
"\xcf\x12\xc9\x59\x8f\x7a\x7f\xa8"
"\x1b\xa5\x50\xed\x87\xa9\x72\x59"
"\x9c\x44\xb2\xa4\x99\x98\x34",
.rlen = 63,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x41\x94\x0e\x33\x22\xb1\xdd\xf4"
"\x10\x57\x85\x39\x93\x8f\xaf\x70",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x50\x5d\x9d\x9b\x66\x50\x88\x7b"
"\x30\x8e\xb1\x5e\x92\x58\xe0\xf1",
.assoc = "\x5f\x27\x2b\x03\xaa\xef\x32\x02"
"\x50\xc4\xde\x82\x90\x21\x11\x73"
"\x8f\x0a\xd6\x8f\xdf\x90\xe4\xda"
"\xf9\x4a\x1a\x23\xc3\xdd\x02\x81"
"\x0b\x76\x4f\xd7\x0a\x4b\x5e\x51"
"\xe3\x1d\xb9\xe5\x21\xb9\x8f\xd4"
"\x3d\x72\x3e\x26\x16\xa9\xca\x32"
"\x77\x47\x63\x14\x95\x3d\xe4\x34",
.alen = 64,
.input = "\xe6\xeb\x92\x5a\x5b\xf0\x2d\xbb"
"\x23\xec\x35\xe3\xae\xc9\xfb\x0b"
"\x90\x14\x46\xeb\xa8\x8d\xb0\x9b"
"\x39\xda\x8b\x48\xec\xb2\x00\x4e"
"\x80\x6f\x46\x4f\x9b\x1e\xbb\x35"
"\xea\x5a\xbc\xa2\x36\xa5\x89\x45"
"\xc2\xd6\xd7\x15\x0b\xf6\x6c\x56"
"\xec\x99\x7d\x61\xb3\x15\x93\xed"
"\x83\x1e\xd9\x48\x84\x0b\x37\xfe"
"\x95\x74\x44\xd5\x54\xa6\x27\x06",
.ilen = 80,
.result = "\x6e\xf0\xba\x6b\xee\x8e\xdc\x89"
"\x71\xfb\x0a\xa6\x8f\xea\x41\xf4"
"\x5a\xbb\x59\xb0\x20\x38\xc5\xe0"
"\x29\x56\x52\x19\x79\xf5\xe9\x37"
"\x8f\xa1\x50\x23\x22\x4f\xe3\x91"
"\xe9\x21\x5e\xbf\x52\x23\x95\x37"
"\x48\x0c\x38\x8f\xf0\xff\x92\x24"
"\x6b\x47\x49\xe3\x94\x1f\x1e\x01",
.rlen = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x7e\xb9\x48\xd3\x32\x2d\x86\x10"
"\x91\x31\x37\xcb\x8d\xb3\x72\x76",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x8d\x82\xd6\x3b\x76\xcc\x30\x97"
"\xb1\x68\x63\xef\x8c\x7c\xa3\xf7",
.assoc = "\x9c\x4b\x65\xa2\xba\x6b\xdb\x1e"
"\xd1\x9e\x90\x13\x8a\x45\xd3\x79"
"\xba\xcd\xe2\x13\xe4\x30\x66\xf4"
"\xba\x78\xf9\xfb\x9d\x3c\xa1\x58"
"\x1a\x22\x53\x05\x6b\x5c\x71\x4f"
"\xfd\x2d\x4d\x4c\xe5\x62\xa5\x63"
"\x6a\xda\x26\xc8\x7f\xff\xea\xfd"
"\x46\x4a\xfa\x53\x8f\xc4\xcd\x68"
"\x58",
.alen = 65,
.input = "\x89\x24\x27\x86\xdc\xd7\x6b\xd9"
"\xd1\xcd\xdc\x16\xdd\x2c\xc1\xfb"
"\x52\xb5\xb3\xab\x50\x99\x3f\xa0"
"\x38\xa4\x74\xa5\x04\x15\x63\x05"
"\x8f\x54\x81\x06\x5a\x6b\xa4\x63"
"\x6d\xa7\x21\xcb\xff\x42\x30\x8e"
"\x3b\xd1\xca\x3f\x4b\x1a\xb8\xc3"
"\x42\x01\xe6\xbc\x75\x15\x87\xee"
"\xc9\x8e\x65\x01\xd9\xd8\xb5\x9f"
"\x48\x86\xa6\x5f\x2c\xc7\xb5\xb0"
"\xed\x5d\x14\x7c\x3f\x40\xb1\x0b"
"\x72\xef\x94\x8d\x7a\x85\x56\xe5"
"\x56\x08\x15\x56\xba\xaf\xbd\xf0"
"\x20\xef\xa0\xf6\xa9\xad\xa2\xc9"
"\x1c\x3b\x28\x51\x7e\x77\xb2\x18"
"\x4f\x61\x64\x37\x22\x36\x6d\x78"
"\xed\xed\x35\xe8\x83\xa5\xec\x25"
"\x6b\xff\x5f\x1a\x09\x96\x3d\xdc"
"\x20",
.ilen = 145,
.result = "\xab\x14\xf3\x0a\xfe\x0a\x85\xa5"
"\xf2\xd5\xbc\x38\x89\x0e\x04\xfb"
"\x84\x7d\x65\x34\x25\xd8\x47\xfa"
"\xeb\x83\x31\xf1\x54\x54\x89\x0d"
"\x9d\x4d\x54\x51\x84\x61\xf6\x8e"
"\x03\x31\xf2\x25\x16\xcc\xaa\xc6"
"\x75\x73\x20\x30\x59\x54\xb2\xf0"
"\x3a\x4b\xe0\x23\x8e\xa6\x08\x35"
"\x8a\xdf\x27\xa0\xe4\x60\x99\xae"
"\x8e\x43\xd9\x39\x7b\x10\x40\x67"
"\x5c\x7e\xc9\x70\x63\x34\xca\x59"
"\xfe\x86\xbc\xb7\x9c\x39\xf3\x6d"
"\x6a\x41\x64\x6f\x16\x7f\x65\x7e"
"\x89\x84\x68\xeb\xb0\x51\xbe\x55"
"\x33\x16\x59\x6c\x3b\xef\x88\xad"
"\x2f\xab\xbc\x25\x76\x87\x41\x2f"
"\x36",
.rlen = 129,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xba\xde\x82\x72\x42\xa9\x2f\x2c"
"\x12\x0b\xe9\x5c\x87\xd7\x35\x7c",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xc9\xa7\x10\xda\x86\x48\xd9\xb3"
"\x32\x42\x15\x80\x85\xa1\x65\xfe",
.assoc = "\xd8\x70\x9f\x42\xca\xe6\x83\x3a"
"\x52\x79\x42\xa5\x84\x6a\x96\x7f"
"\xe4\x8f\xed\x97\xe9\xd0\xe8\x0d"
"\x7c\xa6\xd8\xd4\x77\x9b\x40\x2e"
"\x28\xce\x57\x34\xcd\x6e\x84\x4c"
"\x17\x3c\xe1\xb2\xa8\x0b\xbb\xf1"
"\x96\x41\x0d\x69\xe8\x54\x0a\xc8"
"\x15\x4e\x91\x92\x89\x4b\xb7\x9b"
"\x21\xf7\x42\x89\xac\x12\x2a\x54"
"\x69\xee\x18\xc7\x8d\xed\xe8\xfd"
"\xbb\x04\x28\xe6\x8a\x3c\x98\xc1"
"\x04\x2d\xa9\xa1\x24\x83\xff\xe9"
"\x55\x7a\xf0\xd1\xf6\x63\x05\xe1"
"\xd9\x1e\x75\x72\xc1\x9f\xae\x32"
"\xe1\x6b\xcd\x9e\x61\x19\x23\x86"
"\xd9\xd2\xaf\x8e\xd5\xd3\xa8\xa9"
"\x51",
.alen = 129,
.input = "\x36\x78\xb9\x22\xde\x62\x35\x55"
"\x1a\x7a\xf5\x45\xbc\xd7\x15\x82"
"\x01\xe9\x5a\x07\xea\x46\xaf\x91"
"\xcb\x73\xa5\xee\xe1\xb4\xbf\xc2"
"\xdb\xd2\x9d\x59\xde\xfc\x83\x00"
"\xf5\x46\xac\x97\xd5\x57\xa9\xb9"
"\x1f\x8c\xe8\xca\x68\x8b\x91\x0c"
"\x01\xbe\x0a\xaf\x7c\xf6\x67\xa4"
"\xbf\xbc\x88\x3f\x5d\xd1\xf9\x19"
"\x0f\x9d\xb2\xaf\xb9\x6e\x17\xdf"
"\xa2",
.ilen = 81,
.result = "\xe8\x39\x2d\xaa\x0e\x85\x2d\xc1"
"\x72\xaf\x6e\xc9\x82\x33\xc7\x01"
"\xaf\x40\x70\xb8\x2a\x78\xc9\x14"
"\xac\xb1\x10\xca\x2e\xb3\x28\xe4"
"\xac\xfa\x58\x7f\xe5\x73\x09\x8c"
"\x1d\x40\x87\x8c\xd9\x75\xc0\x55"
"\xa2\xda\x07\xd1\xc2\xa9\xd1\xbb"
"\x09\x4f\x77\x62\x88\x2d\xf2\x68"
"\x54",
.rlen = 65,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf7\x02\xbb\x11\x52\x24\xd8\x48"
"\x93\xe6\x9b\xee\x81\xfc\xf7\x82",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x06\xcc\x4a\x79\x96\xc3\x82\xcf"
"\xb3\x1c\xc7\x12\x7f\xc5\x28\x04",
.assoc = "\x15\x95\xd8\xe1\xda\x62\x2c\x56"
"\xd3\x53\xf4\x36\x7e\x8e\x59\x85"
"\x0e\x51\xf9\x1c\xee\x70\x6a\x27"
"\x3d\xd3\xb7\xac\x51\xfa\xdf\x05",
.alen = 32,
.input = "\x08\x1b\x95\x0e\x41\x95\x02\x4b"
"\x9c\xbb\xa8\xd0\x7c\xd3\x44\x6e"
"\x89\x14\x33\x70\x0a\xbc\xea\x39"
"\x88\xaa\x2b\xd5\x73\x11\x55\xf5"
"\x33\x33\x9c\xd7\x42\x34\x49\x8e"
"\x2f\x03\x30\x05\x47\xaf\x34",
.ilen = 47,
.result = "\x24\x5e\x67\x49\x1e\x01\xd6\xdd"
"\xf3\x89\x20\x5b\x7c\x57\x89\x07"
"\xd9\x02\x7c\x3d\x2f\x18\x4b\x2d"
"\x6e\xde\xee\xa2\x08\x12\xc7\xba",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x33\x27\xf5\xb1\x62\xa0\x80\x63"
"\x14\xc0\x4d\x7f\x7b\x20\xba\x89",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x42\xf0\x84\x19\xa6\x3f\x2b\xea"
"\x34\xf6\x79\xa3\x79\xe9\xeb\x0a",
.assoc = "\x51\xb9\x12\x80\xea\xde\xd5\x71"
"\x54\x2d\xa6\xc8\x78\xb2\x1b\x8c"
"\x39\x14\x05\xa0\xf3\x10\xec\x41"
"\xff\x01\x95\x84\x2b\x59\x7f\xdb",
.alen = 32,
.input = "\x97\xca\xf4\xe0\x8d\x89\xbf\x68"
"\x0c\x60\xb9\x27\xdf\xaa\x41\xc6"
"\x25\xd8\xf7\x1f\x10\x15\x48\x61"
"\x4c\x95\x00\xdf\x51\x9b\x7f\xe6"
"\x24\x40\x9e\xbe\x3b\xeb\x1b\x98"
"\xb9\x9c\xe5\xef\xf2\x05",
.ilen = 46,
.result = "\x61\x83\xa0\xe8\x2e\x7d\x7f\xf8"
"\x74\x63\xd2\xec\x76\x7c\x4c\x0d"
"\x03\xc4\x88\xc1\x35\xb8\xcd\x47"
"\x2f\x0c\xcd\x7a\xe2\x71\x66\x91",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x70\x4c\x2f\x50\x72\x1c\x29\x7f"
"\x95\x9a\xff\x10\x75\x45\x7d\x8f",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x7f\x15\xbd\xb8\xb6\xba\xd3\x06"
"\xb5\xd1\x2b\x35\x73\x0e\xad\x10",
.assoc = "\x8e\xde\x4c\x20\xfa\x59\x7e\x8d"
"\xd5\x07\x58\x59\x72\xd7\xde\x92"
"\x63\xd6\x10\x24\xf8\xb0\x6e\x5a"
"\xc0\x2e\x74\x5d\x06\xb8\x1e\xb2",
.alen = 32,
.input = "\x63\x4c\x2a\x8e\xb4\x6b\x63\x0d"
"\xb5\xec\x9b\x4e\x12\x23\xa3\xcf"
"\x1a\x5a\x70\x15\x5a\x10\x40\x51"
"\xca\x47\x4c\x9d\xc9\x97\xf4\x77"
"\xdb\xc8\x10\x2d\xdc\x65\x20\x3f",
.ilen = 40,
.result = "\x9d\xa7\xda\x88\x3e\xf8\x28\x14"
"\xf5\x3e\x85\x7d\x70\xa0\x0f\x13"
"\x2e\x86\x93\x45\x3a\x58\x4f\x61"
"\xf0\x3a\xac\x53\xbc\xd0\x06\x68",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xac\x70\x69\xef\x82\x97\xd2\x9b"
"\x15\x74\xb1\xa2\x6f\x69\x3f\x95",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xbb\x3a\xf7\x57\xc6\x36\x7c\x22"
"\x36\xab\xde\xc6\x6d\x32\x70\x17",
.assoc = "\xcb\x03\x85\xbf\x0a\xd5\x26\xa9"
"\x56\xe1\x0a\xeb\x6c\xfb\xa1\x98"
"\x8d\x98\x1c\xa8\xfe\x50\xf0\x74"
"\x81\x5c\x53\x35\xe0\x17\xbd\x88",
.alen = 32,
.input = "\xf1\x62\x44\xc7\x5f\x19\xca\x43"
"\x47\x2c\xaf\x68\x82\xbd\x51\xef"
"\x3d\x65\xd8\x45\x2d\x06\x07\x78"
"\x08\x2e\xb3\x23\xcd\x81\x12\x55"
"\x1a",
.ilen = 33,
.result = "\xda\xcc\x14\x27\x4e\x74\xd1\x30"
"\x76\x18\x37\x0f\x6a\xc4\xd1\x1a"
"\x58\x49\x9f\xc9\x3f\xf8\xd1\x7a"
"\xb2\x67\x8b\x2b\x96\x2f\xa5\x3e",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xe9\x95\xa2\x8f\x93\x13\x7b\xb7"
"\x96\x4e\x63\x33\x69\x8d\x02\x9b"
"\x23\xf9\x22\xeb\x80\xa0\xb1\x81"
"\xe2\x73\xc3\x21\x4d\x47\x8d\xf4",
.klen = 32,
.iv = "\xf8\x5e\x31\xf7\xd7\xb2\x25\x3e"
"\xb7\x85\x90\x58\x67\x57\x33\x1d",
.assoc = "",
.alen = 0,
.input = "\xdf\x2f\x83\xc0\x45\x4a\x2c\xcf"
"\xb9\xd2\x41\xf6\x80\xa1\x52\x70",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x25\xba\xdc\x2e\xa3\x8f\x24\xd3"
"\x17\x29\x15\xc5\x63\xb2\xc5\xa1"
"\x4d\xbc\x2d\x6f\x85\x40\x33\x9a"
"\xa3\xa0\xa1\xfa\x27\xa6\x2c\xca",
.klen = 32,
.iv = "\x34\x83\x6a\x96\xe7\x2d\xce\x5a"
"\x38\x5f\x42\xe9\x61\x7b\xf5\x23",
.assoc = "",
.alen = 0,
.input = "\x01\xd8\x55\x3c\xc0\x5a\x4b\xc7"
"\x01\xf4\x08\xe3\x0d\xf7\xf0\x78"
"\x53",
.ilen = 17,
.result = "\x53",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x62\xdf\x16\xcd\xb3\x0a\xcc\xef"
"\x98\x03\xc7\x56\x5d\xd6\x87\xa8"
"\x77\x7e\x39\xf3\x8a\xe0\xb5\xb4"
"\x65\xce\x80\xd2\x01\x05\xcb\xa1",
.klen = 32,
.iv = "\x71\xa8\xa4\x35\xf7\xa9\x76\x75"
"\xb8\x39\xf4\x7a\x5b\x9f\xb8\x29",
.assoc = "",
.alen = 0,
.input = "\xc2\x4b\x41\x0f\x2d\xb9\x62\x07"
"\xff\x8e\x74\xf8\xa1\xa6\xd5\x37"
"\xa5\x64\x31\x5c\xca\x73\x9b\x43"
"\xe6\x70\x63\x46\x95\xcb\xf7\xb5"
"\x20\x8c\x75\x7a\x2a\x17\x2f\xa9"
"\xb8\x4d\x11\x42\xd1\xf8\xf1",
.ilen = 47,
.result = "\x8f\x3a\xc1\x05\x7f\xe7\xcb\x83"
"\xf9\xa6\x4d\xc3\x58\x31\x19\x2c"
"\xd7\x90\xc2\x56\x4e\xd8\x57\xc7"
"\xf6\xf0\x27\xb4\x25\x4c\x83",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x9e\x03\x4f\x6d\xc3\x86\x75\x0a"
"\x19\xdd\x79\xe8\x57\xfb\x4a\xae"
"\xa2\x40\x45\x77\x90\x80\x37\xce"
"\x26\xfb\x5f\xaa\xdb\x64\x6b\x77",
.klen = 32,
.iv = "\xae\xcc\xde\xd5\x07\x25\x1f\x91"
"\x39\x14\xa6\x0c\x55\xc4\x7b\x30",
.assoc = "",
.alen = 0,
.input = "\xbb\x01\x7c\xd1\x2c\x33\x7b\x37"
"\x0a\xee\xc4\x30\x19\xd7\x3a\x6f"
"\xf8\x2b\x67\xf5\x3b\x84\x87\x2a"
"\xfb\x07\x7a\x82\xb5\xe4\x85\x26"
"\x1e\xa8\xe5\x04\x54\xce\xe5\x5f"
"\xb5\x3f\xc1\xd5\x7f\xbd\xd2\xa6",
.ilen = 48,
.result = "\xcc\x5f\xfb\xa4\x8f\x63\x74\x9f"
"\x7a\x81\xff\x55\x52\x56\xdc\x33"
"\x01\x52\xcd\xdb\x53\x78\xd9\xe1"
"\xb7\x1d\x06\x8d\xff\xab\x22\x98",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xdb\x28\x89\x0c\xd3\x01\x1e\x26"
"\x9a\xb7\x2b\x79\x51\x1f\x0d\xb4"
"\xcc\x03\x50\xfc\x95\x20\xb9\xe7"
"\xe8\x29\x3e\x83\xb5\xc3\x0a\x4e",
.klen = 32,
.iv = "\xea\xf1\x18\x74\x17\xa0\xc8\xad"
"\xba\xee\x58\x9d\x4f\xe8\x3d\x36",
.assoc = "",
.alen = 0,
.input = "\xc2\xf4\x40\x55\xf9\x59\xff\x73"
"\x08\xf5\x98\x92\x0c\x7b\x35\x9a"
"\xa8\xf4\x42\x7e\x6f\x93\xca\x22"
"\x23\x06\x1e\xf8\x89\x22\xf4\x46"
"\x7c\x7c\x67\x75\xab\xe5\x75\xaa"
"\x15\xd7\x83\x19\xfd\x31\x59\x5b"
"\x32",
.ilen = 49,
.result = "\x08\x84\x34\x44\x9f\xde\x1c\xbb"
"\xfb\x5b\xb1\xe6\x4c\x7a\x9f\x39"
"\x2c\x14\xd9\x5f\x59\x18\x5b\xfb"
"\x79\x4b\xe5\x65\xd9\x0a\xc1\x6f"
"\x2e",
.rlen = 33,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x17\x4d\xc3\xab\xe3\x7d\xc7\x42"
"\x1b\x91\xdd\x0a\x4b\x43\xcf\xba"
"\xf6\xc5\x5c\x80\x9a\xc0\x3b\x01"
"\xa9\x56\x1d\x5b\x8f\x22\xa9\x25",
.klen = 32,
.iv = "\x27\x16\x51\x13\x27\x1c\x71\xc9"
"\x3b\xc8\x0a\x2f\x49\x0c\x00\x3c",
.assoc = "",
.alen = 0,
.input = "\xc9\x82\x3b\x4b\x87\x84\xa5\xdb"
"\xa0\x8c\xd3\x3e\x7f\x8d\xe8\x28"
"\x2a\xdc\xfa\x01\x84\x87\x9a\x70"
"\x81\x75\x37\x0a\xd2\x75\xa9\xb6"
"\x21\x72\xee\x7e\x65\x95\xe5\xcc"
"\x01\xb7\x39\xa6\x51\x15\xca\xff"
"\x61\xdc\x97\x38\xcc\xf4\xca\xc7"
"\x83\x9b\x05\x11\x72\x60\xf0\xb4"
"\x7e\x06\xab\x0a\xc0\xbb\x59\x23"
"\xaa\x2d\xfc\x4e\x35\x05\x59",
.ilen = 79,
.result = "\x45\xa8\x6e\xe3\xaf\x5a\xc5\xd7"
"\x7c\x35\x63\x77\x46\x9f\x61\x3f"
"\x56\xd7\xe4\xe3\x5e\xb8\xdc\x14"
"\x3a\x79\xc4\x3e\xb3\x69\x61\x46"
"\x3c\xb6\x83\x4e\xb4\x26\xc7\x73"
"\x22\xda\x52\x8b\x7d\x11\x98\xea"
"\x62\xe1\x14\x1e\xdc\xfe\x0f\xad"
"\x20\x76\x5a\xdc\x4e\x71\x13",
.rlen = 63,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x54\x71\xfd\x4b\xf3\xf9\x6f\x5e"
"\x9c\x6c\x8f\x9c\x45\x68\x92\xc1"
"\x21\x87\x67\x04\x9f\x60\xbd\x1b"
"\x6a\x84\xfc\x34\x6a\x81\x48\xfb",
.klen = 32,
.iv = "\x63\x3b\x8b\xb3\x37\x98\x1a\xe5"
"\xbc\xa2\xbc\xc0\x43\x31\xc2\x42",
.assoc = "",
.alen = 0,
.input = "\x11\x7c\x7d\xef\xce\x29\x95\xec"
"\x7e\x9f\x42\xa6\x26\x07\xa1\x75"
"\x2f\x4e\x09\x9a\xf6\x6b\xc2\xfa"
"\x0d\xd0\x17\xdc\x25\x1e\x9b\xdc"
"\x5f\x8c\x1c\x60\x15\x4f\x9b\x20"
"\x7b\xff\xcd\x82\x60\x84\xf4\xa5"
"\x20\x9a\x05\x19\x5b\x02\x0a\x72"
"\x43\x11\x26\x58\xcf\xc5\x41\xcf"
"\x13\xcc\xde\x32\x92\xfa\x86\xf2"
"\xaf\x16\xe8\x8f\xca\xb6\xfd\x54",
.ilen = 80,
.result = "\x81\xcd\xa8\x82\xbf\xd6\x6e\xf3"
"\xfd\x0f\x15\x09\x40\xc3\x24\x45"
"\x81\x99\xf0\x67\x63\x58\x5e\x2e"
"\xfb\xa6\xa3\x16\x8d\xc8\x00\x1c"
"\x4b\x62\x87\x7c\x15\x38\xda\x70"
"\x3d\xea\xe7\xf2\x40\xba\xae\x79"
"\x8f\x48\xfc\xbf\x45\x53\x2e\x78"
"\xef\x79\xf0\x1b\x49\xf7\xfd\x9c",
.rlen = 64,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x90\x96\x36\xea\x03\x74\x18\x7a"
"\x1d\x46\x42\x2d\x3f\x8c\x54\xc7"
"\x4b\x4a\x73\x89\xa4\x00\x3f\x34"
"\x2c\xb1\xdb\x0c\x44\xe0\xe8\xd2",
.klen = 32,
.iv = "\xa0\x5f\xc5\x52\x47\x13\xc2\x01"
"\x3d\x7c\x6e\x52\x3d\x55\x85\x48",
.assoc = "\xaf",
.alen = 1,
.input = "\x9b\xc5\x3b\x20\x0a\x88\x56\xbe"
"\x69\xdf\xc4\xc4\x02\x46\x3a\xf0",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xcd\xbb\x70\x89\x13\xf0\xc1\x95"
"\x9e\x20\xf4\xbf\x39\xb1\x17\xcd"
"\x76\x0c\x7f\x0d\xa9\xa0\xc1\x4e"
"\xed\xdf\xb9\xe4\x1e\x3f\x87\xa8",
.klen = 32,
.iv = "\xdc\x84\xfe\xf1\x58\x8f\x6b\x1c"
"\xbe\x57\x20\xe3\x37\x7a\x48\x4f",
.assoc = "\xeb\x4d\x8d\x59\x9c\x2e\x15\xa3"
"\xde\x8d\x4d\x07\x36\x43\x78\xd0"
"\x0b\x6d\x84\x4f\x2c\xf0\x82\x5b"
"\x4e\xf6\x29\xd1\x8b\x6f\x56",
.alen = 31,
.input = "\xe0\x6d\xa1\x07\x98\x2f\x40\x2d"
"\x2e\x9a\xd6\x61\x43\xc0\x74\x69",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x0a\xe0\xaa\x29\x24\x6c\x6a\xb1"
"\x1f\xfa\xa6\x50\x33\xd5\xda\xd3"
"\xa0\xce\x8a\x91\xae\x40\x43\x68"
"\xae\x0d\x98\xbd\xf8\x9e\x26\x7f",
.klen = 32,
.iv = "\x19\xa9\x38\x91\x68\x0b\x14\x38"
"\x3f\x31\xd2\x74\x31\x9e\x0a\x55",
.assoc = "\x28\x72\xc7\xf8\xac\xaa\xbe\xbf"
"\x5f\x67\xff\x99\x30\x67\x3b\xd6"
"\x35\x2f\x90\xd3\x31\x90\x04\x74"
"\x0f\x23\x08\xa9\x65\xce\xf6\xea",
.alen = 32,
.input = "\xb9\x57\x13\x3e\x82\x31\x61\x65"
"\x0d\x7f\x6c\x96\x93\x5c\x50\xe2",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x46\x04\xe3\xc8\x34\xe7\x12\xcd"
"\xa0\xd4\x58\xe2\x2d\xf9\x9c\xda"
"\xca\x91\x96\x15\xb4\xe0\xc5\x81"
"\x70\x3a\x77\x95\xd2\xfd\xc5\x55",
.klen = 32,
.iv = "\x55\xcd\x72\x30\x78\x86\xbd\x54"
"\xc0\x0b\x84\x06\x2b\xc2\xcd\x5b",
.assoc = "\x64\x97\x00\x98\xbc\x25\x67\xdb"
"\xe0\x41\xb1\x2a\x2a\x8c\xfe\xdd"
"\x5f\xf2\x9c\x58\x36\x30\x86\x8e"
"\xd1\x51\xe6\x81\x3f\x2d\x95\xc1"
"\x01",
.alen = 33,
.input = "\x81\x96\x34\xde\xbb\x36\xdd\x3e"
"\x4e\x5e\xcb\x44\x21\xb8\x3f\xf1",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x83\x29\x1d\x67\x44\x63\xbb\xe9"
"\x20\xaf\x0a\x73\x27\x1e\x5f\xe0"
"\xf5\x53\xa1\x9a\xb9\x80\x47\x9b"
"\x31\x68\x56\x6e\xac\x5c\x65\x2c",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x92\xf2\xac\xcf\x88\x02\x65\x70"
"\x41\xe5\x36\x97\x25\xe7\x90\x61",
.assoc = "\xa1\xbb\x3a\x37\xcc\xa1\x10\xf7"
"\x61\x1c\x63\xbc\x24\xb0\xc0\xe3"
"\x8a\xb4\xa7\xdc\x3b\xd0\x08\xa8"
"\x92\x7f\xc5\x5a\x19\x8c\x34\x97"
"\x0f\x95\x9b\x18\xe4\x8d\xb4\x24"
"\xb9\x33\x28\x18\xe1\x9d\x14\xe0"
"\x64\xb2\x89\x7d\x78\xa8\x05\x7e"
"\x07\x8c\xfc\x88\x2d\xb8\x53",
.alen = 63,
.input = "\x2e\x99\xb6\x79\x57\x56\x80\x36"
"\x8e\xc4\x1c\x12\x7d\x71\x36\x0c",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xbf\x4e\x57\x07\x54\xdf\x64\x05"
"\xa1\x89\xbc\x04\x21\x42\x22\xe6"
"\x1f\x15\xad\x1e\xbe\x20\xc9\xb4"
"\xf3\x95\x35\x46\x86\xbb\x04\x03",
.klen = 32,
.iv = "\xce\x17\xe5\x6f\x98\x7e\x0e\x8c"
"\xc2\xbf\xe8\x29\x1f\x0b\x52\x68",
.assoc = "\xdd\xe0\x74\xd6\xdc\x1d\xb8\x13"
"\xe2\xf6\x15\x4d\x1e\xd4\x83\xe9"
"\xb4\x76\xb3\x60\x40\x70\x8a\xc1"
"\x53\xac\xa4\x32\xf3\xeb\xd3\x6e"
"\x1e\x42\xa0\x46\x45\x9f\xc7\x22"
"\xd3\x43\xbc\x7e\xa5\x47\x2a\x6f"
"\x91\x19\x70\x1e\xe1\xfe\x25\x49"
"\xd6\x8f\x93\xc7\x28\x3f\x3d\x03",
.alen = 64,
.input = "\x7b\x25\x3d\x47\xd4\xa7\x08\xce"
"\x3b\x89\x40\x36\xba\x6d\x0e\xa2",
.ilen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.result = "",
.rlen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xfc\x72\x90\xa6\x64\x5a\x0d\x21"
"\x22\x63\x6e\x96\x1b\x67\xe4\xec"
"\x49\xd7\xb9\xa2\xc3\xc0\x4b\xce"
"\xb4\xc3\x14\x1e\x61\x1a\xa3\xd9",
.klen = 32,
.iv = "\x0b\x3c\x1f\x0e\xa8\xf9\xb7\xa7"
"\x42\x9a\x9a\xba\x19\x30\x15\x6e",
.assoc = "\x1a",
.alen = 1,
.input = "\xe6\x09\x6f\x95\x9a\x18\xc8\xf6"
"\x17\x75\x81\x16\xdf\x26\xff\x67"
"\x92",
.ilen = 17,
.result = "\x29",
.rlen = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x38\x97\xca\x45\x74\xd6\xb6\x3c"
"\xa3\x3d\x20\x27\x15\x8b\xa7\xf2"
"\x74\x9a\xc4\x27\xc8\x60\xcd\xe8"
"\x75\xf0\xf2\xf7\x3b\x79\x42\xb0",
.klen = 32,
.iv = "\x47\x60\x59\xad\xb8\x75\x60\xc3"
"\xc3\x74\x4c\x4c\x13\x54\xd8\x74",
.assoc = "\x56\x29\xe7\x15\xfc\x14\x0a\x4a"
"\xe4\xaa\x79\x70\x12\x1d\x08\xf6"
"\x09\xfb\xca\x69\x4b\xb0\x8e\xf5"
"\xd6\x07\x62\xe3\xa8\xa9\x12",
.alen = 31,
.input = "\x82\xc0\x56\xf0\xd7\xc4\xc9\xfd"
"\x3c\xd1\x2a\xd4\x15\x86\x9d\xda"
"\xea\x6c\x6f\xa1\x33\xb0\x7a\x01"
"\x57\xe7\xf3\x7b\x73\xe7\x54\x10"
"\xc6\x91\xe2\xc6\xa0\x69\xe7\xe6"
"\x76\xc3\xf5\x3a\x76\xfd\x4a",
.ilen = 47,
.result = "\x66\xf3\x75\x7d\x40\xb3\xb4\xd1"
"\x04\xe1\xa6\x94\x10\xe6\x39\x77"
"\xd3\xac\x4d\x8a\x8c\x58\x6e\xfb"
"\x06\x13\x9a\xd9\x5e\xc0\xfa",
.rlen = 31,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x75\xbc\x04\xe5\x84\x52\x5e\x58"
"\x24\x17\xd2\xb9\x0e\xaf\x6a\xf9"
"\x9e\x5c\xd0\xab\xcd\x00\x4f\x01"
"\x37\x1e\xd1\xcf\x15\xd8\xe2\x86",
.klen = 32,
.iv = "\x84\x85\x92\x4d\xc8\xf1\x08\xdf"
"\x44\x4e\xff\xdd\x0d\x78\x9a\x7a",
.assoc = "\x93\x4e\x21\xb4\x0c\x90\xb3\x66"
"\x65\x84\x2b\x01\x0b\x42\xcb\xfc"
"\x33\xbd\xd6\xed\x50\x50\x10\x0e"
"\x97\x35\x41\xbb\x82\x08\xb1\xf2",
.alen = 32,
.input = "\x01\x47\x8e\x6c\xf6\x64\x89\x3a"
"\x71\xce\xe4\xaa\x45\x70\xe6\x84"
"\x62\x48\x08\x64\x86\x6a\xdf\xec"
"\xb4\xa0\xfb\x34\x03\x0c\x19\xf4"
"\x2b\x7b\x36\x73\xec\x54\xa9\x1e"
"\x30\x85\xdb\xe4\xac\xe9\x2c\xca",
.ilen = 48,
.result = "\xa2\x17\xaf\x1c\x50\x2e\x5d\xed"
"\x85\xbb\x58\x26\x0a\x0b\xfc\x7d"
"\xfe\x6e\x59\x0e\x91\xf8\xf0\x15"
"\xc8\x40\x78\xb1\x38\x1f\x99\xa7",
.rlen = 32,
}, {
.key = "\xb1\xe1\x3e\x84\x94\xcd\x07\x74"
"\xa5\xf2\x84\x4a\x08\xd4\x2c\xff"
"\xc8\x1e\xdb\x2f\xd2\xa0\xd1\x1b"
"\xf8\x4c\xb0\xa8\xef\x37\x81\x5d",
.klen = 32,
.iv = "\xc0\xaa\xcc\xec\xd8\x6c\xb1\xfb"
"\xc5\x28\xb1\x6e\x07\x9d\x5d\x81",
.assoc = "\xd0\x73\x5a\x54\x1d\x0b\x5b\x82"
"\xe5\x5f\xdd\x93\x05\x66\x8e\x02"
"\x5e\x80\xe1\x71\x55\xf0\x92\x28"
"\x59\x62\x20\x94\x5c\x67\x50\xc8"
"\x58",
.alen = 33,
.input = "\x85\xe0\xf8\x0f\x8e\x49\xe3\x60"
"\xcb\x4a\x54\x94\xcf\xf5\x7e\x34"
"\xe9\xf8\x80\x65\x53\xd0\x72\x70"
"\x4f\x7d\x9d\xd1\x15\x6f\xb9\x2c"
"\xfa\xe8\xdd\xac\x2e\xe1\x3f\x67"
"\x63\x0f\x1a\x59\xb7\x89\xdb\xf4"
"\xc3",
.ilen = 49,
.result = "\xdf\x3c\xe9\xbc\x61\xaa\x06\x09"
"\x06\x95\x0a\xb7\x04\x2f\xbe\x84"
"\x28\x30\x64\x92\x96\x98\x72\x2e"
"\x89\x6e\x57\x8a\x13\x7e\x38\x7e"
"\xdb",
.rlen = 33,
}, {
.key = "\xee\x05\x77\x23\xa5\x49\xb0\x90"
"\x26\xcc\x36\xdc\x02\xf8\xef\x05"
"\xf3\xe1\xe7\xb3\xd8\x40\x53\x35"
"\xb9\x79\x8f\x80\xc9\x96\x20\x33",
.klen = 32,
.iv = "\xfd\xce\x06\x8b\xe9\xe8\x5a\x17"
"\x46\x02\x63\x00\x01\xc1\x20\x87",
.assoc = "\x0c\x98\x94\xf3\x2d\x87\x04\x9e"
"\x66\x39\x8f\x24\xff\x8a\x50\x08"
"\x88\x42\xed\xf6\x5a\x90\x14\x42"
"\x1a\x90\xfe\x6c\x36\xc6\xf0\x9f"
"\x66\xa0\xb5\x2d\x2c\xf8\x25\x15"
"\x55\x90\xa2\x7e\x77\x94\x96\x3a"
"\x71\x1c\xf7\x44\xee\xa8\xc3\x42"
"\xe2\xa3\x84\x04\x0b\xe1\xce",
.alen = 63,
.input = "\x00\xe5\x5b\x87\x5c\x20\x22\x8a"
"\xda\x1f\xd3\xff\xbb\xb2\xb0\xf8"
"\xef\xe9\xeb\x9e\x7c\x80\xf4\x2b"
"\x59\xc0\x79\xbc\x17\xa0\x15\x01"
"\xf5\x72\xfb\x5a\xe7\xaf\x07\xe3"
"\x1b\x49\x21\x34\x23\x63\x55\x5e"
"\xee\x4f\x34\x17\xfa\xfe\xa5\x0c"
"\xed\x0b\x23\xea\x9b\xda\x57\x2f"
"\xf6\xa9\xae\x0d\x4e\x40\x96\x45"
"\x7f\xfa\xf0\xbf\xc4\x98\x78",
.ilen = 79,
.result = "\x1b\x61\x23\x5b\x71\x26\xae\x25"
"\x87\x6f\xbc\x49\xfe\x53\x81\x8a"
"\x53\xf2\x70\x17\x9b\x38\xf4\x48"
"\x4b\x9b\x36\x62\xed\xdd\xd8\x54"
"\xea\xcb\xb6\x79\x45\xfc\xaa\x54"
"\x5c\x94\x47\x58\xa7\xff\x9c\x9e"
"\x7c\xb6\xf1\xac\xc8\xfd\x8b\x35"
"\xd5\xa4\x6a\xd4\x09\xc2\x08",
.rlen = 63,
}, {
.key = "\x2a\x2a\xb1\xc3\xb5\xc5\x59\xac"
"\xa7\xa6\xe8\x6d\xfc\x1d\xb2\x0b"
"\x1d\xa3\xf3\x38\xdd\xe0\xd5\x4e"
"\x7b\xa7\x6e\x58\xa3\xf5\xbf\x0a",
.klen = 32,
.iv = "\x39\xf3\x3f\x2b\xf9\x64\x03\x33"
"\xc7\xdd\x15\x91\xfb\xe6\xe2\x8d",
.assoc = "\x49\xbc\xce\x92\x3d\x02\xad\xba"
"\xe7\x13\x41\xb6\xf9\xaf\x13\x0f"
"\xb2\x04\xf8\x7a\x5f\x30\x96\x5b"
"\xdc\xbd\xdd\x44\x10\x25\x8f\x75"
"\x75\x4d\xb9\x5b\x8e\x0a\x38\x13"
"\x6f\x9f\x36\xe4\x3a\x3e\xac\xc9"
"\x9d\x83\xde\xe5\x57\xfd\xe3\x0e"
"\xb1\xa7\x1b\x44\x05\x67\xb7\x37",
.alen = 64,
.input = "\x28\xdd\xb9\x4a\x12\xc7\x0a\xe1"
"\x58\x06\x1a\x9b\x8c\x67\xdf\xeb"
"\x35\x35\x60\x9d\x06\x40\x65\xc1"
"\x93\xe8\xb3\x82\x50\x29\xdd\xb5"
"\x2b\xcb\xde\x18\x78\x6b\x42\xbe"
"\x6d\x24\xd0\xb2\x7d\xd7\x08\x8f"
"\x4a\x18\x98\xad\x8c\xf2\x97\xb4"
"\xf4\x77\xe4\xbf\x41\x3b\xc4\x06"
"\xce\x9e\x34\x81\xf0\x89\x11\x13"
"\x02\x65\xa1\x7c\xdf\x07\x33\x06",
.ilen = 80,
.result = "\x58\x85\x5c\xfa\x81\xa1\x57\x40"
"\x08\x4a\x6e\xda\xf8\x78\x44\x90"
"\x7d\xb5\x7b\x9b\xa1\xd8\x76\x62"
"\x0c\xc9\x15\x3b\xc7\x3c\x77\x2b"
"\xf8\x78\xba\xa7\xa6\x0e\xbd\x52"
"\x76\xa3\xdc\xbe\x6b\xa8\xb1\x2d"
"\xa9\x1d\xd8\x4e\x31\x53\xab\x00"
"\xa5\xa7\x01\x13\x04\x49\xf2\x04",
.rlen = 64,
}, {
.key = "\x67\x4f\xeb\x62\xc5\x40\x01\xc7"
"\x28\x80\x9a\xfe\xf6\x41\x74\x12"
"\x48\x65\xfe\xbc\xe2\x80\x57\x68"
"\x3c\xd4\x4d\x31\x7d\x54\x5f\xe1",
.klen = 32,
.iv = "\x76\x18\x79\xca\x09\xdf\xac\x4e"
"\x48\xb7\xc7\x23\xf5\x0a\xa5\x93",
.assoc = "\x85\xe1\x08\x32\x4d\x7e\x56\xd5"
"\x68\xed\xf3\x47\xf3\xd3\xd6\x15"
"\xdd\xc7\x04\xfe\x64\xd0\x18\x75"
"\x9d\xeb\xbc\x1d\xea\x84\x2e\x4c"
"\x83\xf9\xbe\x8a\xef\x1c\x4b\x10"
"\x89\xaf\xcb\x4b\xfe\xe7\xc1\x58"
"\xca\xea\xc6\x87\xc0\x53\x03\xd9"
"\x80\xaa\xb2\x83\xff\xee\xa1\x6a"
"\x04",
.alen = 65,
.input = "\x85\x39\x69\x35\xfb\xf9\xb0\xa6"
"\x85\x43\x88\xd0\xd7\x78\x60\x19"
"\x3e\x1f\xb1\xa4\xd6\xc5\x96\xec"
"\xf7\x84\x85\xc7\x27\x0f\x74\x57"
"\x28\x9e\xdd\x90\x3c\x43\x12\xc5"
"\x51\x3d\x39\x8f\xa5\xf4\xe0\x0b"
"\x57\x04\xf1\x6d\xfe\x9b\x84\x27"
"\xe8\xeb\x4d\xda\x02\x0a\xc5\x49"
"\x1a\x55\x5e\x50\x56\x4d\x94\xda"
"\x20\xf8\x12\x54\x50\xb3\x11\xda"
"\xed\x44\x27\x67\xd5\xd1\x8b\x4b"
"\x38\x67\x56\x65\x59\xda\xe6\x97"
"\x81\xae\x2f\x92\x3b\xae\x22\x1c"
"\x91\x59\x38\x18\x00\xe8\xba\x92"
"\x04\x19\x56\xdf\xb0\x82\xeb\x6f"
"\x2e\xdb\x54\x3c\x4b\xbb\x60\x90"
"\x4c\x50\x10\x62\xba\x7a\xb1\x68"
"\x37\xd7\x87\x4e\xe4\x66\x09\x1f"
"\xa5",
.ilen = 145,
.result = "\x94\xaa\x96\x9a\x91\x1d\x00\x5c"
"\x88\x24\x20\x6b\xf2\x9c\x06\x96"
"\xa7\x77\x87\x1f\xa6\x78\xf8\x7b"
"\xcd\xf6\xf4\x13\xa1\x9b\x16\x02"
"\x07\x24\xbf\xd5\x08\x20\xd0\x4f"
"\x90\xb3\x70\x24\x2f\x51\xc7\xbb"
"\xd6\x84\xc0\xef\x9a\xa8\xca\xcc"
"\x74\xab\x97\x53\xfe\xd0\xdb\x37"
"\x37\x6a\x0e\x9f\x3f\xa3\x2a\xe3"
"\x1b\x34\x6d\x51\x72\x2b\x17\xe7"
"\x4d\xaa\x2c\x18\xda\xa3\x33\x89"
"\x2a\x9f\xf4\xd2\xed\x76\x3d\x3f"
"\x3c\x15\x9d\x8e\x4f\x3c\x27\xb0"
"\x42\x3f\x2f\x8a\xd4\xc2\x10\xb2"
"\x27\x7f\xe3\x34\x80\x02\x49\x4b"
"\x07\x68\x22\x2a\x88\x25\x53\xb2"
"\x2f",
.rlen = 129,
}, {
.key = "\xa3\x73\x24\x01\xd5\xbc\xaa\xe3"
"\xa9\x5a\x4c\x90\xf0\x65\x37\x18"
"\x72\x28\x0a\x40\xe7\x20\xd9\x82"
"\xfe\x02\x2b\x09\x57\xb3\xfe\xb7",
.klen = 32,
.iv = "\xb3\x3d\xb3\x69\x19\x5b\x54\x6a"
"\xc9\x91\x79\xb4\xef\x2e\x68\x99",
.assoc = "\xc2\x06\x41\xd1\x5d\xfa\xff\xf1"
"\xe9\xc7\xa5\xd9\xed\xf8\x98\x1b"
"\x07\x89\x10\x82\x6a\x70\x9a\x8f"
"\x5e\x19\x9b\xf5\xc5\xe3\xcd\x22"
"\x92\xa5\xc2\xb8\x51\x2e\x5e\x0e"
"\xa4\xbe\x5f\xb1\xc1\x90\xd7\xe7"
"\xf7\x52\xae\x28\x29\xa8\x22\xa4"
"\x4f\xae\x48\xc2\xfa\x75\x8b\x9e"
"\xce\x83\x2a\x88\x07\x55\xbb\x89"
"\xf6\xdf\xac\xdf\x83\x08\xbf\x7d"
"\xac\x30\x8b\x8e\x02\xac\x00\xf1"
"\x30\x46\xe1\xbc\x75\xbf\x49\xbb"
"\x26\x4e\x29\xf0\x2f\x21\xc6\x13"
"\x92\xd9\x3d\x11\xe4\x10\x00\x8e"
"\xd4\xd4\x58\x65\xa6\x2b\xe3\x25"
"\xb1\x8f\x15\x93\xe7\x71\xb9\x2c"
"\x4b",
.alen = 129,
.input = "\x7d\xde\x53\x22\xe4\x23\x3b\x30"
"\x78\xde\x35\x90\x7a\xd9\x0b\x93"
"\xf6\x0e\x0b\xed\x40\xee\x10\x9c"
"\x96\x3a\xd3\x34\xb2\xd0\x67\xcf"
"\x63\x7f\x2d\x0c\xcf\x96\xec\x64"
"\x1a\x87\xcc\x7d\x2c\x5e\x81\x4b"
"\xd2\x8f\x4c\x7c\x00\xb1\xb4\xe0"
"\x87\x4d\xb1\xbc\xd8\x78\x2c\x17"
"\xf2\x3b\xd8\x28\x40\xe2\x76\xf6"
"\x20\x13\x83\x46\xaf\xff\xe3\x0f"
"\x72",
.ilen = 81,
.result = "\xd1\xcf\xd0\x39\xa1\x99\xa9\x78"
"\x09\xfe\xd2\xfd\xec\xc1\xc9\x9d"
"\xd2\x39\x93\xa3\xab\x18\x7a\x95"
"\x8f\x24\xd3\xeb\x7b\xfa\xb5\xd8"
"\x15\xd1\xc3\x04\x69\x32\xe3\x4d"
"\xaa\xc2\x04\x8b\xf2\xfa\xdc\x4a"
"\x02\xeb\xa8\x90\x03\xfd\xea\x97"
"\x43\xaf\x2e\x92\xf8\x57\xc5\x6a"
"\x00",
.rlen = 65,
}, {
.key = "\xe0\x98\x5e\xa1\xe5\x38\x53\xff"
"\x2a\x35\xfe\x21\xea\x8a\xfa\x1e"
"\x9c\xea\x15\xc5\xec\xc0\x5b\x9b"
"\xbf\x2f\x0a\xe1\x32\x12\x9d\x8e",
.klen = 32,
.iv = "\xef\x61\xed\x08\x29\xd7\xfd\x86"
"\x4a\x6b\x2b\x46\xe9\x53\x2a\xa0",
.assoc = "\xfe\x2a\x7b\x70\x6d\x75\xa7\x0d"
"\x6a\xa2\x57\x6a\xe7\x1c\x5b\x21"
"\x31\x4b\x1b\x07\x6f\x10\x1c\xa8"
"\x20\x46\x7a\xce\x9f\x42\x6d\xf9",
.alen = 32,
.input = "\x5a\xcd\x8c\x57\xf2\x6a\xb6\xbe"
"\x53\xc7\xaa\x9a\x60\x74\x9c\xc4"
"\xa2\xc2\xd0\x6d\xe1\x03\x63\xdc"
"\xbb\x51\x7e\x9c\x89\x73\xde\x4e"
"\x24\xf8\x52\x7c\x15\x41\x0e\xba"
"\x69\x0e\x36\x5f\x2f\x22\x8c",
.ilen = 47,
.result = "\x0d\xf4\x09\xd8\xb1\x14\x51\x94"
"\x8a\xd8\x84\x8e\xe6\xe5\x8c\xa3"
"\xfc\xfc\x9e\x28\xb0\xb8\xfc\xaf"
"\x50\x52\xb1\xc4\x55\x59\x55\xaf",
.rlen = 32,
}, {
.key = "\x1c\xbd\x98\x40\xf5\xb3\xfc\x1b"
"\xaa\x0f\xb0\xb3\xe4\xae\xbc\x24"
"\xc7\xac\x21\x49\xf1\x60\xdd\xb5"
"\x80\x5d\xe9\xba\x0c\x71\x3c\x64",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\x2c\x86\x26\xa8\x39\x52\xa6\xa2"
"\xcb\x45\xdd\xd7\xe3\x77\xed\xa6",
.assoc = "\x3b\x4f\xb5\x10\x7d\xf1\x50\x29"
"\xeb\x7c\x0a\xfb\xe1\x40\x1e\x27"
"\x5c\x0d\x27\x8b\x74\xb0\x9e\xc2"
"\xe1\x74\x59\xa6\x79\xa1\x0c\xd0",
.alen = 32,
.input = "\x47\xd6\xce\x78\xd6\xbf\x4a\x51"
"\xb8\xda\x92\x3c\xfd\xda\xac\x8e"
"\x8d\x88\xd7\x4d\x90\xe5\xeb\xa1"
"\xab\xd6\x7c\x76\xad\xea\x7d\x76"
"\x53\xee\xb0\xcd\xd0\x02\xbb\x70"
"\x5b\x6f\x7b\xe2\x8c\xe8",
.ilen = 46,
.result = "\x4a\x18\x43\x77\xc1\x90\xfa\xb0"
"\x0b\xb2\x36\x20\xe0\x09\x4e\xa9"
"\x26\xbe\xaa\xac\xb5\x58\x7e\xc8"
"\x11\x7f\x90\x9c\x2f\xb8\xf4\x85",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x59\xe1\xd2\xdf\x05\x2f\xa4\x37"
"\x2b\xe9\x63\x44\xde\xd3\x7f\x2b"
"\xf1\x6f\x2d\xcd\xf6\x00\x5f\xcf"
"\x42\x8a\xc8\x92\xe6\xd0\xdc\x3b",
.klen = 32,
.iv = "\x68\xab\x60\x47\x49\xce\x4f\xbe"
"\x4c\x20\x8f\x68\xdd\x9c\xb0\xac",
.assoc = "\x77\x74\xee\xaf\x8d\x6d\xf9\x45"
"\x6c\x56\xbc\x8d\xdb\x65\xe0\x2e"
"\x86\xd0\x32\x0f\x79\x50\x20\xdb"
"\xa2\xa1\x37\x7e\x53\x00\xab\xa6",
.alen = 32,
.input = "\x9f\xa9\x2b\xa4\x8f\x00\x05\x2b"
"\xe7\x68\x81\x51\xbb\xfb\xdf\x60"
"\xbb\xac\xe8\xc1\xdc\x68\xae\x68"
"\x3a\xcd\x7a\x06\x49\xfe\x80\x11"
"\xe6\x61\x99\xe2\xdd\xbe\x2c\xbf",
.ilen = 40,
.result = "\x86\x3d\x7d\x17\xd1\x0c\xa3\xcc"
"\x8c\x8d\xe8\xb1\xda\x2e\x11\xaf"
"\x51\x80\xb5\x30\xba\xf8\x00\xe2"
"\xd3\xad\x6f\x75\x09\x18\x93\x5c",
.rlen = 32,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x96\x06\x0b\x7f\x15\xab\x4d\x53"
"\xac\xc3\x15\xd6\xd8\xf7\x42\x31"
"\x1b\x31\x38\x51\xfc\xa0\xe1\xe8"
"\x03\xb8\xa7\x6b\xc0\x2f\x7b\x11",
.klen = 32,
.iv = "\xa5\xcf\x9a\xe6\x59\x4a\xf7\xd9"
"\xcd\xfa\x41\xfa\xd7\xc0\x72\xb2",
.assoc = "\xb4\x99\x28\x4e\x9d\xe8\xa2\x60"
"\xed\x30\x6e\x1e\xd5\x89\xa3\x34"
"\xb1\x92\x3e\x93\x7e\xf0\xa2\xf5"
"\x64\xcf\x16\x57\x2d\x5f\x4a\x7d",
.alen = 32,
.input = "\xe2\x34\xfa\x25\xfd\xfb\x89\x5e"
"\x5b\x4e\x0b\x15\x6e\x39\xfb\x0c"
"\x73\xc7\xd9\x6b\xbe\xce\x9b\x70"
"\xc7\x4f\x96\x16\x03\xfc\xea\xfb"
"\x56",
.ilen = 33,
.result = "\xc3\x62\xb7\xb6\xe2\x87\x4c\xe7"
"\x0d\x67\x9a\x43\xd4\x52\xd4\xb5"
"\x7b\x43\xc1\xb5\xbf\x98\x82\xfc"
"\x94\xda\x4e\x4d\xe4\x77\x32\x32",
.rlen = 32,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* All key wrapping test vectors taken from
* http://csrc.nist.gov/groups/STM/cavp/documents/mac/kwtestvectors.zip
*
* Note: as documented in keywrap.c, the ivout for encryption is the first
* semiblock of the ciphertext from the test vector. For decryption, iv is
* the first semiblock of the ciphertext.
*/
static const struct cipher_testvec aes_kw_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x75\x75\xda\x3a\x93\x60\x7c\xc2"
"\xbf\xd8\xce\xc7\xaa\xdf\xd9\xa6",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x42\x13\x6d\x3c\x38\x4a\x3e\xea"
"\xc9\x5a\x06\x6f\xd2\x8f\xed\x3f",
.ctext = "\xf6\x85\x94\x81\x6f\x64\xca\xa3"
"\xf5\x6f\xab\xea\x25\x48\xf5\xfb",
.len = 16,
.iv = "\x03\x1f\x6b\xd7\xe6\x1e\x64\x3d",
.generates_iv = true,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x80\xaa\x99\x73\x27\xa4\x80\x6b"
"\x6a\x7a\x41\xa5\x2b\x86\xc3\x71"
"\x03\x86\xf9\x32\x78\x6e\xf7\x96"
"\x76\xfa\xfb\x90\xb8\x26\x3c\x5f",
.klen = 32,
.ptext = "\x0a\x25\x6b\xa7\x5c\xfa\x03\xaa"
"\xa0\x2b\xa9\x42\x03\xf1\x5b\xaa",
.ctext = "\xd3\x3d\x3d\x97\x7b\xf0\xa9\x15"
"\x59\xf9\x9c\x8a\xcd\x29\x3d\x43",
.len = 16,
.iv = "\x42\x3c\x96\x0d\x8a\x2a\xc4\xc1",
.generates_iv = true,
},
};
/*
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* ANSI X9.31 Continuous Pseudo-Random Number Generator (AES mode)
* test vectors, taken from Appendix B.2.9 and B.2.10:
* http://csrc.nist.gov/groups/STM/cavp/documents/rng/RNGVS.pdf
* Only AES-128 is supported at this time.
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cprng_testvec ansi_cprng_aes_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xb1\x66\x6d\x13\x60\x72\x42"
"\xed\x06\x1c\xab\xb8\xd4\x62\x02",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.dt = "\xe6\xb3\xbe\x78\x2a\x23\xfa\x62"
"\xd7\x1d\x4a\xfb\xb0\xe9\x22\xf9",
.dtlen = 16,
.v = "\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.vlen = 16,
.result = "\x59\x53\x1e\xd1\x3b\xb0\xc0\x55"
"\x84\x79\x66\x85\xc1\x2f\x76\x41",
.rlen = 16,
.loops = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xb1\x66\x6d\x13\x60\x72\x42"
"\xed\x06\x1c\xab\xb8\xd4\x62\x02",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.dt = "\xe6\xb3\xbe\x78\x2a\x23\xfa\x62"
"\xd7\x1d\x4a\xfb\xb0\xe9\x22\xfa",
.dtlen = 16,
.v = "\xc0\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.vlen = 16,
.result = "\x7c\x22\x2c\xf4\xca\x8f\xa2\x4c"
"\x1c\x9c\xb6\x41\xa9\xf3\x22\x0d",
.rlen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.loops = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xb1\x66\x6d\x13\x60\x72\x42"
"\xed\x06\x1c\xab\xb8\xd4\x62\x02",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.dt = "\xe6\xb3\xbe\x78\x2a\x23\xfa\x62"
"\xd7\x1d\x4a\xfb\xb0\xe9\x22\xfb",
.dtlen = 16,
.v = "\xe0\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.vlen = 16,
.result = "\x8a\xaa\x00\x39\x66\x67\x5b\xe5"
"\x29\x14\x28\x81\xa9\x4d\x4e\xc7",
.rlen = 16,
.loops = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xb1\x66\x6d\x13\x60\x72\x42"
"\xed\x06\x1c\xab\xb8\xd4\x62\x02",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.dt = "\xe6\xb3\xbe\x78\x2a\x23\xfa\x62"
"\xd7\x1d\x4a\xfb\xb0\xe9\x22\xfc",
.dtlen = 16,
.v = "\xf0\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.vlen = 16,
.result = "\x88\xdd\xa4\x56\x30\x24\x23\xe5"
"\xf6\x9d\xa5\x7e\x7b\x95\xc7\x3a",
.rlen = 16,
.loops = 1,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\xf3\xb1\x66\x6d\x13\x60\x72\x42"
"\xed\x06\x1c\xab\xb8\xd4\x62\x02",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.dt = "\xe6\xb3\xbe\x78\x2a\x23\xfa\x62"
"\xd7\x1d\x4a\xfb\xb0\xe9\x22\xfd",
.dtlen = 16,
.v = "\xf8\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.vlen = 16,
.result = "\x05\x25\x92\x46\x61\x79\xd2\xcb"
"\x78\xc4\x0b\x14\x0a\x5a\x9a\xc8",
.rlen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.loops = 1,
}, { /* Monte Carlo Test */
.key = "\x9f\x5b\x51\x20\x0b\xf3\x34\xb5"
"\xd8\x2b\xe8\xc3\x72\x55\xc8\x48",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.dt = "\x63\x76\xbb\xe5\x29\x02\xba\x3b"
"\x67\xc9\x25\xfa\x70\x1f\x11\xac",
.dtlen = 16,
.v = "\x57\x2c\x8e\x76\x87\x26\x47\x97"
"\x7e\x74\xfb\xdd\xc4\x95\x01\xd1",
.vlen = 16,
.result = "\x48\xe9\xbd\x0d\x06\xee\x18\xfb"
"\xe4\x57\x90\xd5\xc3\xfc\x9b\x73",
.rlen = 16,
.loops = 10000,
},
};
/*
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
* SP800-90A DRBG Test vectors from
* http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
*
* Test vectors for DRBG with prediction resistance. All types of DRBGs
* (Hash, HMAC, CTR) are tested with all permutations of use cases (w/ and
* w/o personalization string, w/ and w/o additional input string).
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct drbg_testvec drbg_pr_sha256_tv_template[] = {
{
.entropy = (unsigned char *)
"\x72\x88\x4c\xcd\x6c\x85\x57\x70\xf7\x0b\x8b\x86"
"\xc1\xeb\xd2\x4e\x36\x14\xab\x18\xc4\x9c\xc9\xcf"
"\x1a\xe8\xf7\x7b\x02\x49\x73\xd7\xf1\x42\x7d\xc6"
"\x3f\x29\x2d\xec\xd3\x66\x51\x3f\x1d\x8d\x5b\x4e",
.entropylen = 48,
.entpra = (unsigned char *)
"\x38\x9c\x91\xfa\xc2\xa3\x46\x89\x56\x08\x3f\x62"
"\x73\xd5\x22\xa9\x29\x63\x3a\x1d\xe5\x5d\x5e\x4f"
"\x67\xb0\x67\x7a\x5e\x9e\x0c\x62",
.entprb = (unsigned char *)
"\xb2\x8f\x36\xb2\xf6\x8d\x39\x13\xfa\x6c\x66\xcf"
"\x62\x8a\x7e\x8c\x12\x33\x71\x9c\x69\xe4\xa5\xf0"
"\x8c\xee\xeb\x9c\xf5\x31\x98\x31",
.entprlen = 32,
.expected = (unsigned char *)
"\x52\x7b\xa3\xad\x71\x77\xa4\x49\x42\x04\x61\xc7"
"\xf0\xaf\xa5\xfd\xd3\xb3\x0d\x6a\x61\xba\x35\x49"
"\xbb\xaa\xaf\xe4\x25\x7d\xb5\x48\xaf\x5c\x18\x3d"
"\x33\x8d\x9d\x45\xdf\x98\xd5\x94\xa8\xda\x92\xfe"
"\xc4\x3c\x94\x2a\xcf\x7f\x7b\xf2\xeb\x28\xa9\xf1"
"\xe0\x86\x30\xa8\xfe\xf2\x48\x90\x91\x0c\x75\xb5"
"\x3c\x00\xf0\x4d\x09\x4f\x40\xa7\xa2\x8c\x52\xdf"
"\x52\xef\x17\xbf\x3d\xd1\xa2\x31\xb4\xb8\xdc\xe6"
"\x5b\x0d\x1f\x78\x36\xb4\xe6\x4b\xa7\x11\x25\xd5"
"\x94\xc6\x97\x36\xab\xf0\xe5\x31\x28\x6a\xbb\xce"
"\x30\x81\xa6\x8f\x27\x14\xf8\x1c",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\x5d\xf2\x14\xbc\xf6\xb5\x4e\x0b\xf0\x0d\x6f\x2d"
"\xe2\x01\x66\x7b\xd0\xa4\x73\xa4\x21\xdd\xb0\xc0"
"\x51\x79\x09\xf4\xea\xa9\x08\xfa\xa6\x67\xe0\xe1"
"\xd1\x88\xa8\xad\xee\x69\x74\xb3\x55\x06\x9b\xf6",
.entropylen = 48,
.entpra = (unsigned char *)
"\xef\x48\x06\xa2\xc2\x45\xf1\x44\xfa\x34\x2c\xeb"
"\x8d\x78\x3c\x09\x8f\x34\x72\x20\xf2\xe7\xfd\x13"
"\x76\x0a\xf6\xdc\x3c\xf5\xc0\x15",
.entprb = (unsigned char *)
"\x4b\xbe\xe5\x24\xed\x6a\x2d\x0c\xdb\x73\x5e\x09"
"\xf9\xad\x67\x7c\x51\x47\x8b\x6b\x30\x2a\xc6\xde"
"\x76\xaa\x55\x04\x8b\x0a\x72\x95",
.entprlen = 32,
.expected = (unsigned char *)
"\x3b\x14\x71\x99\xa1\xda\xa0\x42\xe6\xc8\x85\x32"
"\x70\x20\x32\x53\x9a\xbe\xd1\x1e\x15\xef\xfb\x4c"
"\x25\x6e\x19\x3a\xf0\xb9\xcb\xde\xf0\x3b\xc6\x18"
"\x4d\x85\x5a\x9b\xf1\xe3\xc2\x23\x03\x93\x08\xdb"
"\xa7\x07\x4b\x33\x78\x40\x4d\xeb\x24\xf5\x6e\x81"
"\x4a\x1b\x6e\xa3\x94\x52\x43\xb0\xaf\x2e\x21\xf4"
"\x42\x46\x8e\x90\xed\x34\x21\x75\xea\xda\x67\xb6"
"\xe4\xf6\xff\xc6\x31\x6c\x9a\x5a\xdb\xb3\x97\x13"
"\x09\xd3\x20\x98\x33\x2d\x6d\xd7\xb5\x6a\xa8\xa9"
"\x9a\x5b\xd6\x87\x52\xa1\x89\x2b\x4b\x9c\x64\x60"
"\x50\x47\xa3\x63\x81\x16\xaf\x19",
.expectedlen = 128,
.addtla = (unsigned char *)
"\xbe\x13\xdb\x2a\xe9\xa8\xfe\x09\x97\xe1\xce\x5d"
"\xe8\xbb\xc0\x7c\x4f\xcb\x62\x19\x3f\x0f\xd2\xad"
"\xa9\xd0\x1d\x59\x02\xc4\xff\x70",
.addtlb = (unsigned char *)
"\x6f\x96\x13\xe2\xa7\xf5\x6c\xfe\xdf\x66\xe3\x31"
"\x63\x76\xbf\x20\x27\x06\x49\xf1\xf3\x01\x77\x41"
"\x9f\xeb\xe4\x38\xfe\x67\x00\xcd",
.addtllen = 32,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\xc6\x1c\xaf\x83\xa2\x56\x38\xf9\xb0\xbc\xd9\x85"
"\xf5\x2e\xc4\x46\x9c\xe1\xb9\x40\x98\x70\x10\x72"
"\xd7\x7d\x15\x85\xa1\x83\x5a\x97\xdf\xc8\xa8\xe8"
"\x03\x4c\xcb\x70\x35\x8b\x90\x94\x46\x8a\x6e\xa1",
.entropylen = 48,
.entpra = (unsigned char *)
"\xc9\x05\xa4\xcf\x28\x80\x4b\x93\x0f\x8b\xc6\xf9"
"\x09\x41\x58\x74\xe9\xec\x28\xc7\x53\x0a\x73\x60"
"\xba\x0a\xde\x57\x5b\x4b\x9f\x29",
.entprb = (unsigned char *)
"\x4f\x31\xd2\xeb\xac\xfa\xa8\xe2\x01\x7d\xf3\xbd"
"\x42\xbd\x20\xa0\x30\x65\x74\xd5\x5d\xd2\xad\xa4"
"\xa9\xeb\x1f\x4d\xf6\xfd\xb8\x26",
.entprlen = 32,
.expected = (unsigned char *)
"\xf6\x13\x05\xcb\x83\x60\x16\x42\x49\x1d\xc6\x25"
"\x3b\x8c\x31\xa3\xbe\x8b\xbd\x1c\xe2\xec\x1d\xde"
"\xbb\xbf\xa1\xac\xa8\x9f\x50\xce\x69\xce\xef\xd5"
"\xd6\xf2\xef\x6a\xf7\x81\x38\xdf\xbc\xa7\x5a\xb9"
"\xb2\x42\x65\xab\xe4\x86\x8d\x2d\x9d\x59\x99\x2c"
"\x5a\x0d\x71\x55\x98\xa4\x45\xc2\x8d\xdb\x05\x5e"
"\x50\x21\xf7\xcd\xe8\x98\x43\xce\x57\x74\x63\x4c"
"\xf3\xb1\xa5\x14\x1e\x9e\x01\xeb\x54\xd9\x56\xae"
"\xbd\xb6\x6f\x1a\x47\x6b\x3b\x44\xe4\xa2\xe9\x3c"
"\x6c\x83\x12\x30\xb8\x78\x7f\x8e\x54\x82\xd4\xfe"
"\x90\x35\x0d\x4c\x4d\x85\xe7\x13",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = (unsigned char *)
"\xa5\xbf\xac\x4f\x71\xa1\xbb\x67\x94\xc6\x50\xc7"
"\x2a\x45\x9e\x10\xa8\xed\xf7\x52\x4f\xfe\x21\x90"
"\xa4\x1b\xe1\xe2\x53\xcc\x61\x47",
.perslen = 32,
}, {
.entropy = (unsigned char *)
"\xb6\xc1\x8d\xdf\x99\x54\xbe\x95\x10\x48\xd9\xf6"
"\xd7\x48\xa8\x73\x2d\x74\xde\x1e\xde\x57\x7e\xf4"
"\x7b\x7b\x64\xef\x88\x7a\xa8\x10\x4b\xe1\xc1\x87"
"\xbb\x0b\xe1\x39\x39\x50\xaf\x68\x9c\xa2\xbf\x5e",
.entropylen = 48,
.entpra = (unsigned char *)
"\xdc\x81\x0a\x01\x58\xa7\x2e\xce\xee\x48\x8c\x7c"
"\x77\x9e\x3c\xf1\x17\x24\x7a\xbb\xab\x9f\xca\x12"
"\x19\xaf\x97\x2d\x5f\xf9\xff\xfc",
.entprb = (unsigned char *)
"\xaf\xfc\x4f\x98\x8b\x93\x95\xc1\xb5\x8b\x7f\x73"
"\x6d\xa6\xbe\x6d\x33\xeb\x2c\x82\xb1\xaf\xc1\xb6"
"\xb6\x05\xe2\x44\xaa\xfd\xe7\xdb",
.entprlen = 32,
.expected = (unsigned char *)
"\x51\x79\xde\x1c\x0f\x58\xf3\xf4\xc9\x57\x2e\x31"
"\xa7\x09\xa1\x53\x64\x63\xa2\xc5\x1d\x84\x88\x65"
"\x01\x1b\xc6\x16\x3c\x49\x5b\x42\x8e\x53\xf5\x18"
"\xad\x94\x12\x0d\x4f\x55\xcc\x45\x5c\x98\x0f\x42"
"\x28\x2f\x47\x11\xf9\xc4\x01\x97\x6b\xa0\x94\x50"
"\xa9\xd1\x5e\x06\x54\x3f\xdf\xbb\xc4\x98\xee\x8b"
"\xba\xa9\xfa\x49\xee\x1d\xdc\xfb\x50\xf6\x51\x9f"
"\x6c\x4a\x9a\x6f\x63\xa2\x7d\xad\xaf\x3a\x24\xa0"
"\xd9\x9f\x07\xeb\x15\xee\x26\xe0\xd5\x63\x39\xda"
"\x3c\x59\xd6\x33\x6c\x02\xe8\x05\x71\x46\x68\x44"
"\x63\x4a\x68\x72\xe9\xf5\x55\xfe",
.expectedlen = 128,
.addtla = (unsigned char *)
"\x15\x20\x2f\xf6\x98\x28\x63\xa2\xc4\x4e\xbb\x6c"
"\xb2\x25\x92\x61\x79\xc9\x22\xc4\x61\x54\x96\xff"
"\x4a\x85\xca\x80\xfe\x0d\x1c\xd0",
.addtlb = (unsigned char *)
"\xde\x29\x8e\x03\x42\x61\xa3\x28\x5e\xc8\x80\xc2"
"\x6d\xbf\xad\x13\xe1\x8d\x2a\xc7\xe8\xc7\x18\x89"
"\x42\x58\x9e\xd6\xcc\xad\x7b\x1e",
.addtllen = 32,
.pers = (unsigned char *)
"\x84\xc3\x73\x9e\xce\xb3\xbc\x89\xf7\x62\xb3\xe1"
"\xd7\x48\x45\x8a\xa9\xcc\xe9\xed\xd5\x81\x84\x52"
"\x82\x4c\xdc\x19\xb8\xf8\x92\x5c",
.perslen = 32,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct drbg_testvec drbg_pr_hmac_sha256_tv_template[] = {
{
.entropy = (unsigned char *)
"\x99\x69\xe5\x4b\x47\x03\xff\x31\x78\x5b\x87\x9a"
"\x7e\x5c\x0e\xae\x0d\x3e\x30\x95\x59\xe9\xfe\x96"
"\xb0\x67\x6d\x49\xd5\x91\xea\x4d\x07\xd2\x0d\x46"
"\xd0\x64\x75\x7d\x30\x23\xca\xc2\x37\x61\x27\xab",
.entropylen = 48,
.entpra = (unsigned char *)
"\xc6\x0f\x29\x99\x10\x0f\x73\x8c\x10\xf7\x47\x92"
"\x67\x6a\x3f\xc4\xa2\x62\xd1\x37\x21\x79\x80\x46"
"\xe2\x9a\x29\x51\x81\x56\x9f\x54",
.entprb = (unsigned char *)
"\xc1\x1d\x45\x24\xc9\x07\x1b\xd3\x09\x60\x15\xfc"
"\xf7\xbc\x24\xa6\x07\xf2\x2f\xa0\x65\xc9\x37\x65"
"\x8a\x2a\x77\xa8\x69\x90\x89\xf4",
.entprlen = 32,
.expected = (unsigned char *)
"\xab\xc0\x15\x85\x60\x94\x80\x3a\x93\x8d\xff\xd2"
"\x0d\xa9\x48\x43\x87\x0e\xf9\x35\xb8\x2c\xfe\xc1"
"\x77\x06\xb8\xf5\x51\xb8\x38\x50\x44\x23\x5d\xd4"
"\x4b\x59\x9f\x94\xb3\x9b\xe7\x8d\xd4\x76\xe0\xcf"
"\x11\x30\x9c\x99\x5a\x73\x34\xe0\xa7\x8b\x37\xbc"
"\x95\x86\x23\x50\x86\xfa\x3b\x63\x7b\xa9\x1c\xf8"
"\xfb\x65\xef\xa2\x2a\x58\x9c\x13\x75\x31\xaa\x7b"
"\x2d\x4e\x26\x07\xaa\xc2\x72\x92\xb0\x1c\x69\x8e"
"\x6e\x01\xae\x67\x9e\xb8\x7c\x01\xa8\x9c\x74\x22"
"\xd4\x37\x2d\x6d\x75\x4a\xba\xbb\x4b\xf8\x96\xfc"
"\xb1\xcd\x09\xd6\x92\xd0\x28\x3f",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\xb9\x1f\xe9\xef\xdd\x9b\x7d\x20\xb6\xec\xe0\x2f"
"\xdb\x76\x24\xce\x41\xc8\x3a\x4a\x12\x7f\x3e\x2f"
"\xae\x05\x99\xea\xb5\x06\x71\x0d\x0c\x4c\xb4\x05"
"\x26\xc6\xbd\xf5\x7f\x2a\x3d\xf2\xb5\x49\x7b\xda",
.entropylen = 48,
.entpra = (unsigned char *)
"\xef\x67\x50\x9c\xa7\x7d\xdf\xb7\x2d\x81\x01\xa4"
"\x62\x81\x6a\x69\x5b\xb3\x37\x45\xa7\x34\x8e\x26"
"\x46\xd9\x26\xa2\x19\xd4\x94\x43",
.entprb = (unsigned char *)
"\x97\x75\x53\x53\xba\xb4\xa6\xb2\x91\x60\x71\x79"
"\xd1\x6b\x4a\x24\x9a\x34\x66\xcc\x33\xab\x07\x98"
"\x51\x78\x72\xb2\x79\xfd\x2c\xff",
.entprlen = 32,
.expected = (unsigned char *)
"\x9c\xdc\x63\x8a\x19\x23\x22\x66\x0c\xc5\xb9\xd7"
"\xfb\x2a\xb0\x31\xe3\x8a\x36\xa8\x5a\xa8\x14\xda"
"\x1e\xa9\xcc\xfe\xb8\x26\x44\x83\x9f\xf6\xff\xaa"
"\xc8\x98\xb8\x30\x35\x3b\x3d\x36\xd2\x49\xd4\x40"
"\x62\x0a\x65\x10\x76\x55\xef\xc0\x95\x9c\xa7\xda"
"\x3f\xcf\xb7\x7b\xc6\xe1\x28\x52\xfc\x0c\xe2\x37"
"\x0d\x83\xa7\x51\x4b\x31\x47\x3c\xe1\x3c\xae\x70"
"\x01\xc8\xa3\xd3\xc2\xac\x77\x9c\xd1\x68\x77\x9b"
"\x58\x27\x3b\xa5\x0f\xc2\x7a\x8b\x04\x65\x62\xd5"
"\xe8\xd6\xfe\x2a\xaf\xd3\xd3\xfe\xbd\x18\xfb\xcd"
"\xcd\x66\xb5\x01\x69\x66\xa0\x3c",
.expectedlen = 128,
.addtla = (unsigned char *)
"\x17\xc1\x56\xcb\xcc\x50\xd6\x03\x7d\x45\x76\xa3"
"\x75\x76\xc1\x4a\x66\x1b\x2e\xdf\xb0\x2e\x7d\x56"
"\x6d\x99\x3b\xc6\x58\xda\x03\xf6",
.addtlb = (unsigned char *)
"\x7c\x7b\x4a\x4b\x32\x5e\x6f\x67\x34\xf5\x21\x4c"
"\xf9\x96\xf9\xbf\x1c\x8c\x81\xd3\x9b\x60\x6a\x44"
"\xc6\x03\xa2\xfb\x13\x20\x19\xb7",
.addtllen = 32,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\x13\x54\x96\xfc\x1b\x7d\x28\xf3\x18\xc9\xa7\x89"
"\xb6\xb3\xc8\x72\xac\x00\xd4\x59\x36\x25\x05\xaf"
"\xa5\xdb\x96\xcb\x3c\x58\x46\x87\xa5\xaa\xbf\x20"
"\x3b\xfe\x23\x0e\xd1\xc7\x41\x0f\x3f\xc9\xb3\x67",
.entropylen = 48,
.entpra = (unsigned char *)
"\xe2\xbd\xb7\x48\x08\x06\xf3\xe1\x93\x3c\xac\x79"
"\xa7\x2b\x11\xda\xe3\x2e\xe1\x91\xa5\x02\x19\x57"
"\x20\x28\xad\xf2\x60\xd7\xcd\x45",
.entprb = (unsigned char *)
"\x8b\xd4\x69\xfc\xff\x59\x95\x95\xc6\x51\xde\x71"
"\x68\x5f\xfc\xf9\x4a\xab\xec\x5a\xcb\xbe\xd3\x66"
"\x1f\xfa\x74\xd3\xac\xa6\x74\x60",
.entprlen = 32,
.expected = (unsigned char *)
"\x1f\x9e\xaf\xe4\xd2\x46\xb7\x47\x41\x4c\x65\x99"
"\x01\xe9\x3b\xbb\x83\x0c\x0a\xb0\xc1\x3a\xe2\xb3"
"\x31\x4e\xeb\x93\x73\xee\x0b\x26\xc2\x63\xa5\x75"
"\x45\x99\xd4\x5c\x9f\xa1\xd4\x45\x87\x6b\x20\x61"
"\x40\xea\x78\xa5\x32\xdf\x9e\x66\x17\xaf\xb1\x88"
"\x9e\x2e\x23\xdd\xc1\xda\x13\x97\x88\xa5\xb6\x5e"
"\x90\x14\x4e\xef\x13\xab\x5c\xd9\x2c\x97\x9e\x7c"
"\xd7\xf8\xce\xea\x81\xf5\xcd\x71\x15\x49\x44\xce"
"\x83\xb6\x05\xfb\x7d\x30\xb5\x57\x2c\x31\x4f\xfc"
"\xfe\x80\xb6\xc0\x13\x0c\x5b\x9b\x2e\x8f\x3d\xfc"
"\xc2\xa3\x0c\x11\x1b\x80\x5f\xf3",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = (unsigned char *)
"\x64\xb6\xfc\x60\xbc\x61\x76\x23\x6d\x3f\x4a\x0f"
"\xe1\xb4\xd5\x20\x9e\x70\xdd\x03\x53\x6d\xbf\xce"
"\xcd\x56\x80\xbc\xb8\x15\xc8\xaa",
.perslen = 32,
}, {
.entropy = (unsigned char *)
"\xc7\xcc\xbc\x67\x7e\x21\x66\x1e\x27\x2b\x63\xdd"
"\x3a\x78\xdc\xdf\x66\x6d\x3f\x24\xae\xcf\x37\x01"
"\xa9\x0d\x89\x8a\xa7\xdc\x81\x58\xae\xb2\x10\x15"
"\x7e\x18\x44\x6d\x13\xea\xdf\x37\x85\xfe\x81\xfb",
.entropylen = 48,
.entpra = (unsigned char *)
"\x7b\xa1\x91\x5b\x3c\x04\xc4\x1b\x1d\x19\x2f\x1a"
"\x18\x81\x60\x3c\x6c\x62\x91\xb7\xe9\xf5\xcb\x96"
"\xbb\x81\x6a\xcc\xb5\xae\x55\xb6",
.entprb = (unsigned char *)
"\x99\x2c\xc7\x78\x7e\x3b\x88\x12\xef\xbe\xd3\xd2"
"\x7d\x2a\xa5\x86\xda\x8d\x58\x73\x4a\x0a\xb2\x2e"
"\xbb\x4c\x7e\xe3\x9a\xb6\x81\xc1",
.entprlen = 32,
.expected = (unsigned char *)
"\x95\x6f\x95\xfc\x3b\xb7\xfe\x3e\xd0\x4e\x1a\x14"
"\x6c\x34\x7f\x7b\x1d\x0d\x63\x5e\x48\x9c\x69\xe6"
"\x46\x07\xd2\x87\xf3\x86\x52\x3d\x98\x27\x5e\xd7"
"\x54\xe7\x75\x50\x4f\xfb\x4d\xfd\xac\x2f\x4b\x77"
"\xcf\x9e\x8e\xcc\x16\xa2\x24\xcd\x53\xde\x3e\xc5"
"\x55\x5d\xd5\x26\x3f\x89\xdf\xca\x8b\x4e\x1e\xb6"
"\x88\x78\x63\x5c\xa2\x63\x98\x4e\x6f\x25\x59\xb1"
"\x5f\x2b\x23\xb0\x4b\xa5\x18\x5d\xc2\x15\x74\x40"
"\x59\x4c\xb4\x1e\xcf\x9a\x36\xfd\x43\xe2\x03\xb8"
"\x59\x91\x30\x89\x2a\xc8\x5a\x43\x23\x7c\x73\x72"
"\xda\x3f\xad\x2b\xba\x00\x6b\xd1",
.expectedlen = 128,
.addtla = (unsigned char *)
"\x18\xe8\x17\xff\xef\x39\xc7\x41\x5c\x73\x03\x03"
"\xf6\x3d\xe8\x5f\xc8\xab\xe4\xab\x0f\xad\xe8\xd6"
"\x86\x88\x55\x28\xc1\x69\xdd\x76",
.addtlb = (unsigned char *)
"\xac\x07\xfc\xbe\x87\x0e\xd3\xea\x1f\x7e\xb8\xe7"
"\x9d\xec\xe8\xe7\xbc\xf3\x18\x25\x77\x35\x4a\xaa"
"\x00\x99\x2a\xdd\x0a\x00\x50\x82",
.addtllen = 32,
.pers = (unsigned char *)
"\xbc\x55\xab\x3c\xf6\x52\xb0\x11\x3d\x7b\x90\xb8"
"\x24\xc9\x26\x4e\x5a\x1e\x77\x0d\x3d\x58\x4a\xda"
"\xd1\x81\xe9\xf8\xeb\x30\x8f\x6f",
.perslen = 32,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct drbg_testvec drbg_pr_ctr_aes128_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\xd1\x44\xc6\x61\x81\x6d\xca\x9d\x15\x28\x8a\x42"
"\x94\xd7\x28\x9c\x43\x77\x19\x29\x1a\x6d\xc3\xa2",
.entropylen = 24,
.entpra = (unsigned char *)
"\x96\xd8\x9e\x45\x32\xc9\xd2\x08\x7a\x6d\x97\x15"
"\xb4\xec\x80\xb1",
.entprb = (unsigned char *)
"\x8b\xb6\x72\xb5\x24\x0b\x98\x65\x95\x95\xe9\xc9"
"\x28\x07\xeb\xc2",
.entprlen = 16,
.expected = (unsigned char *)
"\x70\x19\xd0\x4c\x45\x78\xd6\x68\xa9\x9a\xaa\xfe"
"\xc1\xdf\x27\x9a\x1c\x0d\x0d\xf7\x24\x75\x46\xcc"
"\x77\x6b\xdf\x89\xc6\x94\xdc\x74\x50\x10\x70\x18"
"\x9b\xdc\x96\xb4\x89\x23\x40\x1a\xce\x09\x87\xce"
"\xd2\xf3\xd5\xe4\x51\x67\x74\x11\x5a\xcc\x8b\x3b"
"\x8a\xf1\x23\xa8",
.expectedlen = 64,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\x8e\x83\xe0\xeb\x37\xea\x3e\x53\x5e\x17\x6e\x77"
"\xbd\xb1\x53\x90\xfc\xdc\xc1\x3c\x9a\x88\x22\x94",
.entropylen = 24,
.entpra = (unsigned char *)
"\x6a\x85\xe7\x37\xc8\xf1\x04\x31\x98\x4f\xc8\x73"
"\x67\xd1\x08\xf8",
.entprb = (unsigned char *)
"\xd7\xa4\x68\xe2\x12\x74\xc3\xd9\xf1\xb7\x05\xbc"
"\xd4\xba\x04\x58",
.entprlen = 16,
.expected = (unsigned char *)
"\x78\xd6\xa6\x70\xff\xd1\x82\xf5\xa2\x88\x7f\x6d"
"\x3d\x8c\x39\xb1\xa8\xcb\x2c\x91\xab\x14\x7e\xbc"
"\x95\x45\x9f\x24\xb8\x20\xac\x21\x23\xdb\x72\xd7"
"\x12\x8d\x48\x95\xf3\x19\x0c\x43\xc6\x19\x45\xfc"
"\x8b\xac\x40\x29\x73\x00\x03\x45\x5e\x12\xff\x0c"
"\xc1\x02\x41\x82",
.expectedlen = 64,
.addtla = (unsigned char *)
"\xa2\xd9\x38\xcf\x8b\x29\x67\x5b\x65\x62\x6f\xe8"
"\xeb\xb3\x01\x76",
.addtlb = (unsigned char *)
"\x59\x63\x1e\x81\x8a\x14\xa8\xbb\xa1\xb8\x41\x25"
"\xd0\x7f\xcc\x43",
.addtllen = 16,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\x04\xd9\x49\xa6\xdc\xe8\x6e\xbb\xf1\x08\x77\x2b"
"\x9e\x08\xca\x92\x65\x16\xda\x99\xa2\x59\xf3\xe8",
.entropylen = 24,
.entpra = (unsigned char *)
"\x38\x7e\x3f\x6b\x51\x70\x7b\x20\xec\x53\xd0\x66"
"\xc3\x0f\xe3\xb0",
.entprb = (unsigned char *)
"\xe0\x86\xa6\xaa\x5f\x72\x2f\xad\xf7\xef\x06\xb8"
"\xd6\x9c\x9d\xe8",
.entprlen = 16,
.expected = (unsigned char *)
"\xc9\x0a\xaf\x85\x89\x71\x44\x66\x4f\x25\x0b\x2b"
"\xde\xd8\xfa\xff\x52\x5a\x1b\x32\x5e\x41\x7a\x10"
"\x1f\xef\x1e\x62\x23\xe9\x20\x30\xc9\x0d\xad\x69"
"\xb4\x9c\x5b\xf4\x87\x42\xd5\xae\x5e\x5e\x43\xcc"
"\xd9\xfd\x0b\x93\x4a\xe3\xd4\x06\x37\x36\x0f\x3f"
"\x72\x82\x0c\xcf",
.expectedlen = 64,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = (unsigned char *)
"\xbf\xa4\x9a\x8f\x7b\xd8\xb1\x7a\x9d\xfa\x45\xed"
"\x21\x52\xb3\xad",
.perslen = 16,
}, {
.entropy = (unsigned char *)
"\x92\x89\x8f\x31\xfa\x1c\xff\x6d\x18\x2f\x26\x06"
"\x43\xdf\xf8\x18\xc2\xa4\xd9\x72\xc3\xb9\xb6\x97",
.entropylen = 24,
.entpra = (unsigned char *)
"\x20\x72\x8a\x06\xf8\x6f\x8d\xd4\x41\xe2\x72\xb7"
"\xc4\x2c\xe8\x10",
.entprb = (unsigned char *)
"\x3d\xb0\xf0\x94\xf3\x05\x50\x33\x17\x86\x3e\x22"
"\x08\xf7\xa5\x01",
.entprlen = 16,
.expected = (unsigned char *)
"\x5a\x35\x39\x87\x0f\x4d\x22\xa4\x09\x24\xee\x71"
"\xc9\x6f\xac\x72\x0a\xd6\xf0\x88\x82\xd0\x83\x28"
"\x73\xec\x3f\x93\xd8\xab\x45\x23\xf0\x7e\xac\x45"
"\x14\x5e\x93\x9f\xb1\xd6\x76\x43\x3d\xb6\xe8\x08"
"\x88\xf6\xda\x89\x08\x77\x42\xfe\x1a\xf4\x3f\xc4"
"\x23\xc5\x1f\x68",
.expectedlen = 64,
.addtla = (unsigned char *)
"\x1a\x40\xfa\xe3\xcc\x6c\x7c\xa0\xf8\xda\xba\x59"
"\x23\x6d\xad\x1d",
.addtlb = (unsigned char *)
"\x9f\x72\x76\x6c\xc7\x46\xe5\xed\x2e\x53\x20\x12"
"\xbc\x59\x31\x8c",
.addtllen = 16,
.pers = (unsigned char *)
"\xea\x65\xee\x60\x26\x4e\x7e\xb6\x0e\x82\x68\xc4"
"\x37\x3c\x5c\x0b",
.perslen = 16,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* SP800-90A DRBG Test vectors from
* http://csrc.nist.gov/groups/STM/cavp/documents/drbg/drbgtestvectors.zip
*
* Test vectors for DRBG without prediction resistance. All types of DRBGs
* (Hash, HMAC, CTR) are tested with all permutations of use cases (w/ and
* w/o personalization string, w/ and w/o additional input string).
*/
static const struct drbg_testvec drbg_nopr_sha256_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\xa6\x5a\xd0\xf3\x45\xdb\x4e\x0e\xff\xe8\x75\xc3"
"\xa2\xe7\x1f\x42\xc7\x12\x9d\x62\x0f\xf5\xc1\x19"
"\xa9\xef\x55\xf0\x51\x85\xe0\xfb\x85\x81\xf9\x31"
"\x75\x17\x27\x6e\x06\xe9\x60\x7d\xdb\xcb\xcc\x2e",
.entropylen = 48,
.expected = (unsigned char *)
"\xd3\xe1\x60\xc3\x5b\x99\xf3\x40\xb2\x62\x82\x64"
"\xd1\x75\x10\x60\xe0\x04\x5d\xa3\x83\xff\x57\xa5"
"\x7d\x73\xa6\x73\xd2\xb8\xd8\x0d\xaa\xf6\xa6\xc3"
"\x5a\x91\xbb\x45\x79\xd7\x3f\xd0\xc8\xfe\xd1\x11"
"\xb0\x39\x13\x06\x82\x8a\xdf\xed\x52\x8f\x01\x81"
"\x21\xb3\xfe\xbd\xc3\x43\xe7\x97\xb8\x7d\xbb\x63"
"\xdb\x13\x33\xde\xd9\xd1\xec\xe1\x77\xcf\xa6\xb7"
"\x1f\xe8\xab\x1d\xa4\x66\x24\xed\x64\x15\xe5\x1c"
"\xcd\xe2\xc7\xca\x86\xe2\x83\x99\x0e\xea\xeb\x91"
"\x12\x04\x15\x52\x8b\x22\x95\x91\x02\x81\xb0\x2d"
"\xd4\x31\xf4\xc9\xf7\x04\x27\xdf",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\x73\xd3\xfb\xa3\x94\x5f\x2b\x5f\xb9\x8f\xf6\x9c"
"\x8a\x93\x17\xae\x19\xc3\x4c\xc3\xd6\xca\xa3\x2d"
"\x16\xfc\x42\xd2\x2d\xd5\x6f\x56\xcc\x1d\x30\xff"
"\x9e\x06\x3e\x09\xce\x58\xe6\x9a\x35\xb3\xa6\x56",
.entropylen = 48,
.expected = (unsigned char *)
"\x71\x7b\x93\x46\x1a\x40\xaa\x35\xa4\xaa\xc5\xe7"
"\x6d\x5b\x5b\x8a\xa0\xdf\x39\x7d\xae\x71\x58\x5b"
"\x3c\x7c\xb4\xf0\x89\xfa\x4a\x8c\xa9\x5c\x54\xc0"
"\x40\xdf\xbc\xce\x26\x81\x34\xf8\xba\x7d\x1c\xe8"
"\xad\x21\xe0\x74\xcf\x48\x84\x30\x1f\xa1\xd5\x4f"
"\x81\x42\x2f\xf4\xdb\x0b\x23\xf8\x73\x27\xb8\x1d"
"\x42\xf8\x44\x58\xd8\x5b\x29\x27\x0a\xf8\x69\x59"
"\xb5\x78\x44\xeb\x9e\xe0\x68\x6f\x42\x9a\xb0\x5b"
"\xe0\x4e\xcb\x6a\xaa\xe2\xd2\xd5\x33\x25\x3e\xe0"
"\x6c\xc7\x6a\x07\xa5\x03\x83\x9f\xe2\x8b\xd1\x1c"
"\x70\xa8\x07\x59\x97\xeb\xf6\xbe",
.expectedlen = 128,
.addtla = (unsigned char *)
"\xf4\xd5\x98\x3d\xa8\xfc\xfa\x37\xb7\x54\x67\x73"
"\xc7\xc3\xdd\x47\x34\x71\x02\x5d\xc1\xa0\xd3\x10"
"\xc1\x8b\xbd\xf5\x66\x34\x6f\xdd",
.addtlb = (unsigned char *)
"\xf7\x9e\x6a\x56\x0e\x73\xe9\xd9\x7a\xd1\x69\xe0"
"\x6f\x8c\x55\x1c\x44\xd1\xce\x6f\x28\xcc\xa4\x4d"
"\xa8\xc0\x85\xd1\x5a\x0c\x59\x40",
.addtllen = 32,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\x2a\x85\xa9\x8b\xd0\xda\x83\xd6\xad\xab\x9f\xbb"
"\x54\x31\x15\x95\x1c\x4d\x49\x9f\x6a\x15\xf6\xe4"
"\x15\x50\x88\x06\x29\x0d\xed\x8d\xb9\x6f\x96\xe1"
"\x83\x9f\xf7\x88\xda\x84\xbf\x44\x28\xd9\x1d\xaa",
.entropylen = 48,
.expected = (unsigned char *)
"\x2d\x55\xde\xc9\xed\x05\x47\x07\x3d\x04\xfc\x28"
"\x0f\x92\xf0\x4d\xd8\x00\x32\x47\x0a\x1b\x1c\x4b"
"\xef\xd9\x97\xa1\x17\x67\xda\x26\x6c\xfe\x76\x46"
"\x6f\xbc\x6d\x82\x4e\x83\x8a\x98\x66\x6c\x01\xb6"
"\xe6\x64\xe0\x08\x10\x6f\xd3\x5d\x90\xe7\x0d\x72"
"\xa6\xa7\xe3\xbb\x98\x11\x12\x56\x23\xc2\x6d\xd1"
"\xc8\xa8\x7a\x39\xf3\x34\xe3\xb8\xf8\x66\x00\x77"
"\x7d\xcf\x3c\x3e\xfa\xc9\x0f\xaf\xe0\x24\xfa\xe9"
"\x84\xf9\x6a\x01\xf6\x35\xdb\x5c\xab\x2a\xef\x4e"
"\xac\xab\x55\xb8\x9b\xef\x98\x68\xaf\x51\xd8\x16"
"\xa5\x5e\xae\xf9\x1e\xd2\xdb\xe6",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = (unsigned char *)
"\xa8\x80\xec\x98\x30\x98\x15\xd2\xc6\xc4\x68\xf1"
"\x3a\x1c\xbf\xce\x6a\x40\x14\xeb\x36\x99\x53\xda"
"\x57\x6b\xce\xa4\x1c\x66\x3d\xbc",
.perslen = 32,
}, {
.entropy = (unsigned char *)
"\x69\xed\x82\xa9\xc5\x7b\xbf\xe5\x1d\x2f\xcb\x7a"
"\xd3\x50\x7d\x96\xb4\xb9\x2b\x50\x77\x51\x27\x74"
"\x33\x74\xba\xf1\x30\xdf\x8e\xdf\x87\x1d\x87\xbc"
"\x96\xb2\xc3\xa7\xed\x60\x5e\x61\x4e\x51\x29\x1a",
.entropylen = 48,
.expected = (unsigned char *)
"\xa5\x71\x24\x31\x11\xfe\x13\xe1\xa8\x24\x12\xfb"
"\x37\xa1\x27\xa5\xab\x77\xa1\x9f\xae\x8f\xaf\x13"
"\x93\xf7\x53\x85\x91\xb6\x1b\xab\xd4\x6b\xea\xb6"
"\xef\xda\x4c\x90\x6e\xef\x5f\xde\xe1\xc7\x10\x36"
"\xd5\x67\xbd\x14\xb6\x89\x21\x0c\xc9\x92\x65\x64"
"\xd0\xf3\x23\xe0\x7f\xd1\xe8\x75\xc2\x85\x06\xea"
"\xca\xc0\xcb\x79\x2d\x29\x82\xfc\xaa\x9a\xc6\x95"
"\x7e\xdc\x88\x65\xba\xec\x0e\x16\x87\xec\xa3\x9e"
"\xd8\x8c\x80\xab\x3a\x64\xe0\xcb\x0e\x45\x98\xdd"
"\x7c\x6c\x6c\x26\x11\x13\xc8\xce\xa9\x47\xa6\x06"
"\x57\xa2\x66\xbb\x2d\x7f\xf3\xc1",
.expectedlen = 128,
.addtla = (unsigned char *)
"\x74\xd3\x6d\xda\xe8\xd6\x86\x5f\x63\x01\xfd\xf2"
"\x7d\x06\x29\x6d\x94\xd1\x66\xf0\xd2\x72\x67\x4e"
"\x77\xc5\x3d\x9e\x03\xe3\xa5\x78",
.addtlb = (unsigned char *)
"\xf6\xb6\x3d\xf0\x7c\x26\x04\xc5\x8b\xcd\x3e\x6a"
"\x9f\x9c\x3a\x2e\xdb\x47\x87\xe5\x8e\x00\x5e\x2b"
"\x74\x7f\xa6\xf6\x80\xcd\x9b\x21",
.addtllen = 32,
.pers = (unsigned char *)
"\x74\xa6\xe0\x08\xf9\x27\xee\x1d\x6e\x3c\x28\x20"
"\x87\xdd\xd7\x54\x31\x47\x78\x4b\xe5\x6d\xa3\x73"
"\xa9\x65\xb1\x10\xc1\xdc\x77\x7c",
.perslen = 32,
},
};
static const struct drbg_testvec drbg_nopr_hmac_sha256_tv_template[] = {
{
.entropy = (unsigned char *)
"\xca\x85\x19\x11\x34\x93\x84\xbf\xfe\x89\xde\x1c"
"\xbd\xc4\x6e\x68\x31\xe4\x4d\x34\xa4\xfb\x93\x5e"
"\xe2\x85\xdd\x14\xb7\x1a\x74\x88\x65\x9b\xa9\x6c"
"\x60\x1d\xc6\x9f\xc9\x02\x94\x08\x05\xec\x0c\xa8",
.entropylen = 48,
.expected = (unsigned char *)
"\xe5\x28\xe9\xab\xf2\xde\xce\x54\xd4\x7c\x7e\x75"
"\xe5\xfe\x30\x21\x49\xf8\x17\xea\x9f\xb4\xbe\xe6"
"\xf4\x19\x96\x97\xd0\x4d\x5b\x89\xd5\x4f\xbb\x97"
"\x8a\x15\xb5\xc4\x43\xc9\xec\x21\x03\x6d\x24\x60"
"\xb6\xf7\x3e\xba\xd0\xdc\x2a\xba\x6e\x62\x4a\xbf"
"\x07\x74\x5b\xc1\x07\x69\x4b\xb7\x54\x7b\xb0\x99"
"\x5f\x70\xde\x25\xd6\xb2\x9e\x2d\x30\x11\xbb\x19"
"\xd2\x76\x76\xc0\x71\x62\xc8\xb5\xcc\xde\x06\x68"
"\x96\x1d\xf8\x68\x03\x48\x2c\xb3\x7e\xd6\xd5\xc0"
"\xbb\x8d\x50\xcf\x1f\x50\xd4\x76\xaa\x04\x58\xbd"
"\xab\xa8\x06\xf4\x8b\xe9\xdc\xb8",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
}, {
.entropy = (unsigned char *)
"\xf9\x7a\x3c\xfd\x91\xfa\xa0\x46\xb9\xe6\x1b\x94"
"\x93\xd4\x36\xc4\x93\x1f\x60\x4b\x22\xf1\x08\x15"
"\x21\xb3\x41\x91\x51\xe8\xff\x06\x11\xf3\xa7\xd4"
"\x35\x95\x35\x7d\x58\x12\x0b\xd1\xe2\xdd\x8a\xed",
.entropylen = 48,
.expected = (unsigned char *)
"\xc6\x87\x1c\xff\x08\x24\xfe\x55\xea\x76\x89\xa5"
"\x22\x29\x88\x67\x30\x45\x0e\x5d\x36\x2d\xa5\xbf"
"\x59\x0d\xcf\x9a\xcd\x67\xfe\xd4\xcb\x32\x10\x7d"
"\xf5\xd0\x39\x69\xa6\x6b\x1f\x64\x94\xfd\xf5\xd6"
"\x3d\x5b\x4d\x0d\x34\xea\x73\x99\xa0\x7d\x01\x16"
"\x12\x6d\x0d\x51\x8c\x7c\x55\xba\x46\xe1\x2f\x62"
"\xef\xc8\xfe\x28\xa5\x1c\x9d\x42\x8e\x6d\x37\x1d"
"\x73\x97\xab\x31\x9f\xc7\x3d\xed\x47\x22\xe5\xb4"
"\xf3\x00\x04\x03\x2a\x61\x28\xdf\x5e\x74\x97\xec"
"\xf8\x2c\xa7\xb0\xa5\x0e\x86\x7e\xf6\x72\x8a\x4f"
"\x50\x9a\x8c\x85\x90\x87\x03\x9c",
.expectedlen = 128,
.addtla = (unsigned char *)
"\x51\x72\x89\xaf\xe4\x44\xa0\xfe\x5e\xd1\xa4\x1d"
"\xbb\xb5\xeb\x17\x15\x00\x79\xbd\xd3\x1e\x29\xcf"
"\x2f\xf3\x00\x34\xd8\x26\x8e\x3b",
.addtlb = (unsigned char *)
"\x88\x02\x8d\x29\xef\x80\xb4\xe6\xf0\xfe\x12\xf9"
"\x1d\x74\x49\xfe\x75\x06\x26\x82\xe8\x9c\x57\x14"
"\x40\xc0\xc9\xb5\x2c\x42\xa6\xe0",
.addtllen = 32,
.pers = NULL,
.perslen = 0,
}, {
.entropy = (unsigned char *)
"\x8d\xf0\x13\xb4\xd1\x03\x52\x30\x73\x91\x7d\xdf"
"\x6a\x86\x97\x93\x05\x9e\x99\x43\xfc\x86\x54\x54"
"\x9e\x7a\xb2\x2f\x7c\x29\xf1\x22\xda\x26\x25\xaf"
"\x2d\xdd\x4a\xbc\xce\x3c\xf4\xfa\x46\x59\xd8\x4e",
.entropylen = 48,
.expected = (unsigned char *)
"\xb9\x1c\xba\x4c\xc8\x4f\xa2\x5d\xf8\x61\x0b\x81"
"\xb6\x41\x40\x27\x68\xa2\x09\x72\x34\x93\x2e\x37"
"\xd5\x90\xb1\x15\x4c\xbd\x23\xf9\x74\x52\xe3\x10"
"\xe2\x91\xc4\x51\x46\x14\x7f\x0d\xa2\xd8\x17\x61"
"\xfe\x90\xfb\xa6\x4f\x94\x41\x9c\x0f\x66\x2b\x28"
"\xc1\xed\x94\xda\x48\x7b\xb7\xe7\x3e\xec\x79\x8f"
"\xbc\xf9\x81\xb7\x91\xd1\xbe\x4f\x17\x7a\x89\x07"
"\xaa\x3c\x40\x16\x43\xa5\xb6\x2b\x87\xb8\x9d\x66"
"\xb3\xa6\x0e\x40\xd4\xa8\xe4\xe9\xd8\x2a\xf6\xd2"
"\x70\x0e\x6f\x53\x5c\xdb\x51\xf7\x5c\x32\x17\x29"
"\x10\x37\x41\x03\x0c\xcc\x3a\x56",
.expectedlen = 128,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = (unsigned char *)
"\xb5\x71\xe6\x6d\x7c\x33\x8b\xc0\x7b\x76\xad\x37"
"\x57\xbb\x2f\x94\x52\xbf\x7e\x07\x43\x7a\xe8\x58"
"\x1c\xe7\xbc\x7c\x3a\xc6\x51\xa9",
.perslen = 32,
}, {
.entropy = (unsigned char *)
"\xc2\xa5\x66\xa9\xa1\x81\x7b\x15\xc5\xc3\xb7\x78"
"\x17\x7a\xc8\x7c\x24\xe7\x97\xbe\x0a\x84\x5f\x11"
"\xc2\xfe\x39\x9d\xd3\x77\x32\xf2\xcb\x18\x94\xeb"
"\x2b\x97\xb3\xc5\x6e\x62\x83\x29\x51\x6f\x86\xec",
.entropylen = 48,
.expected = (unsigned char *)
"\xb3\xa3\x69\x8d\x77\x76\x99\xa0\xdd\x9f\xa3\xf0"
"\xa9\xfa\x57\x83\x2d\x3c\xef\xac\x5d\xf2\x44\x37"
"\xc6\xd7\x3a\x0f\xe4\x10\x40\xf1\x72\x90\x38\xae"
"\xf1\xe9\x26\x35\x2e\xa5\x9d\xe1\x20\xbf\xb7\xb0"
"\x73\x18\x3a\x34\x10\x6e\xfe\xd6\x27\x8f\xf8\xad"
"\x84\x4b\xa0\x44\x81\x15\xdf\xdd\xf3\x31\x9a\x82"
"\xde\x6b\xb1\x1d\x80\xbd\x87\x1a\x9a\xcd\x35\xc7"
"\x36\x45\xe1\x27\x0f\xb9\xfe\x4f\xa8\x8e\xc0\xe4"
"\x65\x40\x9e\xa0\xcb\xa8\x09\xfe\x2f\x45\xe0\x49"
"\x43\xa2\xe3\x96\xbb\xb7\xdd\x2f\x4e\x07\x95\x30"
"\x35\x24\xcc\x9c\xc5\xea\x54\xa1",
.expectedlen = 128,
.addtla = (unsigned char *)
"\x41\x3d\xd8\x3f\xe5\x68\x35\xab\xd4\x78\xcb\x96"
"\x93\xd6\x76\x35\x90\x1c\x40\x23\x9a\x26\x64\x62"
"\xd3\x13\x3b\x83\xe4\x9c\x82\x0b",
.addtlb = (unsigned char *)
"\xd5\xc4\xa7\x1f\x9d\x6d\x95\xa1\xbe\xdf\x0b\xd2"
"\x24\x7c\x27\x7d\x1f\x84\xa4\xe5\x7a\x4a\x88\x25"
"\xb8\x2a\x2d\x09\x7d\xe6\x3e\xf1",
.addtllen = 32,
.pers = (unsigned char *)
"\x13\xce\x4d\x8d\xd2\xdb\x97\x96\xf9\x41\x56\xc8"
"\xe8\xf0\x76\x9b\x0a\xa1\xc8\x2c\x13\x23\xb6\x15"
"\x36\x60\x3b\xca\x37\xc9\xee\x29",
.perslen = 32,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct drbg_testvec drbg_nopr_ctr_aes192_tv_template[] = {
{
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\xc3\x5c\x2f\xa2\xa8\x9d\x52\xa1\x1f\xa3\x2a\xa9"
"\x6c\x95\xb8\xf1\xc9\xa8\xf9\xcb\x24\x5a\x8b\x40"
"\xf3\xa6\xe5\xa7\xfb\xd9\xd3\xc6\x8e\x27\x7b\xa9"
"\xac\x9b\xbb\x00",
.entropylen = 40,
.expected = (unsigned char *)
"\x8c\x2e\x72\xab\xfd\x9b\xb8\x28\x4d\xb7\x9e\x17"
"\xa4\x3a\x31\x46\xcd\x76\x94\xe3\x52\x49\xfc\x33"
"\x83\x91\x4a\x71\x17\xf4\x13\x68\xe6\xd4\xf1\x48"
"\xff\x49\xbf\x29\x07\x6b\x50\x15\xc5\x9f\x45\x79"
"\x45\x66\x2e\x3d\x35\x03\x84\x3f\x4a\xa5\xa3\xdf"
"\x9a\x9d\xf1\x0d",
.expectedlen = 64,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
},
};
static const struct drbg_testvec drbg_nopr_ctr_aes256_tv_template[] = {
{
.entropy = (unsigned char *)
"\x36\x40\x19\x40\xfa\x8b\x1f\xba\x91\xa1\x66\x1f"
"\x21\x1d\x78\xa0\xb9\x38\x9a\x74\xe5\xbc\xcf\xec"
"\xe8\xd7\x66\xaf\x1a\x6d\x3b\x14\x49\x6f\x25\xb0"
"\xf1\x30\x1b\x4f\x50\x1b\xe3\x03\x80\xa1\x37\xeb",
.entropylen = 48,
.expected = (unsigned char *)
"\x58\x62\xeb\x38\xbd\x55\x8d\xd9\x78\xa6\x96\xe6"
"\xdf\x16\x47\x82\xdd\xd8\x87\xe7\xe9\xa6\xc9\xf3"
"\xf1\xfb\xaf\xb7\x89\x41\xb5\x35\xa6\x49\x12\xdf"
"\xd2\x24\xc6\xdc\x74\x54\xe5\x25\x0b\x3d\x97\x16"
"\x5e\x16\x26\x0c\x2f\xaf\x1c\xc7\x73\x5c\xb7\x5f"
"\xb4\xf0\x7e\x1d",
.expectedlen = 64,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
},
};
static const struct drbg_testvec drbg_nopr_ctr_aes128_tv_template[] = {
{
.entropy = (unsigned char *)
"\x87\xe1\xc5\x32\x99\x7f\x57\xa3\x5c\x28\x6d\xe8"
"\x64\xbf\xf2\x64\xa3\x9e\x98\xdb\x6c\x10\x78\x7f",
.entropylen = 24,
.expected = (unsigned char *)
"\x2c\x14\x7e\x24\x11\x9a\xd8\xd4\xb2\xed\x61\xc1"
"\x53\xd0\x50\xc9\x24\xff\x59\x75\x15\xf1\x17\x3a"
"\x3d\xf4\x4b\x2c\x84\x28\xef\x89\x0e\xb9\xde\xf3"
"\xe4\x78\x04\xb2\xfd\x9b\x35\x7f\xe1\x3f\x8a\x3e"
"\x10\xc8\x67\x0a\xf9\xdf\x2d\x6c\x96\xfb\xb2\xb8"
"\xcb\x2d\xd6\xb0",
.expectedlen = 64,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = NULL,
.perslen = 0,
}, {
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.entropy = (unsigned char *)
"\x71\xbd\xce\x35\x42\x7d\x20\xbf\x58\xcf\x17\x74"
"\xce\x72\xd8\x33\x34\x50\x2d\x8f\x5b\x14\xc4\xdd",
.entropylen = 24,
.expected = (unsigned char *)
"\x97\x33\xe8\x20\x12\xe2\x7b\xa1\x46\x8f\xf2\x34"
"\xb3\xc9\xb6\x6b\x20\xb2\x4f\xee\x27\xd8\x0b\x21"
"\x8c\xff\x63\x73\x69\x29\xfb\xf3\x85\xcd\x88\x8e"
"\x43\x2c\x71\x8b\xa2\x55\xd2\x0f\x1d\x7f\xe3\xe1"
"\x2a\xa3\xe9\x2c\x25\x89\xc7\x14\x52\x99\x56\xcc"
"\xc3\xdf\xb3\x81",
.expectedlen = 64,
.addtla = (unsigned char *)
"\x66\xef\x42\xd6\x9a\x8c\x3d\x6d\x4a\x9e\x95\xa6"
"\x91\x4d\x81\x56",
.addtlb = (unsigned char *)
"\xe3\x18\x83\xd9\x4b\x5e\xc4\xcc\xaa\x61\x2f\xbb"
"\x4a\x55\xd1\xc6",
.addtllen = 16,
.pers = NULL,
.perslen = 0,
}, {
.entropy = (unsigned char *)
"\xca\x4b\x1e\xfa\x75\xbd\x69\x36\x38\x73\xb8\xf9"
"\xdb\x4d\x35\x0e\x47\xbf\x6c\x37\x72\xfd\xf7\xa9",
.entropylen = 24,
.expected = (unsigned char *)
"\x59\xc3\x19\x79\x1b\xb1\xf3\x0e\xe9\x34\xae\x6e"
"\x8b\x1f\xad\x1f\x74\xca\x25\x45\x68\xb8\x7f\x75"
"\x12\xf8\xf2\xab\x4c\x23\x01\x03\x05\xe1\x70\xee"
"\x75\xd8\xcb\xeb\x23\x4c\x7a\x23\x6e\x12\x27\xdb"
"\x6f\x7a\xac\x3c\x44\xb7\x87\x4b\x65\x56\x74\x45"
"\x34\x30\x0c\x3d",
.expectedlen = 64,
.addtla = NULL,
.addtlb = NULL,
.addtllen = 0,
.pers = (unsigned char *)
"\xeb\xaa\x60\x2c\x4d\xbe\x33\xff\x1b\xef\xbf\x0a"
"\x0b\xc6\x97\x54",
.perslen = 16,
}, {
.entropy = (unsigned char *)
"\xc0\x70\x1f\x92\x50\x75\x8f\xcd\xf2\xbe\x73\x98"
"\x80\xdb\x66\xeb\x14\x68\xb4\xa5\x87\x9c\x2d\xa6",
.entropylen = 24,
.expected = (unsigned char *)
"\x97\xc0\xc0\xe5\xa0\xcc\xf2\x4f\x33\x63\x48\x8a"
"\xdb\x13\x0a\x35\x89\xbf\x80\x65\x62\xee\x13\x95"
"\x7c\x33\xd3\x7d\xf4\x07\x77\x7a\x2b\x65\x0b\x5f"
"\x45\x5c\x13\xf1\x90\x77\x7f\xc5\x04\x3f\xcc\x1a"
"\x38\xf8\xcd\x1b\xbb\xd5\x57\xd1\x4a\x4c\x2e\x8a"
"\x2b\x49\x1e\x5c",
.expectedlen = 64,
.addtla = (unsigned char *)
"\xf9\x01\xf8\x16\x7a\x1d\xff\xde\x8e\x3c\x83\xe2"
"\x44\x85\xe7\xfe",
.addtlb = (unsigned char *)
"\x17\x1c\x09\x38\xc2\x38\x9f\x97\x87\x60\x55\xb4"
"\x82\x16\x62\x7f",
.addtllen = 16,
.pers = (unsigned char *)
"\x80\x08\xae\xe8\xe9\x69\x40\xc5\x08\x73\xc7\x9f"
"\x8e\xcf\xe0\x02",
.perslen = 16,
},
};
/* Cast5 test vectors from RFC 2144 */
static const struct cipher_testvec cast5_tv_template[] = {
{
.key = "\x01\x23\x45\x67\x12\x34\x56\x78"
"\x23\x45\x67\x89\x34\x56\x78\x9a",
.klen = 16,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.ctext = "\x23\x8b\x4f\xe5\x84\x7e\x44\xb2",
.len = 8,
}, {
.key = "\x01\x23\x45\x67\x12\x34\x56\x78"
"\x23\x45",
.klen = 10,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.ctext = "\xeb\x6a\x71\x1a\x2c\x02\x27\x1b",
.len = 8,
}, {
.key = "\x01\x23\x45\x67\x12",
.klen = 5,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.ctext = "\x7a\xc8\x16\xd1\x6e\x9b\x30\x2e",
.len = 8,
}, { /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A",
.klen = 16,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\x8D\xFC\x81\x9C\xCB\xAA\x5A\x1C"
"\x7E\x95\xCF\x40\xAB\x4D\x6F\xEA"
"\xD3\xD9\xB0\x9A\xB7\xC7\xE0\x2E"
"\xD1\x39\x34\x92\x8F\xFA\x14\xF1"
"\xD5\xD2\x7B\x59\x1F\x35\x28\xC2"
"\x20\xD9\x42\x06\xC9\x0B\x10\x04"
"\xF8\x79\xCD\x32\x86\x75\x4C\xB6"
"\x7B\x1C\x52\xB1\x91\x64\x22\x4B"
"\x13\xC7\xAE\x98\x0E\xB5\xCF\x6F"
"\x3F\xF4\x43\x96\x73\x0D\xA2\x05"
"\xDB\xFD\x28\x90\x2C\x56\xB9\x37"
"\x5B\x69\x0C\xAD\x84\x67\xFF\x15"
"\x4A\xD4\xA7\xD3\xDD\x99\x47\x3A"
"\xED\x34\x35\x78\x6B\x91\xC9\x32"
"\xE1\xBF\xBC\xB4\x04\x85\x6A\x39"
"\xC0\xBA\x51\xD0\x0F\x4E\xD1\xE2"
"\x1C\xFD\x0E\x05\x07\xF4\x10\xED"
"\xA2\x17\xFF\xF5\x64\xC6\x1A\x22"
"\xAD\x78\xE7\xD7\x11\xE9\x99\xB9"
"\xAA\xEC\x6F\xF8\x3B\xBF\xCE\x77"
"\x93\xE8\xAD\x1D\x50\x6C\xAE\xBC"
"\xBA\x5C\x80\xD1\x91\x65\x51\x1B"
"\xE8\x0A\xCD\x99\x96\x71\x3D\xB6"
"\x78\x75\x37\x55\xC1\xF5\x90\x40"
"\x34\xF4\x7E\xC8\xCC\x3A\x5F\x6E"
"\x36\xA1\xA1\xC2\x3A\x72\x42\x8E"
"\x0E\x37\x88\xE8\xCE\x83\xCB\xAD"
"\xE0\x69\x77\x50\xC7\x0C\x99\xCA"
"\x19\x5B\x30\x25\x9A\xEF\x9B\x0C"
"\xEF\x8F\x74\x4C\xCF\x49\x4E\xB9"
"\xC5\xAE\x9E\x2E\x78\x9A\xB9\x48"
"\xD5\x81\xE4\x37\x1D\xBF\x27\xD9"
"\xC5\xD6\x65\x43\x45\x8C\xBB\xB6"
"\x55\xF4\x06\xBB\x49\x53\x8B\x1B"
"\x07\xA9\x96\x69\x5B\xCB\x0F\xBC"
"\x93\x85\x90\x0F\x0A\x68\x40\x2A"
"\x95\xED\x2D\x88\xBF\x71\xD0\xBB"
"\xEC\xB0\x77\x6C\x79\xFC\x3C\x05"
"\x49\x3F\xB8\x24\xEF\x8E\x09\xA2"
"\x1D\xEF\x92\x02\x96\xD4\x7F\xC8"
"\x03\xB2\xCA\xDB\x17\x5C\x52\xCF"
"\xDD\x70\x37\x63\xAA\xA5\x83\x20"
"\x52\x02\xF6\xB9\xE7\x6E\x0A\xB6"
"\x79\x03\xA0\xDA\xA3\x79\x21\xBD"
"\xE3\x37\x3A\xC0\xF7\x2C\x32\xBE"
"\x8B\xE8\xA6\x00\xC7\x32\xD5\x06"
"\xBB\xE3\xAB\x06\x21\x82\xB8\x32"
"\x31\x34\x2A\xA7\x1F\x64\x99\xBF"
"\xFA\xDA\x3D\x75\xF7\x48\xD5\x48"
"\x4B\x52\x7E\xF6\x7C\xAB\x67\x59"
"\xC5\xDC\xA8\xC6\x63\x85\x4A\xDF"
"\xF0\x40\x5F\xCF\xE3\x58\x52\x67"
"\x7A\x24\x32\xC5\xEC\x9E\xA9\x6F"
"\x58\x56\xDD\x94\x1F\x71\x8D\xF4"
"\x6E\xFF\x2C\xA7\xA5\xD8\xBA\xAF"
"\x1D\x8B\xA2\x46\xB5\xC4\x9F\x57"
"\x8D\xD8\xB3\x3C\x02\x0D\xBB\x84"
"\xC7\xBD\xB4\x9A\x6E\xBB\xB1\x37"
"\x95\x79\xC4\xA7\xEA\x1D\xDC\x33"
"\x5D\x0B\x3F\x03\x8F\x30\xF9\xAE"
"\x4F\xFE\x24\x9C\x9A\x02\xE5\x57"
"\xF5\xBC\x25\xD6\x02\x56\x57\x1C",
.len = 496,
.also_non_np = 1,
.np = 3,
.tap = { 496 - 20, 4, 16 },
},
};
static const struct cipher_testvec cast5_cbc_tv_template[] = {
{ /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A",
.klen = 16,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\x05\x28\xCE\x61\x90\x80\xE1\x78"
"\xB9\x2A\x97\x7C\xB0\x83\xD8\x1A"
"\xDE\x58\x7F\xD7\xFD\x72\xB8\xFB"
"\xDA\xF0\x6E\x77\x14\x47\x82\xBA"
"\x29\x0E\x25\x6E\xB4\x39\xD9\x7F"
"\x05\xA7\xA7\x3A\xC1\x5D\x9E\x39"
"\xA7\xFB\x0D\x05\x00\xF3\x58\x67"
"\x60\xEC\x73\x77\x46\x85\x9B\x6A"
"\x08\x3E\xBE\x59\xFB\xE4\x96\x34"
"\xB4\x05\x49\x1A\x97\x43\xAD\xA0"
"\xA9\x1E\x6E\x74\xF1\x94\xEC\xA8"
"\xB5\x8A\x20\xEA\x89\x6B\x19\xAA"
"\xA7\xF1\x33\x67\x90\x23\x0D\xEE"
"\x81\xD5\x78\x4F\xD3\x63\xEA\x46"
"\xB5\xB2\x6E\xBB\xCA\x76\x06\x10"
"\x96\x2A\x0A\xBA\xF9\x41\x5A\x1D"
"\x36\x7C\x56\x14\x54\x83\xFA\xA1"
"\x27\xDD\xBA\x8A\x90\x29\xD6\xA6"
"\xFA\x48\x3E\x1E\x23\x6E\x98\xA8"
"\xA7\xD9\x67\x92\x5C\x13\xB4\x71"
"\xA8\xAA\x89\x4A\xA4\xB3\x49\x7C"
"\x7D\x7F\xCE\x6F\x29\x2E\x7E\x37"
"\xC8\x52\x60\xD9\xE7\xCA\x60\x98"
"\xED\xCD\xE8\x60\x83\xAD\x34\x4D"
"\x96\x4A\x99\x2B\xB7\x14\x75\x66"
"\x6C\x2C\x1A\xBA\x4B\xBB\x49\x56"
"\xE1\x86\xA2\x0E\xD0\xF0\x07\xD3"
"\x18\x38\x09\x9C\x0E\x8B\x86\x07"
"\x90\x12\x37\x49\x27\x98\x69\x18"
"\xB0\xCC\xFB\xD3\xBD\x04\xA0\x85"
"\x4B\x22\x97\x07\xB6\x97\xE9\x95"
"\x0F\x88\x36\xA9\x44\x00\xC6\xE9"
"\x27\x53\x5C\x5B\x1F\xD3\xE2\xEE"
"\xD0\xCD\x63\x30\xA9\xC0\xDD\x49"
"\xFE\x16\xA4\x07\x0D\xE2\x5D\x97"
"\xDE\x89\xBA\x2E\xF3\xA9\x5E\xBE"
"\x03\x55\x0E\x02\x41\x4A\x45\x06"
"\xBE\xEA\x32\xF2\xDC\x91\x5C\x20"
"\x94\x02\x30\xD2\xFC\x29\xFA\x8E"
"\x34\xA0\x31\xB8\x34\xBA\xAE\x54"
"\xB5\x88\x1F\xDC\x43\xDC\x22\x9F"
"\xDC\xCE\xD3\xFA\xA4\xA8\xBC\x8A"
"\xC7\x5A\x43\x21\xA5\xB1\xDB\xC3"
"\x84\x3B\xB4\x9B\xB5\xA7\xF1\x0A"
"\xB6\x37\x21\x19\x55\xC2\xBD\x99"
"\x49\x24\xBB\x7C\xB3\x8E\xEF\xD2"
"\x3A\xCF\xA0\x31\x28\x0E\x25\xA2"
"\x11\xB4\x18\x17\x1A\x65\x92\x56"
"\xE8\xE0\x52\x9C\x61\x18\x2A\xB1"
"\x1A\x01\x22\x45\x17\x62\x52\x6C"
"\x91\x44\xCF\x98\xC7\xC0\x79\x26"
"\x32\x66\x6F\x23\x7F\x94\x36\x88"
"\x3C\xC9\xD0\xB7\x45\x30\x31\x86"
"\x3D\xC6\xA3\x98\x62\x84\x1A\x8B"
"\x16\x88\xC7\xA3\xE9\x4F\xE0\x86"
"\xA4\x93\xA8\x34\x5A\xCA\xDF\xCA"
"\x46\x38\xD2\xF4\xE0\x2D\x1E\xC9"
"\x7C\xEF\x53\xB7\x60\x72\x41\xBF"
"\x29\x00\x87\x02\xAF\x44\x4C\xB7"
"\x8C\xF5\x3F\x19\xF4\x80\x45\xA7"
"\x15\x5F\xDB\xE9\xB1\x83\xD2\xE6"
"\x1D\x18\x66\x44\x5B\x8F\x14\xEB",
.len = 496,
.also_non_np = 1,
.np = 3,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.tap = { 496 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec cast5_ctr_tv_template[] = {
{ /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A",
.klen = 16,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A",
.ctext = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39"
"\x7C\x52\xC4\xD3\xBB\x62\xC6\xA8"
"\x0C",
.len = 17,
}, { /* Generated from TF test vectors */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A",
.klen = 16,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\xFF\xC4\x2E\x82\x3D\xF8\xA8\x39"
"\x7C\x52\xC4\xD3\xBB\x62\xC6\xA8"
"\x0C\x63\xA5\x55\xE3\xF8\x1C\x7F"
"\xDC\x59\xF9\xA0\x52\xAD\x83\xDF"
"\xD5\x3B\x53\x4A\xAA\x1F\x49\x44"
"\xE8\x20\xCC\xF8\x97\xE6\xE0\x3C"
"\x5A\xD2\x83\xEC\xEE\x25\x3F\xCF"
"\x0D\xC2\x79\x80\x99\x6E\xFF\x7B"
"\x64\xB0\x7B\x86\x29\x1D\x9F\x17"
"\x10\xA5\xA5\xEB\x16\x55\x9E\xE3"
"\x88\x18\x52\x56\x48\x58\xD1\x6B"
"\xE8\x74\x6E\x48\xB0\x2E\x69\x63"
"\x32\xAA\xAC\x26\x55\x45\x94\xDE"
"\x30\x26\x26\xE6\x08\x82\x2F\x5F"
"\xA7\x15\x94\x07\x75\x2D\xC6\x3A"
"\x1B\xA0\x39\xFB\xBA\xB9\x06\x56"
"\xF6\x9F\xF1\x2F\x9B\xF3\x89\x8B"
"\x08\xC8\x9D\x5E\x6B\x95\x09\xC7"
"\x98\xB7\x62\xA4\x1D\x25\xFA\xC5"
"\x62\xC8\x5D\x6B\xB4\x85\x88\x7F"
"\x3B\x29\xF9\xB4\x32\x62\x69\xBF"
"\x32\xB8\xEB\xFD\x0E\x26\xAA\xA3"
"\x44\x67\x90\x20\xAC\x41\xDF\x43"
"\xC6\xC7\x19\x9F\x2C\x28\x74\xEB"
"\x3E\x7F\x7A\x80\x5B\xE4\x08\x60"
"\xC7\xC9\x71\x34\x44\xCE\x05\xFD"
"\xA8\x91\xA8\x44\x5E\xD3\x89\x2C"
"\xAE\x59\x0F\x07\x88\x79\x53\x26"
"\xAF\xAC\xCB\x1D\x6F\x08\x25\x62"
"\xD0\x82\x65\x66\xE4\x2A\x29\x1C"
"\x9C\x64\x5F\x49\x9D\xF8\x62\xF9"
"\xED\xC4\x13\x52\x75\xDC\xE4\xF9"
"\x68\x0F\x8A\xCD\xA6\x8D\x75\xAA"
"\x49\xA1\x86\x86\x37\x5C\x6B\x3D"
"\x56\xE5\x6F\xBE\x27\xC0\x10\xF8"
"\x3C\x4D\x17\x35\x14\xDC\x1C\xA0"
"\x6E\xAE\xD1\x10\xDD\x83\x06\xC2"
"\x23\xD3\xC7\x27\x15\x04\x2C\x27"
"\xDD\x1F\x2E\x97\x09\x9C\x33\x7D"
"\xAC\x50\x1B\x2E\xC9\x52\x0C\x14"
"\x4B\x78\xC4\xDE\x07\x6A\x12\x02"
"\x6E\xD7\x4B\x91\xB9\x88\x4D\x02"
"\xC3\xB5\x04\xBC\xE0\x67\xCA\x18"
"\x22\xA1\xAE\x9A\x21\xEF\xB2\x06"
"\x35\xCD\xEC\x37\x70\x2D\xFC\x1E"
"\xA8\x31\xE7\xFC\xE5\x8E\x88\x66"
"\x16\xB5\xC8\x45\x21\x37\xBD\x24"
"\xA9\xD5\x36\x12\x9F\x6E\x67\x80"
"\x87\x54\xD5\xAF\x97\xE1\x15\xA7"
"\x11\xF0\x63\x7B\xE1\x44\x14\x1C"
"\x06\x32\x05\x8C\x6C\xDB\x9B\x36"
"\x6A\x6B\xAD\x3A\x27\x55\x20\x4C"
"\x76\x36\x43\xE8\x16\x60\xB5\xF3"
"\xDF\x5A\xC6\xA5\x69\x78\x59\x51"
"\x54\x68\x65\x06\x84\xDE\x3D\xAE"
"\x38\x91\xBD\xCC\xA2\x8A\xEC\xE6"
"\x9E\x83\xAE\x1E\x8E\x34\x5D\xDE"
"\x91\xCE\x8F\xED\x40\xF7\xC8\x8B"
"\x9A\x13\x4C\xAD\x89\x97\x9E\xD1"
"\x91\x01\xD7\x21\x23\x28\x1E\xCC"
"\x8C\x98\xDB\xDE\xFC\x72\x94\xAA"
"\xC0\x0D\x96\xAA\x23\xF8\xFE\x13",
.len = 496,
.also_non_np = 1,
.np = 3,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.tap = { 496 - 20, 4, 16 },
},
};
/*
* ARC4 test vectors from OpenSSL
*/
static const struct cipher_testvec arc4_tv_template[] = {
{
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.ctext = "\x75\xb7\x87\x80\x99\xe0\xc5\x96",
.len = 8,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\x74\x94\xc2\xe7\x10\x4b\x08\x79",
.len = 8,
}, {
.key = "\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 8,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\xde\x18\x89\x41\xa3\x37\x5d\x3a",
.len = 8,
}, {
.key = "\xef\x01\x23\x45",
.klen = 4,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00",
.ctext = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf"
"\xbd\x61\x5a\x11\x62\xe1\xc7\xba"
"\x36\xb6\x78\x58",
.len = 20,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef",
.klen = 8,
.ptext = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0"
"\x12\x34\x56\x78\x9A\xBC\xDE\xF0"
"\x12\x34\x56\x78\x9A\xBC\xDE\xF0"
"\x12\x34\x56\x78",
.ctext = "\x66\xa0\x94\x9f\x8a\xf7\xd6\x89"
"\x1f\x7f\x83\x2b\xa8\x33\xc0\x0c"
"\x89\x2e\xbe\x30\x14\x3c\xe2\x87"
"\x40\x01\x1e\xcf",
.len = 28,
}, {
.key = "\xef\x01\x23\x45",
.klen = 4,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00",
.ctext = "\xd6\xa1\x41\xa7\xec\x3c\x38\xdf"
"\xbd\x61",
.len = 10,
}, {
.key = "\x01\x23\x45\x67\x89\xAB\xCD\xEF"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.ptext = "\x01\x23\x45\x67\x89\xAB\xCD\xEF",
.ctext = "\x69\x72\x36\x59\x1B\x52\x42\xB1",
.len = 8,
},
};
/*
* TEA test vectors
*/
static const struct cipher_testvec tea_tv_template[] = {
{
.key = zeroed_string,
.klen = 16,
.ptext = zeroed_string,
.ctext = "\x0a\x3a\xea\x41\x40\xa9\xba\x94",
.len = 8,
}, {
.key = "\x2b\x02\x05\x68\x06\x14\x49\x76"
"\x77\x5d\x0e\x26\x6c\x28\x78\x43",
.klen = 16,
.ptext = "\x74\x65\x73\x74\x20\x6d\x65\x2e",
.ctext = "\x77\x5d\x2a\x6a\xf6\xce\x92\x09",
.len = 8,
}, {
.key = "\x09\x65\x43\x11\x66\x44\x39\x25"
"\x51\x3a\x16\x10\x0a\x08\x12\x6e",
.klen = 16,
.ptext = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74"
"\x65\x73\x74\x5f\x76\x65\x63\x74",
.ctext = "\xbe\x7a\xbb\x81\x95\x2d\x1f\x1e"
"\xdd\x89\xa1\x25\x04\x21\xdf\x95",
.len = 16,
}, {
.key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c"
"\x5d\x04\x16\x36\x15\x72\x63\x2f",
.klen = 16,
.ptext = "\x54\x65\x61\x20\x69\x73\x20\x67"
"\x6f\x6f\x64\x20\x66\x6f\x72\x20"
"\x79\x6f\x75\x21\x21\x21\x20\x72"
"\x65\x61\x6c\x6c\x79\x21\x21\x21",
.ctext = "\xe0\x4d\x5d\x3c\xb7\x8c\x36\x47"
"\x94\x18\x95\x91\xa9\xfc\x49\xf8"
"\x44\xd1\x2d\xc2\x99\xb8\x08\x2a"
"\x07\x89\x73\xc2\x45\x92\xc6\x90",
.len = 32,
}
};
/*
* XTEA test vectors
*/
static const struct cipher_testvec xtea_tv_template[] = {
{
.key = zeroed_string,
.klen = 16,
.ptext = zeroed_string,
.ctext = "\xd8\xd4\xe9\xde\xd9\x1e\x13\xf7",
.len = 8,
}, {
.key = "\x2b\x02\x05\x68\x06\x14\x49\x76"
"\x77\x5d\x0e\x26\x6c\x28\x78\x43",
.klen = 16,
.ptext = "\x74\x65\x73\x74\x20\x6d\x65\x2e",
.ctext = "\x94\xeb\xc8\x96\x84\x6a\x49\xa8",
.len = 8,
}, {
.key = "\x09\x65\x43\x11\x66\x44\x39\x25"
"\x51\x3a\x16\x10\x0a\x08\x12\x6e",
.klen = 16,
.ptext = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74"
"\x65\x73\x74\x5f\x76\x65\x63\x74",
.ctext = "\x3e\xce\xae\x22\x60\x56\xa8\x9d"
"\x77\x4d\xd4\xb4\x87\x24\xe3\x9a",
.len = 16,
}, {
.key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c"
"\x5d\x04\x16\x36\x15\x72\x63\x2f",
.klen = 16,
.ptext = "\x54\x65\x61\x20\x69\x73\x20\x67"
"\x6f\x6f\x64\x20\x66\x6f\x72\x20"
"\x79\x6f\x75\x21\x21\x21\x20\x72"
"\x65\x61\x6c\x6c\x79\x21\x21\x21",
.ctext = "\x99\x81\x9f\x5d\x6f\x4b\x31\x3a"
"\x86\xff\x6f\xd0\xe3\x87\x70\x07"
"\x4d\xb8\xcf\xf3\x99\x50\xb3\xd4"
"\x73\xa2\xfa\xc9\x16\x59\x5d\x81",
.len = 32,
}
};
/*
* KHAZAD test vectors.
*/
static const struct cipher_testvec khazad_tv_template[] = {
{
.key = "\x80\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\x49\xa4\xce\x32\xac\x19\x0e\x3f",
.len = 8,
}, {
.key = "\x38\x38\x38\x38\x38\x38\x38\x38"
"\x38\x38\x38\x38\x38\x38\x38\x38",
.klen = 16,
.ptext = "\x38\x38\x38\x38\x38\x38\x38\x38",
.ctext = "\x7e\x82\x12\xa1\xd9\x5b\xe4\xf9",
.len = 8,
}, {
.key = "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2"
"\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2",
.klen = 16,
.ptext = "\xa2\xa2\xa2\xa2\xa2\xa2\xa2\xa2",
.ctext = "\xaa\xbe\xc1\x95\xc5\x94\x1a\x9c",
.len = 8,
}, {
.key = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f"
"\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f",
.klen = 16,
.ptext = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f",
.ctext = "\x04\x74\xf5\x70\x50\x16\xd3\xb8",
.len = 8,
}, {
.key = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f"
"\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f",
.klen = 16,
.ptext = "\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f"
"\x2f\x2f\x2f\x2f\x2f\x2f\x2f\x2f",
.ctext = "\x04\x74\xf5\x70\x50\x16\xd3\xb8"
"\x04\x74\xf5\x70\x50\x16\xd3\xb8",
.len = 16,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
/*
* Anubis test vectors.
*/
static const struct cipher_testvec anubis_tv_template[] = {
{
.key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe",
.klen = 16,
.ptext = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe",
.ctext = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f"
"\x08\xb7\x52\x8e\x6e\x6e\x86\x90",
.len = 16,
}, {
.key = "\x03\x03\x03\x03\x03\x03\x03\x03"
"\x03\x03\x03\x03\x03\x03\x03\x03"
"\x03\x03\x03\x03",
.klen = 20,
.ptext = "\x03\x03\x03\x03\x03\x03\x03\x03"
"\x03\x03\x03\x03\x03\x03\x03\x03",
.ctext = "\xdb\xf1\x42\xf4\xd1\x8a\xc7\x49"
"\x87\x41\x6f\x82\x0a\x98\x64\xae",
.len = 16,
}, {
.key = "\x24\x24\x24\x24\x24\x24\x24\x24"
"\x24\x24\x24\x24\x24\x24\x24\x24"
"\x24\x24\x24\x24\x24\x24\x24\x24"
"\x24\x24\x24\x24",
.klen = 28,
.ptext = "\x24\x24\x24\x24\x24\x24\x24\x24"
"\x24\x24\x24\x24\x24\x24\x24\x24",
.ctext = "\xfd\x1b\x4a\xe3\xbf\xf0\xad\x3d"
"\x06\xd3\x61\x27\xfd\x13\x9e\xde",
.len = 16,
}, {
.key = "\x25\x25\x25\x25\x25\x25\x25\x25"
"\x25\x25\x25\x25\x25\x25\x25\x25"
"\x25\x25\x25\x25\x25\x25\x25\x25"
"\x25\x25\x25\x25\x25\x25\x25\x25",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x25\x25\x25\x25\x25\x25\x25\x25"
"\x25\x25\x25\x25\x25\x25\x25\x25",
.ctext = "\x1a\x91\xfb\x2b\xb7\x78\x6b\xc4"
"\x17\xd9\xff\x40\x3b\x0e\xe5\xfe",
.len = 16,
}, {
.key = "\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35",
.klen = 40,
.ptext = "\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35",
.ctext = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97"
"\x9e\xc6\x84\x0f\x17\x21\x07\xee",
.len = 16,
},
};
static const struct cipher_testvec anubis_cbc_tv_template[] = {
{
.key = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe",
.klen = 16,
.ptext = "\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe"
"\xfe\xfe\xfe\xfe\xfe\xfe\xfe\xfe",
.ctext = "\x6d\xc5\xda\xa2\x26\x7d\x62\x6f"
"\x08\xb7\x52\x8e\x6e\x6e\x86\x90"
"\x86\xd8\xb5\x6f\x98\x5e\x8a\x66"
"\x4f\x1f\x78\xa1\xbb\x37\xf1\xbe",
.len = 32,
}, {
.key = "\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35",
.klen = 40,
.ptext = "\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35"
"\x35\x35\x35\x35\x35\x35\x35\x35",
.ctext = "\xa5\x2c\x85\x6f\x9c\xba\xa0\x97"
"\x9e\xc6\x84\x0f\x17\x21\x07\xee"
"\xa2\xbc\x06\x98\xc6\x4b\xda\x75"
"\x2e\xaa\xbe\x58\xce\x01\x5b\xc7",
.len = 32,
},
};
/*
* XETA test vectors
*/
static const struct cipher_testvec xeta_tv_template[] = {
{
.key = zeroed_string,
.klen = 16,
.ptext = zeroed_string,
.ctext = "\xaa\x22\x96\xe5\x6c\x61\xf3\x45",
.len = 8,
}, {
.key = "\x2b\x02\x05\x68\x06\x14\x49\x76"
"\x77\x5d\x0e\x26\x6c\x28\x78\x43",
.klen = 16,
.ptext = "\x74\x65\x73\x74\x20\x6d\x65\x2e",
.ctext = "\x82\x3e\xeb\x35\xdc\xdd\xd9\xc3",
.len = 8,
}, {
.key = "\x09\x65\x43\x11\x66\x44\x39\x25"
"\x51\x3a\x16\x10\x0a\x08\x12\x6e",
.klen = 16,
.ptext = "\x6c\x6f\x6e\x67\x65\x72\x5f\x74"
"\x65\x73\x74\x5f\x76\x65\x63\x74",
.ctext = "\xe2\x04\xdb\xf2\x89\x85\x9e\xea"
"\x61\x35\xaa\xed\xb5\xcb\x71\x2c",
.len = 16,
}, {
.key = "\x4d\x76\x32\x17\x05\x3f\x75\x2c"
"\x5d\x04\x16\x36\x15\x72\x63\x2f",
.klen = 16,
.ptext = "\x54\x65\x61\x20\x69\x73\x20\x67"
"\x6f\x6f\x64\x20\x66\x6f\x72\x20"
"\x79\x6f\x75\x21\x21\x21\x20\x72"
"\x65\x61\x6c\x6c\x79\x21\x21\x21",
.ctext = "\x0b\x03\xcd\x8a\xbe\x95\xfd\xb1"
"\xc1\x44\x91\x0b\xa5\xc9\x1b\xb4"
"\xa9\xda\x1e\x9e\xb1\x3e\x2a\x8f"
"\xea\xa5\x6a\x85\xd1\xf4\xa8\xa5",
.len = 32,
}
};
/*
* FCrypt test vectors
*/
static const struct cipher_testvec fcrypt_pcbc_tv_template[] = {
{ /* http://www.openafs.org/pipermail/openafs-devel/2000-December/005320.html */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 8,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\x0E\x09\x00\xC7\x3E\xF7\xED\x41",
.len = 8,
}, {
.key = "\x11\x44\x77\xAA\xDD\x00\x33\x66",
.klen = 8,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x12\x34\x56\x78\x9A\xBC\xDE\xF0",
.ctext = "\xD8\xED\x78\x74\x77\xEC\x06\x80",
.len = 8,
}, { /* From Arla */
.key = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
.klen = 8,
.iv = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
.ctext = "\x00\xf0\x0e\x11\x75\xe6\x23\x82"
"\xee\xac\x98\x62\x44\x51\xe4\x84"
"\xc3\x59\xd8\xaa\x64\x60\xae\xf7"
"\xd2\xd9\x13\x79\x72\xa3\x45\x03"
"\x23\xb5\x62\xd7\x0c\xf5\x27\xd1"
"\xf8\x91\x3c\xac\x44\x22\x92\xef",
.len = 48,
}, {
.key = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
.klen = 8,
.iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
.ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
.ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c"
"\x01\x88\x7f\x3e\x31\x6e\x62\x9d"
"\xd8\xe0\x57\xa3\x06\x3a\x42\x58"
"\x2a\x28\xfe\x72\x52\x2f\xdd\xe0"
"\x19\x89\x09\x1c\x2a\x8e\x8c\x94"
"\xfc\xc7\x68\xe4\x88\xaa\xde\x0f",
.len = 48,
}, { /* split-page version */
.key = "\xfe\xdc\xba\x98\x76\x54\x32\x10",
.klen = 8,
.iv = "\xf0\xe1\xd2\xc3\xb4\xa5\x96\x87",
.ptext = "The quick brown fox jumps over the lazy dogs.\0\0",
.ctext = "\xca\x90\xf5\x9d\xcb\xd4\xd2\x3c"
"\x01\x88\x7f\x3e\x31\x6e\x62\x9d"
"\xd8\xe0\x57\xa3\x06\x3a\x42\x58"
"\x2a\x28\xfe\x72\x52\x2f\xdd\xe0"
"\x19\x89\x09\x1c\x2a\x8e\x8c\x94"
"\xfc\xc7\x68\xe4\x88\xaa\xde\x0f",
.len = 48,
.np = 2,
.tap = { 20, 28 },
}
};
/*
* CAMELLIA test vectors.
*/
static const struct cipher_testvec camellia_tv_template[] = {
{
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10",
.klen = 16,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ctext = "\x67\x67\x31\x38\x54\x96\x69\x73"
"\x08\x57\x06\x56\x48\xea\xbe\x43",
.len = 16,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10"
"\x00\x11\x22\x33\x44\x55\x66\x77",
.klen = 24,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ctext = "\xb4\x99\x34\x01\xb3\xe9\x96\xf8"
"\x4e\xe5\xce\xe7\xd7\x9b\x09\xb9",
.len = 16,
}, {
.key = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10"
"\x00\x11\x22\x33\x44\x55\x66\x77"
"\x88\x99\xaa\xbb\xcc\xdd\xee\xff",
.klen = 32,
.ptext = "\x01\x23\x45\x67\x89\xab\xcd\xef"
"\xfe\xdc\xba\x98\x76\x54\x32\x10",
.ctext = "\x9a\xcc\x23\x7d\xff\x16\xd7\x6c"
"\x20\xef\x7c\x91\x9e\x3a\x75\x09",
.len = 16,
}, { /* Generated with Crypto++ */
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.key = "\x3F\x85\x62\x3F\x1C\xF9\xD6\x1C"
"\xF9\xD6\xB3\x90\x6D\x4A\x90\x6D"
"\x4A\x27\x04\xE1\x27\x04\xE1\xBE"
"\x9B\x78\xBE\x9B\x78\x55\x32\x0F",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06"
"\x9D\x34\xCB\x3F\xD6\x6D\x04\x78"
"\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA"
"\x81\x18\x8C\x23\xBA\x2E\xC5\x5C"
"\xF3\x67\xFE\x95\x09\xA0\x37\xCE"
"\x42\xD9\x70\x07\x7B\x12\xA9\x1D"
"\xB4\x4B\xE2\x56\xED\x84\x1B\x8F"
"\x26\xBD\x31\xC8\x5F\xF6\x6A\x01"
"\x98\x0C\xA3\x3A\xD1\x45\xDC\x73"
"\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5"
"\x59\xF0\x87\x1E\x92\x29\xC0\x34"
"\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6"
"\x3D\xD4\x48\xDF\x76\x0D\x81\x18"
"\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A"
"\x21\x95\x2C\xC3\x37\xCE\x65\xFC"
"\x70\x07\x9E\x12\xA9\x40\xD7\x4B"
"\xE2\x79\x10\x84\x1B\xB2\x26\xBD"
"\x54\xEB\x5F\xF6\x8D\x01\x98\x2F"
"\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1"
"\x15\xAC\x43\xDA\x4E\xE5\x7C\x13"
"\x87\x1E\xB5\x29\xC0\x57\xEE\x62"
"\xF9\x90\x04\x9B\x32\xC9\x3D\xD4"
"\x6B\x02\x76\x0D\xA4\x18\xAF\x46"
"\xDD\x51\xE8\x7F\x16\x8A\x21\xB8"
"\x2C\xC3\x5A\xF1\x65\xFC\x93\x07"
"\x9E\x35\xCC\x40\xD7\x6E\x05\x79"
"\x10\xA7\x1B\xB2\x49\xE0\x54\xEB"
"\x82\x19\x8D\x24\xBB\x2F\xC6\x5D"
"\xF4\x68\xFF\x96\x0A\xA1\x38\xCF"
"\x43\xDA\x71\x08\x7C\x13\xAA\x1E"
"\xB5\x4C\xE3\x57\xEE\x85\x1C\x90"
"\x27\xBE\x32\xC9\x60\xF7\x6B\x02"
"\x99\x0D\xA4\x3B\xD2\x46\xDD\x74"
"\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6"
"\x5A\xF1\x88\x1F\x93\x2A\xC1\x35"
"\xCC\x63\xFA\x6E\x05\x9C\x10\xA7"
"\x3E\xD5\x49\xE0\x77\x0E\x82\x19"
"\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B"
"\x22\x96\x2D\xC4\x38\xCF\x66\xFD"
"\x71\x08\x9F\x13\xAA\x41\xD8\x4C"
"\xE3\x7A\x11\x85\x1C\xB3\x27\xBE"
"\x55\xEC\x60\xF7\x8E\x02\x99\x30"
"\xC7\x3B\xD2\x69\x00\x74\x0B\xA2"
"\x16\xAD\x44\xDB\x4F\xE6\x7D\x14"
"\x88\x1F\xB6\x2A\xC1\x58\xEF\x63"
"\xFA\x91\x05\x9C\x33\xCA\x3E\xD5"
"\x6C\x03\x77\x0E\xA5\x19\xB0\x47"
"\xDE\x52\xE9\x80\x17\x8B\x22\xB9"
"\x2D\xC4\x5B\xF2\x66\xFD\x94\x08"
"\x9F\x36\xCD\x41\xD8\x6F\x06\x7A"
"\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC"
"\x83\x1A\x8E\x25\xBC\x30\xC7\x5E"
"\xF5\x69\x00\x97\x0B\xA2\x39\xD0"
"\x44\xDB\x72\x09\x7D\x14\xAB\x1F"
"\xB6\x4D\xE4\x58\xEF\x86\x1D\x91"
"\x28\xBF\x33\xCA\x61\xF8\x6C\x03"
"\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75"
"\x0C\x80\x17\xAE\x22\xB9\x50\xE7"
"\x5B\xF2\x89\x20\x94\x2B\xC2\x36"
"\xCD\x64\xFB\x6F\x06\x9D\x11\xA8"
"\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A"
"\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C"
"\x00\x97\x2E\xC5\x39\xD0\x67\xFE"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x72\x09\xA0\x14\xAB\x42\xD9\x4D",
.ctext = "\xED\xCD\xDB\xB8\x68\xCE\xBD\xEA"
"\x9D\x9D\xCD\x9F\x4F\xFC\x4D\xB7"
"\xA5\xFF\x6F\x43\x0F\xBA\x32\x04"
"\xB3\xC2\xB9\x03\xAA\x91\x56\x29"
"\x0D\xD0\xFD\xC4\x65\xA5\x69\xB9"
"\xF1\xF6\xB1\xA5\xB2\x75\x4F\x8A"
"\x8D\x7D\x1B\x9B\xC7\x68\x72\xF8"
"\x01\x9B\x17\x0A\x29\xE7\x61\x28"
"\x7F\xA7\x50\xCA\x20\x2C\x96\x3B"
"\x6E\x5C\x5D\x3F\xB5\x7F\xF3\x2B"
"\x04\xEF\x9D\xD4\xCE\x41\x28\x8E"
"\x83\x54\xAE\x7C\x82\x46\x10\xC9"
"\xC4\x8A\x1E\x1F\x4C\xA9\xFC\xEC"
"\x3C\x8C\x30\xFC\x59\xD2\x54\xC4"
"\x6F\x50\xC6\xCA\x8C\x14\x5B\x9C"
"\x18\x56\x5B\xF8\x33\x0E\x4A\xDB"
"\xEC\xB5\x6E\x5B\x31\xC4\x0E\x98"
"\x9F\x32\xBA\xA2\x18\xCF\x55\x43"
"\xFE\x80\x8F\x60\xCF\x05\x30\x9B"
"\x70\x50\x1E\x9C\x08\x87\xE6\x20"
"\xD2\xF3\x27\xF8\x2A\x8D\x12\xB2"
"\xBC\x5F\xFE\x52\x52\xF6\x7F\xB6"
"\xB8\x30\x86\x3B\x0F\x94\x1E\x79"
"\x13\x94\x35\xA2\xB1\x35\x5B\x05"
"\x2A\x98\x6B\x96\x4C\xB1\x20\xBE"
"\xB6\x14\xC2\x06\xBF\xFD\x5F\x2A"
"\xF5\x33\xC8\x19\x45\x14\x44\x5D"
"\xFE\x94\x7B\xBB\x63\x13\x57\xC3"
"\x2A\x8F\x6C\x11\x2A\x07\xA7\x6A"
"\xBF\x20\xD3\x99\xC6\x00\x0B\xBF"
"\x83\x46\x25\x3A\xB0\xF6\xC5\xC8"
"\x00\xCA\xE5\x28\x4A\x7C\x95\x9C"
"\x7B\x43\xAB\xF9\xE4\xF8\x74\xAB"
"\xA7\xB8\x9C\x0F\x53\x7B\xB6\x74"
"\x60\x64\x0D\x1C\x80\xD1\x20\x9E"
"\xDC\x14\x27\x9B\xFC\xBD\x5C\x96"
"\xD2\x51\xDC\x96\xEE\xE5\xEA\x2B"
"\x02\x7C\xAA\x3C\xDC\x9D\x7B\x01"
"\x20\xC3\xE1\x0B\xDD\xAB\xF3\x1E"
"\x19\xA8\x84\x29\x5F\xCC\xC3\x5B"
"\xE4\x33\x59\xDC\x12\xEB\x2B\x4D"
"\x5B\x55\x23\xB7\x40\x31\xDE\xEE"
"\x18\xC9\x3C\x4D\xBC\xED\xE0\x42"
"\xAD\xDE\xA0\xA3\xC3\xFE\x44\xD3"
"\xE1\x9A\xDA\xAB\x32\xFC\x1A\xBF"
"\x63\xA9\xF0\x6A\x08\x46\xBD\x48"
"\x83\x06\xAB\x82\x99\x01\x16\x1A"
"\x03\x36\xC5\x59\x6B\xB8\x8C\x9F"
"\xC6\x51\x3D\xE5\x7F\xBF\xAB\xBC"
"\xC9\xA1\x88\x34\x5F\xA9\x7C\x3B"
"\x9F\x1B\x98\x2B\x4F\xFB\x9B\xF0"
"\xCD\xB6\x45\xB2\x29\x2E\x34\x23"
"\xA9\x97\xC0\x22\x8C\x42\x9B\x5F"
"\x40\xC8\xD7\x3D\x82\x9A\x6F\xAA"
"\x74\x83\x29\x05\xE8\xC4\x4D\x01"
"\xB5\xE5\x84\x3F\x7F\xD3\xE0\x99"
"\xDA\xE7\x6F\x30\xFD\xAA\x92\x30"
"\xA5\x46\x8B\xA2\xE6\x58\x62\x7C"
"\x2C\x35\x1B\x38\x85\x7D\xE8\xF3"
"\x87\x4F\xDA\xD8\x5F\xFC\xB6\x44"
"\xD0\xE3\x9B\x8B\xBF\xD6\xB8\xC4"
"\x73\xAE\x1D\x8B\x5B\x74\x8B\xCB"
"\xA4\xAD\xCF\x5D\xD4\x58\xC9\xCD"
"\xF7\x90\x68\xCF\xC9\x11\x52\x3E"
"\xE8\xA1\xA3\x78\x8B\xD0\xAC\x0A"
"\xD4\xC9\xA3\xA5\x55\x30\xC8\x3E"
"\xED\x28\x39\xE9\x63\xED\x41\x70"
"\x51\xE3\xC4\xA0\xFC\xD5\x43\xCB"
"\x4D\x65\xC8\xFD\x3A\x91\x8F\x60"
"\x8A\xA6\x6D\x9D\x3E\x01\x23\x4B"
"\x50\x47\xC9\xDC\x9B\xDE\x37\xC5"
"\xBF\x67\xB1\x6B\x78\x38\xD5\x7E"
"\xB6\xFF\x67\x83\x3B\x6E\xBE\x23"
"\x45\xFA\x1D\x69\x44\xFD\xC6\xB9"
"\xD0\x4A\x92\xD1\xBE\xF6\x4A\xB7"
"\xCA\xA8\xA2\x9E\x13\x87\x57\x92"
"\x64\x7C\x85\x0B\xB3\x29\x37\xD8"
"\xE6\xAA\xAF\xC4\x03\x67\xA3\xBF"
"\x2E\x45\x83\xB6\xD8\x54\x00\x89"
"\xF6\xBC\x3A\x7A\x88\x58\x51\xED"
"\xF4\x4E\x01\xA5\xC3\x2E\xD9\x42"
"\xBD\x6E\x0D\x0B\x21\xB0\x1A\xCC"
"\xA4\xD3\x3F\xDC\x9B\x81\xD8\xF1"
"\xEA\x7A\x6A\xB7\x07\xC9\x6D\x91"
"\x6D\x3A\xF5\x5F\xA6\xFF\x87\x1E"
"\x3F\xDD\xC0\x72\xEA\xAC\x08\x15"
"\x21\xE6\xC6\xB6\x0D\xD8\x51\x86"
"\x2A\x03\x73\xF7\x29\xD4\xC4\xE4"
"\x7F\x95\x10\xF7\xAB\x3F\x92\x23"
"\xD3\xCE\x9C\x2E\x46\x3B\x63\x43"
"\xBB\xC2\x82\x7A\x83\xD5\x55\xE2"
"\xE7\x9B\x2F\x92\xAF\xFD\x81\x56"
"\x79\xFD\x3E\xF9\x46\xE0\x25\xD4"
"\x38\xDE\xBC\x2C\xC4\x7A\x2A\x8F"
"\x94\x4F\xD0\xAD\x9B\x37\x18\xD4"
"\x0E\x4D\x0F\x02\x3A\xDC\x5A\xA2"
"\x39\x25\x55\x20\x5A\xA6\x02\x9F"
"\xE6\x77\x21\x77\xE5\x4B\x7B\x0B"
"\x30\xF8\x5F\x33\x0F\x49\xCD\xFF"
"\xF2\xE4\x35\xF9\xF0\x63\xC3\x7E"
"\xF1\xA6\x73\xB4\xDF\xE7\xBB\x78"
"\xFF\x21\xA9\xF3\xF3\xCF\x5D\xBA"
"\xED\x87\x98\xAC\xFE\x48\x97\x6D"
"\xA6\x7F\x69\x31\xB1\xC4\xFF\x14"
"\xC6\x76\xD4\x10\xDD\xF6\x49\x2C"
"\x9C\xC8\x6D\x76\xC0\x8F\x5F\x55"
"\x2F\x3C\x8A\x30\xAA\xC3\x16\x55"
"\xC6\xFC\x8D\x8B\xB9\xE5\x80\x6C"
"\xC8\x7E\xBD\x65\x58\x36\xD5\xBC"
"\xF0\x33\x52\x29\x70\xF9\x5C\xE9"
"\xAC\x1F\xB5\x73\x56\x66\x54\xAF"
"\x1B\x8F\x7D\xED\xAB\x03\xCE\xE3"
"\xAE\x47\xB6\x69\x86\xE9\x01\x31"
"\x83\x18\x3D\xF4\x74\x7B\xF9\x42"
"\x4C\xFD\x75\x4A\x6D\xF0\x03\xA6"
"\x2B\x20\x63\xDA\x49\x65\x5E\x8B"
"\xC0\x19\xE3\x8D\xD9\xF3\xB0\x34"
"\xD3\x52\xFC\x68\x00\x43\x1B\x37"
"\x31\x93\x51\x1C\x63\x97\x70\xB0"
"\x99\x78\x83\x13\xFD\xCF\x53\x81"
"\x36\x46\xB5\x42\x52\x2F\x32\xEB"
"\x4A\x3D\xF1\x8F\x1C\x54\x2E\xFC"
"\x41\x75\x5A\x8C\x8E\x6F\xE7\x1A"
"\xAE\xEF\x3E\x82\x12\x0B\x74\x72"
"\xF8\xB2\xAA\x7A\xD6\xFF\xFA\x55"
"\x33\x1A\xBB\xD3\xA2\x7E\x97\x66",
.len = 1008,
.also_non_np = 1,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.np = 3,
.tap = { 1008 - 20, 4, 16 },
},
};
static const struct cipher_testvec camellia_cbc_tv_template[] = {
{
.key = "\x06\xa9\x21\x40\x36\xb8\xa1\x5b"
"\x51\x2e\x03\xd5\x34\x12\x00\x06",
.klen = 16,
.iv = "\x3d\xaf\xba\x42\x9d\x9e\xb4\x30"
"\xb4\x22\xda\x80\x2c\x9f\xac\x41",
.ptext = "Single block msg",
.ctext = "\xea\x32\x12\x76\x3b\x50\x10\xe7"
"\x18\xf6\xfd\x5d\xf6\x8f\x13\x51",
.len = 16,
}, {
.key = "\xc2\x86\x69\x6d\x88\x7c\x9a\xa0"
"\x61\x1b\xbb\x3e\x20\x25\xa4\x5a",
.klen = 16,
.iv = "\x56\x2e\x17\x99\x6d\x09\x3d\x28"
"\xdd\xb3\xba\x69\x5a\x2e\x6f\x58",
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.ctext = "\xa5\xdf\x6e\x50\xda\x70\x6c\x01"
"\x4a\xab\xf3\xf2\xd6\xfc\x6c\xfd"
"\x19\xb4\x3e\x57\x1c\x02\x5e\xa0"
"\x15\x78\xe0\x5e\xf2\xcb\x87\x16",
.len = 32,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06"
"\x9D\x34\xCB\x3F\xD6\x6D\x04\x78"
"\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA"
"\x81\x18\x8C\x23\xBA\x2E\xC5\x5C"
"\xF3\x67\xFE\x95\x09\xA0\x37\xCE"
"\x42\xD9\x70\x07\x7B\x12\xA9\x1D"
"\xB4\x4B\xE2\x56\xED\x84\x1B\x8F"
"\x26\xBD\x31\xC8\x5F\xF6\x6A\x01"
"\x98\x0C\xA3\x3A\xD1\x45\xDC\x73"
"\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5"
"\x59\xF0\x87\x1E\x92\x29\xC0\x34"
"\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6"
"\x3D\xD4\x48\xDF\x76\x0D\x81\x18"
"\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A"
"\x21\x95\x2C\xC3\x37\xCE\x65\xFC"
"\x70\x07\x9E\x12\xA9\x40\xD7\x4B"
"\xE2\x79\x10\x84\x1B\xB2\x26\xBD"
"\x54\xEB\x5F\xF6\x8D\x01\x98\x2F"
"\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1"
"\x15\xAC\x43\xDA\x4E\xE5\x7C\x13"
"\x87\x1E\xB5\x29\xC0\x57\xEE\x62"
"\xF9\x90\x04\x9B\x32\xC9\x3D\xD4"
"\x6B\x02\x76\x0D\xA4\x18\xAF\x46"
"\xDD\x51\xE8\x7F\x16\x8A\x21\xB8"
"\x2C\xC3\x5A\xF1\x65\xFC\x93\x07"
"\x9E\x35\xCC\x40\xD7\x6E\x05\x79"
"\x10\xA7\x1B\xB2\x49\xE0\x54\xEB"
"\x82\x19\x8D\x24\xBB\x2F\xC6\x5D"
"\xF4\x68\xFF\x96\x0A\xA1\x38\xCF"
"\x43\xDA\x71\x08\x7C\x13\xAA\x1E"
"\xB5\x4C\xE3\x57\xEE\x85\x1C\x90"
"\x27\xBE\x32\xC9\x60\xF7\x6B\x02"
"\x99\x0D\xA4\x3B\xD2\x46\xDD\x74"
"\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6"
"\x5A\xF1\x88\x1F\x93\x2A\xC1\x35"
"\xCC\x63\xFA\x6E\x05\x9C\x10\xA7"
"\x3E\xD5\x49\xE0\x77\x0E\x82\x19"
"\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B"
"\x22\x96\x2D\xC4\x38\xCF\x66\xFD"
"\x71\x08\x9F\x13\xAA\x41\xD8\x4C"
"\xE3\x7A\x11\x85\x1C\xB3\x27\xBE"
"\x55\xEC\x60\xF7\x8E\x02\x99\x30"
"\xC7\x3B\xD2\x69\x00\x74\x0B\xA2"
"\x16\xAD\x44\xDB\x4F\xE6\x7D\x14"
"\x88\x1F\xB6\x2A\xC1\x58\xEF\x63"
"\xFA\x91\x05\x9C\x33\xCA\x3E\xD5"
"\x6C\x03\x77\x0E\xA5\x19\xB0\x47"
"\xDE\x52\xE9\x80\x17\x8B\x22\xB9"
"\x2D\xC4\x5B\xF2\x66\xFD\x94\x08"
"\x9F\x36\xCD\x41\xD8\x6F\x06\x7A"
"\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC"
"\x83\x1A\x8E\x25\xBC\x30\xC7\x5E"
"\xF5\x69\x00\x97\x0B\xA2\x39\xD0"
"\x44\xDB\x72\x09\x7D\x14\xAB\x1F"
"\xB6\x4D\xE4\x58\xEF\x86\x1D\x91"
"\x28\xBF\x33\xCA\x61\xF8\x6C\x03"
"\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75"
"\x0C\x80\x17\xAE\x22\xB9\x50\xE7"
"\x5B\xF2\x89\x20\x94\x2B\xC2\x36"
"\xCD\x64\xFB\x6F\x06\x9D\x11\xA8"
"\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A"
"\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C"
"\x00\x97\x2E\xC5\x39\xD0\x67\xFE"
"\x72\x09\xA0\x14\xAB\x42\xD9\x4D",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xCD\x3E\x2A\x3B\x3E\x94\xC5\x77"
"\xBA\xBB\x5B\xB1\xDE\x7B\xA4\x40"
"\x88\x39\xE3\xFD\x94\x4B\x25\x58"
"\xE1\x4B\xC4\x18\x7A\xFD\x17\x2B"
"\xB9\xF9\xC2\x27\x6A\xB6\x31\x27"
"\xA6\xAD\xEF\xE5\x5D\xE4\x02\x01"
"\x56\x2E\x10\xC2\x2C\xFF\xC6\x83"
"\xB5\xDC\x4F\x63\xAD\x0E\x63\x5E"
"\x56\xC8\x18\x3D\x79\x86\x97\xEF"
"\x57\x0E\x63\xA1\xC1\x41\x48\xB8"
"\x98\xB7\x51\x6D\x18\xF6\x19\x82"
"\x37\x49\x88\xA4\xEF\x91\x21\x47"
"\x03\x28\xEA\x42\xF4\xFB\x7A\x58"
"\x28\x90\x77\x46\xD8\xD2\x35\x16"
"\x44\xA9\x9E\x49\x52\x2A\xE4\x16"
"\x5D\xF7\x65\xEB\x0F\xC9\x29\xE6"
"\xCF\x76\x91\x89\x8A\x94\x39\xFA"
"\x6B\x5F\x63\x53\x74\x43\x91\xF5"
"\x3F\xBC\x88\x53\xB2\x1A\x02\x3F"
"\x9D\x32\x84\xEB\x56\x28\xD6\x06"
"\xD5\xB2\x20\xA9\xFC\xC3\x76\x62"
"\x32\xCC\x86\xC8\x36\x67\x5E\x7E"
"\xA4\xAA\x15\x63\x6B\xA9\x86\xAF"
"\x1A\x52\x82\x36\x5F\xF4\x3F\x7A"
"\x9B\x78\x62\x3B\x02\x28\x60\xB3"
"\xBA\x82\xB1\xDD\xC9\x60\x8F\x47"
"\xF1\x6B\xFE\xE5\x39\x34\xA0\x28"
"\xA4\xB3\xC9\x7E\xED\x28\x8D\x70"
"\xB2\x1D\xFD\xC6\x00\xCF\x1A\x94"
"\x28\xF8\xC1\x34\xB7\x58\xA5\x6C"
"\x1A\x9D\xE4\xE4\xF6\xB9\xB4\xB0"
"\x5D\x51\x54\x9A\x53\xA0\xF9\x32"
"\xBD\x31\x54\x14\x7B\x33\xEE\x17"
"\xD3\xC7\x1F\x48\xBF\x0B\x22\xA2"
"\x7D\x0C\xDF\xD0\x2E\x98\xFA\xD2"
"\xFA\xCF\x24\x1D\x99\x9B\xD0\x7E"
"\xF4\x4F\x88\xFF\x45\x99\x4A\xF4"
"\xF2\x0A\x5B\x3B\x21\xAB\x92\xAE"
"\x40\x78\x91\x95\xC4\x2F\xA3\xE8"
"\x18\xC7\x07\xA6\xC8\xC0\x66\x33"
"\x35\xC0\xB4\xA0\xF8\xEE\x1E\xF3"
"\x40\xF5\x40\x54\xF1\x84\x8C\xEA"
"\x27\x38\x1F\xF8\x77\xC7\xDF\xD8"
"\x1D\xE2\xD9\x59\x40\x4F\x59\xD4"
"\xF8\x17\x99\x8D\x58\x2D\x72\x44"
"\x9D\x1D\x91\x64\xD6\x3F\x0A\x82"
"\xC7\x57\x3D\xEF\xD3\x41\xFA\xA7"
"\x68\xA3\xB8\xA5\x93\x74\x2E\x85"
"\x4C\x9D\x69\x59\xCE\x15\xAE\xBF"
"\x9C\x8F\x14\x64\x5D\x7F\xCF\x0B"
"\xCE\x43\x5D\x28\xC0\x2F\xFB\x18"
"\x79\x9A\xFC\x43\x16\x7C\x6B\x7B"
"\x38\xB8\x48\x36\x66\x4E\x20\x43"
"\xBA\x76\x13\x9A\xC3\xF2\xEB\x52"
"\xD7\xDC\xB2\x67\x63\x14\x25\xCD"
"\xB1\x13\x4B\xDE\x8C\x59\x21\x84"
"\x81\x8D\x97\x23\x45\x33\x7C\xF3"
"\xC5\xBC\x79\x95\xAA\x84\x68\x31"
"\x2D\x1A\x68\xFE\xEC\x92\x94\xDA"
"\x94\x2A\x6F\xD6\xFE\xE5\x76\x97"
"\xF4\x6E\xEE\xCB\x2B\x95\x4E\x36"
"\x5F\x74\x8C\x86\x5B\x71\xD0\x20"
"\x78\x1A\x7F\x18\x8C\xD9\xCD\xF5"
"\x21\x41\x56\x72\x13\xE1\x86\x07"
"\x07\x26\xF3\x4F\x7B\xEA\xB5\x18"
"\xFE\x94\x2D\x9F\xE0\x72\x18\x65"
"\xB2\xA5\x63\x48\xB4\x13\x22\xF7"
"\x25\xF1\x80\xA8\x7F\x54\x86\x7B"
"\x39\xAE\x95\x0C\x09\x32\x22\x2D"
"\x4D\x73\x39\x0C\x09\x2C\x7C\x10"
"\xD0\x4B\x53\xF6\x90\xC5\x99\x2F"
"\x15\xE1\x7F\xC6\xC5\x7A\x52\x14"
"\x65\xEE\x93\x54\xD0\x66\x15\x3C"
"\x4C\x68\xFD\x64\x0F\xF9\x10\x39"
"\x46\x7A\xDD\x97\x20\xEE\xC7\xD2"
"\x98\x4A\xB6\xE6\xF5\xA8\x1F\x4F"
"\xDB\xAB\x6D\xD5\x9B\x34\x16\x97"
"\x2F\x64\xE5\x37\xEF\x0E\xA1\xE9"
"\xBE\x31\x31\x96\x8B\x40\x18\x75"
"\x11\x75\x14\x32\xA5\x2D\x1B\x6B"
"\xDB\x59\xEB\xFA\x3D\x8E\x7C\xC4"
"\xDE\x68\xC8\x9F\xC9\x99\xE3\xC6"
"\x71\xB0\x12\x57\x89\x0D\xC0\x2B"
"\x9F\x12\x6A\x04\x67\xF1\x95\x31"
"\x59\xFD\x84\x95\x2C\x9C\x5B\xEC"
"\x09\xB0\x43\x96\x4A\x64\x80\x40"
"\xB9\x72\x19\xDD\x70\x42\xFA\xB1"
"\x4A\x2C\x0C\x0A\x60\x6E\xE3\x7C"
"\x37\x5A\xBE\xA4\x62\xCF\x29\xAB"
"\x7F\x4D\xA6\xB3\xE2\xB6\x64\xC6"
"\x33\x0B\xF3\xD5\x01\x38\x74\xA4"
"\x67\x1E\x75\x68\xC3\xAD\x76\xE9"
"\xE9\xBC\xF0\xEB\xD8\xFD\x31\x8A"
"\x5F\xC9\x18\x94\x4B\x86\x66\xFC"
"\xBD\x0B\x3D\xB3\x9F\xFA\x1F\xD9"
"\x78\xC4\xE3\x24\x1C\x67\xA2\xF8"
"\x43\xBC\x76\x75\xBF\x6C\x05\xB3"
"\x32\xE8\x7C\x80\xDB\xC7\xB6\x61"
"\x1A\x3E\x2B\xA7\x25\xED\x8F\xA0"
"\x00\x4B\xF8\x90\xCA\xD8\xFB\x12"
"\xAC\x1F\x18\xE9\xD2\x5E\xA2\x8E"
"\xE4\x84\x6B\x9D\xEB\x1E\x6B\xA3"
"\x7B\xDC\xCE\x15\x97\x27\xB2\x65"
"\xBC\x0E\x47\xAB\x55\x13\x53\xAB"
"\x0E\x34\x55\x02\x5F\x27\xC5\x89"
"\xDF\xC5\x70\xC4\xDD\x76\x82\xEE"
"\x68\xA6\x09\xB0\xE5\x5E\xF1\x0C"
"\xE3\xF3\x09\x9B\xFE\x65\x4B\xB8"
"\x30\xEC\xD5\x7C\x6A\xEC\x1D\xD2"
"\x93\xB7\xA1\x1A\x02\xD4\xC0\xD6"
"\x8D\x4D\x83\x9A\xED\x29\x4E\x14"
"\x86\xD5\x3C\x1A\xD5\xB9\x0A\x6A"
"\x72\x22\xD5\x92\x38\xF1\xA1\x86"
"\xB2\x41\x51\xCA\x4E\xAB\x8F\xD3"
"\x80\x56\xC3\xD7\x65\xE1\xB3\x86"
"\xCB\xCE\x98\xA1\xD4\x59\x1C\x06"
"\x01\xED\xF8\x29\x91\x19\x5C\x9A"
"\xEE\x28\x1B\x48\xD7\x32\xEF\x9F"
"\x6C\x2B\x66\x4E\x78\xD5\x8B\x72"
"\x80\xE7\x29\xDC\x23\x55\x98\x54"
"\xB1\xFF\x3E\x95\x56\xA8\x78\x78"
"\xEF\xC4\xA5\x11\x2D\x2B\xD8\x93"
"\x30\x6E\x7E\x51\xBB\x42\x5F\x03"
"\x43\x94\x23\x7E\xEE\xF0\xA5\x79"
"\x55\x01\xD4\x58\xB2\xF2\x85\x49"
"\x70\xC5\xB9\x0B\x3B\x7A\x6E\x6C",
.len = 1008,
.also_non_np = 1,
.np = 3,
.tap = { 1008 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec camellia_ctr_tv_template[] = {
{ /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7",
.ctext = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11"
"\xB7\x74\x6F\x5C\x97\xFB\x36\xFE"
"\xDE\x71\x58\xD4\x15\xD1\xC1\xA4"
"\xC9\x28\x74\xA6\x6B\xC7\x95\xA6"
"\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85"
"\x60\xFC\xE8\x94\xE8\xB5\x09\x2C"
"\x1E\x43\xEF\x6C\xE9\x98\xC5\xA0"
"\x7B\x13\xE5\x7F\xF8\x49\x9A\x8C"
"\xE6\x7B\x08\xC3\x32\x66\x55\x4E"
"\xA5\x44\x1D\x2C\x18\xC7\x29\x1F"
"\x61\x28\x4A\xE3\xCD\xE5\x47\xB2"
"\x82\x2F\x66\x83\x91\x51\xAE\xD7"
"\x1C\x91\x3C\x57\xE3\x1D\x5A\xC9"
"\xFD\xC5\x58\x58\xEF\xCC\x33\xC9"
"\x0F\xEA\x26\x32\xD1\x15\x19\x2D"
"\x25\xB4\x7F\xB0\xDF\xFB\x88\x60"
"\x4E\x4D\x06\x7D\xCC\x1F\xED\x3B"
"\x68\x84\xD5\xB3\x1B\xE7\xB9\xA1"
"\x68\x8B\x2C\x1A\x44\xDA\x63\xD3"
"\x29\xE9\x59\x32\x1F\x30\x1C\x43"
"\xEA\x3A\xA3\x6B\x54\x3C\xAA\x11"
"\xAD\x38\x20\xC9\xB9\x8A\x64\x66"
"\x5A\x07\x49\xDF\xA1\x9C\xF9\x76"
"\x36\x65\xB6\x81\x8F\x76\x09\xE5"
"\xEB\xD1\x29\xA4\xE4\xF4\x4C\xCD"
"\xAF\xFC\xB9\x16\xD9\xC3\x73\x6A"
"\x33\x12\xF8\x7E\xBC\xCC\x7D\x80"
"\xBF\x3C\x25\x06\x13\x84\xFA\x35"
"\xF7\x40\xFA\xA1\x44\x13\x70\xD8"
"\x01\xF9\x85\x15\x63\xEC\x7D\xB9"
"\x02\xD8\xBA\x41\x6C\x92\x68\x66"
"\x95\xDD\xD6\x42\xE7\xBB\xE1\xFD"
"\x28\x3E\x94\xB6\xBD\xA7\xBF\x47"
"\x58\x8D\xFF\x19\x30\x75\x0D\x48"
"\x94\xE9\xA6\xCD\xB3\x8E\x1E\xCD"
"\x59\xBC\x1A\xAC\x3C\x4F\xA9\xEB"
"\xF4\xA7\xE4\x75\x4A\x18\x40\xC9"
"\x1E\xEC\x06\x9C\x28\x4B\xF7\x2B"
"\xE2\xEF\xD6\x42\x2E\xBB\xFC\x0A"
"\x79\xA2\x99\x28\x93\x1B\x00\x57"
"\x35\x1E\x1A\x93\x90\xA4\x68\x95"
"\x5E\x57\x40\xD5\xA9\xAA\x19\x48"
"\xEC\xFF\x76\x77\xDC\x78\x89\x76"
"\xE5\x3B\x00\xEC\x58\x4D\xD1\xE3"
"\xC8\x6C\x2C\x45\x5E\x5F\xD9\x4E"
"\x71\xA5\x36\x6D\x03\xF1\xC7\xD5"
"\xF3\x63\xC0\xD8\xCB\x2B\xF1\xA8"
"\xB9\x2B\xE6\x0B\xB9\x65\x78\xA0"
"\xC4\x46\xE6\x9B\x8B\x43\x2D\xAB"
"\x70\xA6\xE0\x59\x1E\xAC\x9D\xE0"
"\x76\x44\x45\xF3\x24\x11\x57\x98"
"\x9A\x86\xB4\x12\x80\x28\x86\x20"
"\x23\x9D\x2D\xE9\x38\x32\xB1\xE1"
"\xCF\x0A\x23\x73\x7D\xC5\x80\x3D"
"\x9F\x6D\xA0\xD0\xEE\x93\x8A\x79"
"\x3A\xDD\x1D\xBB\x9E\x26\x5D\x01"
"\x44\xD0\xD4\x4E\xC3\xF1\xE4\x38"
"\x09\x62\x0A\x1A\x4E\xD2\x63\x0F"
"\x6E\x3E\xD2\xA4\x3A\xF4\xF3\xFF"
"\x7E\x42\xEC\xB6\x6F\x4D\x6B\x48"
"\xE6\xA6\x50\x80\x78\x9E\xF1\xB0"
"\x4D\xB2\x0D\x3D\xFC\x40\x25\x4D",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 496,
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xE2\x24\x89\xEE\x53\xB8\x1D\x5F"
"\xC4\x29\x8E\xF3\x35\x9A\xFF\x64",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06"
"\x9D\x34\xCB\x3F\xD6\x6D\x04\x78"
"\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA"
"\x81\x18\x8C\x23\xBA\x2E\xC5\x5C"
"\xF3\x67\xFE\x95\x09\xA0\x37\xCE"
"\x42\xD9\x70\x07\x7B\x12\xA9\x1D"
"\xB4\x4B\xE2\x56\xED\x84\x1B\x8F"
"\x26\xBD\x31\xC8\x5F\xF6\x6A\x01"
"\x98\x0C\xA3\x3A\xD1\x45\xDC\x73"
"\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5"
"\x59\xF0\x87\x1E\x92\x29\xC0\x34"
"\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6"
"\x3D\xD4\x48\xDF\x76\x0D\x81\x18"
"\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A"
"\x21\x95\x2C\xC3\x37\xCE\x65\xFC"
"\x70\x07\x9E\x12\xA9\x40\xD7\x4B"
"\xE2\x79\x10\x84\x1B\xB2\x26\xBD"
"\x54\xEB\x5F\xF6\x8D\x01\x98\x2F"
"\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1"
"\x15\xAC\x43\xDA\x4E\xE5\x7C\x13"
"\x87\x1E\xB5\x29\xC0\x57\xEE\x62"
"\xF9\x90\x04\x9B\x32\xC9\x3D\xD4"
"\x6B\x02\x76\x0D\xA4\x18\xAF\x46"
"\xDD\x51\xE8\x7F\x16\x8A\x21\xB8"
"\x2C\xC3\x5A\xF1\x65\xFC\x93\x07"
"\x9E\x35\xCC\x40\xD7\x6E\x05\x79"
"\x10\xA7\x1B\xB2\x49\xE0\x54\xEB"
"\x82\x19\x8D\x24\xBB\x2F\xC6\x5D"
"\xF4\x68\xFF\x96\x0A\xA1\x38\xCF"
"\x43\xDA\x71\x08\x7C\x13\xAA\x1E"
"\xB5\x4C\xE3\x57\xEE\x85\x1C\x90"
"\x27\xBE\x32\xC9\x60\xF7\x6B\x02"
"\x99\x0D\xA4\x3B\xD2\x46\xDD\x74"
"\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6"
"\x5A\xF1\x88\x1F\x93\x2A\xC1\x35"
"\xCC\x63\xFA\x6E\x05\x9C\x10\xA7"
"\x3E\xD5\x49\xE0\x77\x0E\x82\x19"
"\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B"
"\x22\x96\x2D\xC4\x38\xCF\x66\xFD"
"\x71\x08\x9F\x13\xAA\x41\xD8\x4C"
"\xE3\x7A\x11\x85\x1C\xB3\x27\xBE"
"\x55\xEC\x60\xF7\x8E\x02\x99\x30"
"\xC7\x3B\xD2\x69\x00\x74\x0B\xA2"
"\x16\xAD\x44\xDB\x4F\xE6\x7D\x14"
"\x88\x1F\xB6\x2A\xC1\x58\xEF\x63"
"\xFA\x91\x05\x9C\x33\xCA\x3E\xD5"
"\x6C\x03\x77\x0E\xA5\x19\xB0\x47"
"\xDE\x52\xE9\x80\x17\x8B\x22\xB9"
"\x2D\xC4\x5B\xF2\x66\xFD\x94\x08"
"\x9F\x36\xCD\x41\xD8\x6F\x06\x7A"
"\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC"
"\x83\x1A\x8E\x25\xBC\x30\xC7\x5E"
"\xF5\x69\x00\x97\x0B\xA2\x39\xD0"
"\x44\xDB\x72\x09\x7D\x14\xAB\x1F"
"\xB6\x4D\xE4\x58\xEF\x86\x1D\x91"
"\x28\xBF\x33\xCA\x61\xF8\x6C\x03"
"\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75"
"\x0C\x80\x17\xAE\x22\xB9\x50\xE7"
"\x5B\xF2\x89\x20\x94\x2B\xC2\x36"
"\xCD\x64\xFB\x6F\x06\x9D\x11\xA8"
"\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A"
"\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C"
"\x00\x97\x2E\xC5\x39\xD0\x67\xFE"
"\x72\x09\xA0\x14\xAB\x42\xD9\x4D"
"\xE4\x7B\x12",
.ctext = "\xF3\x06\x3A\x84\xCD\xBA\x8E\x11"
"\xB7\x74\x6F\x5C\x97\xFB\x36\xFE"
"\xDE\x71\x58\xD4\x15\xD1\xC1\xA4"
"\xC9\x28\x74\xA6\x6B\xC7\x95\xA6"
"\x6C\x77\xF7\x2F\xDF\xC7\xBB\x85"
"\x60\xFC\xE8\x94\xE8\xB5\x09\x2C"
"\x1E\x43\xEF\x6C\xE9\x98\xC5\xA0"
"\x7B\x13\xE5\x7F\xF8\x49\x9A\x8C"
"\xE6\x7B\x08\xC3\x32\x66\x55\x4E"
"\xA5\x44\x1D\x2C\x18\xC7\x29\x1F"
"\x61\x28\x4A\xE3\xCD\xE5\x47\xB2"
"\x82\x2F\x66\x83\x91\x51\xAE\xD7"
"\x1C\x91\x3C\x57\xE3\x1D\x5A\xC9"
"\xFD\xC5\x58\x58\xEF\xCC\x33\xC9"
"\x0F\xEA\x26\x32\xD1\x15\x19\x2D"
"\x25\xB4\x7F\xB0\xDF\xFB\x88\x60"
"\x4E\x4D\x06\x7D\xCC\x1F\xED\x3B"
"\x68\x84\xD5\xB3\x1B\xE7\xB9\xA1"
"\x68\x8B\x2C\x1A\x44\xDA\x63\xD3"
"\x29\xE9\x59\x32\x1F\x30\x1C\x43"
"\xEA\x3A\xA3\x6B\x54\x3C\xAA\x11"
"\xAD\x38\x20\xC9\xB9\x8A\x64\x66"
"\x5A\x07\x49\xDF\xA1\x9C\xF9\x76"
"\x36\x65\xB6\x81\x8F\x76\x09\xE5"
"\xEB\xD1\x29\xA4\xE4\xF4\x4C\xCD"
"\xAF\xFC\xB9\x16\xD9\xC3\x73\x6A"
"\x33\x12\xF8\x7E\xBC\xCC\x7D\x80"
"\xBF\x3C\x25\x06\x13\x84\xFA\x35"
"\xF7\x40\xFA\xA1\x44\x13\x70\xD8"
"\x01\xF9\x85\x15\x63\xEC\x7D\xB9"
"\x02\xD8\xBA\x41\x6C\x92\x68\x66"
"\x95\xDD\xD6\x42\xE7\xBB\xE1\xFD"
"\x28\x3E\x94\xB6\xBD\xA7\xBF\x47"
"\x58\x8D\xFF\x19\x30\x75\x0D\x48"
"\x94\xE9\xA6\xCD\xB3\x8E\x1E\xCD"
"\x59\xBC\x1A\xAC\x3C\x4F\xA9\xEB"
"\xF4\xA7\xE4\x75\x4A\x18\x40\xC9"
"\x1E\xEC\x06\x9C\x28\x4B\xF7\x2B"
"\xE2\xEF\xD6\x42\x2E\xBB\xFC\x0A"
"\x79\xA2\x99\x28\x93\x1B\x00\x57"
"\x35\x1E\x1A\x93\x90\xA4\x68\x95"
"\x5E\x57\x40\xD5\xA9\xAA\x19\x48"
"\xEC\xFF\x76\x77\xDC\x78\x89\x76"
"\xE5\x3B\x00\xEC\x58\x4D\xD1\xE3"
"\xC8\x6C\x2C\x45\x5E\x5F\xD9\x4E"
"\x71\xA5\x36\x6D\x03\xF1\xC7\xD5"
"\xF3\x63\xC0\xD8\xCB\x2B\xF1\xA8"
"\xB9\x2B\xE6\x0B\xB9\x65\x78\xA0"
"\xC4\x46\xE6\x9B\x8B\x43\x2D\xAB"
"\x70\xA6\xE0\x59\x1E\xAC\x9D\xE0"
"\x76\x44\x45\xF3\x24\x11\x57\x98"
"\x9A\x86\xB4\x12\x80\x28\x86\x20"
"\x23\x9D\x2D\xE9\x38\x32\xB1\xE1"
"\xCF\x0A\x23\x73\x7D\xC5\x80\x3D"
"\x9F\x6D\xA0\xD0\xEE\x93\x8A\x79"
"\x3A\xDD\x1D\xBB\x9E\x26\x5D\x01"
"\x44\xD0\xD4\x4E\xC3\xF1\xE4\x38"
"\x09\x62\x0A\x1A\x4E\xD2\x63\x0F"
"\x6E\x3E\xD2\xA4\x3A\xF4\xF3\xFF"
"\x7E\x42\xEC\xB6\x6F\x4D\x6B\x48"
"\xE6\xA6\x50\x80\x78\x9E\xF1\xB0"
"\x4D\xB2\x0D\x3D\xFC\x40\x25\x4D"
"\x93\x11\x1C\xE9\xD2\x9F\x6E\x90"
"\xE5\x41\x4A\xE2\x3C\x45\x29\x35"
"\xEC\xD6\x47\x50\xCB\x7B\xA2\x32"
"\xF7\x8B\x62\xF1\xE3\x9A\xFE\xC7"
"\x1D\x8C\x02\x72\x68\x09\xE9\xB6"
"\x4A\x80\xE6\xB1\x56\xDF\x90\xD4"
"\x93\x74\xA4\xCE\x20\x23\xBF\x48"
"\xA5\xDE\x1B\xFA\x40\x69\x31\x98"
"\x62\x6E\xA5\xC7\xBF\x0C\x62\xE5"
"\x6D\xE1\x93\xF1\x83\x10\x1C\xCA"
"\xF6\x5C\x19\xF8\x90\x78\xCB\xE4"
"\x0B\x3A\xB5\xF8\x43\x86\xD3\x3F"
"\xBA\x83\x34\x3C\x42\xCC\x7D\x28"
"\x29\x63\x4F\xD8\x02\x17\xC5\x07"
"\x2C\xA4\xAC\x79\xCB\xC3\xA9\x09"
"\x81\x45\x18\xED\xE4\xCB\x42\x3B"
"\x87\x2D\x23\xDC\xC5\xBA\x45\xBD"
"\x92\xE5\x02\x97\x96\xCE\xAD\xEC"
"\xBA\xD8\x76\xF8\xCA\xC1\x31\xEC"
"\x1E\x4F\x3F\x83\xF8\x33\xE8\x6E"
"\xCC\xF8\x5F\xDD\x65\x50\x99\x69"
"\xAF\x48\xCE\xA5\xBA\xB6\x14\x9F"
"\x05\x93\xB2\xE6\x59\xC8\x28\xFE"
"\x8F\x37\xF9\x64\xB9\xA5\x56\x8F"
"\xF1\x1B\x90\xEF\xAE\xEB\xFC\x09"
"\x11\x7A\xF2\x19\x0A\x0A\x9A\x3C"
"\xE2\x5E\x29\xFA\x31\x9B\xC1\x74"
"\x1E\x10\x3E\x07\xA9\x31\x6D\xF8"
"\x81\xF5\xD5\x8A\x04\x23\x51\xAC"
"\xA2\xE2\x63\xFD\x27\x1F\x79\x5B"
"\x1F\xE8\xDA\x11\x49\x4D\x1C\xBA"
"\x54\xCC\x0F\xBA\x92\x69\xE5\xCB"
"\x41\x1A\x67\xA6\x40\x82\x70\x8C"
"\x19\x79\x08\xA4\x51\x20\x7D\xC9"
"\x12\x27\xAE\x20\x0D\x2C\xA1\x6D"
"\xF4\x55\xD4\xE7\xE6\xD4\x28\x08"
"\x00\x70\x12\x56\x56\x50\xAD\x14"
"\x5C\x3E\xA2\xD1\x36\x3F\x36\x48"
"\xED\xB1\x57\x3E\x5D\x15\xF6\x1E"
"\x53\xE9\xA4\x3E\xED\x7D\xCF\x7D"
"\x29\xAF\xF3\x1E\x51\xA8\x9F\x85"
"\x8B\xF0\xBB\xCE\xCC\x39\xC3\x64"
"\x4B\xF2\xAD\x70\x19\xD4\x44\x8F"
"\x91\x76\xE8\x15\x66\x34\x9F\xF6"
"\x0F\x15\xA4\xA8\x24\xF8\x58\xB1"
"\x38\x46\x47\xC7\x9B\xCA\xE9\x42"
"\x44\xAA\xE6\xB5\x9C\x91\xA4\xD3"
"\x16\xA0\xED\x42\xBE\xB5\x06\x19"
"\xBE\x67\xE8\xBC\x22\x32\xA4\x1E"
"\x93\xEB\xBE\xE9\xE1\x93\xE5\x31"
"\x3A\xA2\x75\xDF\xE3\x6B\xE7\xCC"
"\xB4\x70\x20\xE0\x6D\x82\x7C\xC8"
"\x94\x5C\x5E\x37\x18\xAD\xED\x8B"
"\x44\x86\xCA\x5E\x07\xB7\x70\x8D"
"\x40\x48\x19\x73\x7C\x78\x64\x0B"
"\xDB\x01\xCA\xAE\x63\x19\xE9\xD1"
"\x6B\x2C\x84\x10\x45\x42\x2E\xC3"
"\xDF\x7F\xAA\xE8\x87\x1B\x63\x46"
"\x74\x28\x9D\x05\x30\x20\x62\x41"
"\xC0\x9F\x2C\x36\x2B\x78\xD7\x26"
"\xDF\x58\x51\xED\xFA\xDC\x87\x79"
"\xBF\x8C\xBF\xC4\x0F\xE5\x05\xDA"
"\x45\xE3\x35\x0D\x69\x91\x54\x1C"
"\xE7\x2C\x49\x08\x8B\x72\xFA\x5C"
"\xF1\x6B\xD9",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 1011,
.also_non_np = 1,
.np = 2,
.tap = { 1011 - 16, 16 },
}, { /* Generated with Crypto++ */
.key = "\x85\x62\x3F\x1C\xF9\xD6\x1C\xF9"
"\xD6\xB3\x90\x6D\x4A\x90\x6D\x4A"
"\x27\x04\xE1\x27\x04\xE1\xBE\x9B"
"\x78\xBE\x9B\x78\x55\x32\x0F\x55",
.klen = 32,
.iv = "\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFF"
"\xFF\xFF\xFF\xFF\xFF\xFF\xFF\xFD",
.ptext = "\x56\xED\x84\x1B\x8F\x26\xBD\x31"
"\xC8\x5F\xF6\x6A\x01\x98\x0C\xA3"
"\x3A\xD1\x45\xDC\x73\x0A\x7E\x15"
"\xAC\x20\xB7\x4E\xE5\x59\xF0\x87"
"\x1E\x92\x29\xC0\x34\xCB\x62\xF9"
"\x6D\x04\x9B\x0F\xA6\x3D\xD4\x48"
"\xDF\x76\x0D\x81\x18\xAF\x23\xBA"
"\x51\xE8\x5C\xF3\x8A\x21\x95\x2C"
"\xC3\x37\xCE\x65\xFC\x70\x07\x9E"
"\x12\xA9\x40\xD7\x4B\xE2\x79\x10"
"\x84\x1B\xB2\x26\xBD\x54\xEB\x5F"
"\xF6\x8D\x01\x98\x2F\xC6\x3A\xD1"
"\x68\xFF\x73\x0A\xA1\x15\xAC\x43"
"\xDA\x4E\xE5\x7C\x13\x87\x1E\xB5"
"\x29\xC0\x57\xEE\x62\xF9\x90\x04"
"\x9B\x32\xC9\x3D\xD4\x6B\x02\x76"
"\x0D\xA4\x18\xAF\x46\xDD\x51\xE8"
"\x7F\x16\x8A\x21\xB8\x2C\xC3\x5A"
"\xF1\x65\xFC\x93\x07\x9E\x35\xCC"
"\x40\xD7\x6E\x05\x79\x10\xA7\x1B"
"\xB2\x49\xE0\x54\xEB\x82\x19\x8D"
"\x24\xBB\x2F\xC6\x5D\xF4\x68\xFF"
"\x96\x0A\xA1\x38\xCF\x43\xDA\x71"
"\x08\x7C\x13\xAA\x1E\xB5\x4C\xE3"
"\x57\xEE\x85\x1C\x90\x27\xBE\x32"
"\xC9\x60\xF7\x6B\x02\x99\x0D\xA4"
"\x3B\xD2\x46\xDD\x74\x0B\x7F\x16"
"\xAD\x21\xB8\x4F\xE6\x5A\xF1\x88"
"\x1F\x93\x2A\xC1\x35\xCC\x63\xFA"
"\x6E\x05\x9C\x10\xA7\x3E\xD5\x49"
"\xE0\x77\x0E\x82\x19\xB0\x24\xBB"
"\x52\xE9\x5D\xF4\x8B\x22\x96\x2D"
"\xC4\x38\xCF\x66\xFD\x71\x08\x9F"
"\x13\xAA\x41\xD8\x4C\xE3\x7A\x11"
"\x85\x1C\xB3\x27\xBE\x55\xEC\x60"
"\xF7\x8E\x02\x99\x30\xC7\x3B\xD2"
"\x69\x00\x74\x0B\xA2\x16\xAD\x44"
"\xDB\x4F\xE6\x7D\x14\x88\x1F\xB6"
"\x2A\xC1\x58\xEF\x63\xFA\x91\x05"
"\x9C\x33\xCA\x3E\xD5\x6C\x03\x77"
"\x0E\xA5\x19\xB0\x47\xDE\x52\xE9"
"\x80\x17\x8B\x22\xB9\x2D\xC4\x5B"
"\xF2\x66\xFD\x94\x08\x9F\x36\xCD"
"\x41\xD8\x6F\x06\x7A\x11\xA8\x1C"
"\xB3\x4A\xE1\x55\xEC\x83\x1A\x8E"
"\x25\xBC\x30\xC7\x5E\xF5\x69\x00"
"\x97\x0B\xA2\x39\xD0\x44\xDB\x72"
"\x09\x7D\x14\xAB\x1F\xB6\x4D\xE4"
"\x58\xEF\x86\x1D\x91\x28\xBF\x33"
"\xCA\x61\xF8\x6C\x03\x9A\x0E\xA5"
"\x3C\xD3\x47\xDE\x75\x0C\x80\x17"
"\xAE\x22\xB9\x50\xE7\x5B\xF2\x89"
"\x20\x94\x2B\xC2\x36\xCD\x64\xFB"
"\x6F\x06\x9D\x11\xA8\x3F\xD6\x4A"
"\xE1\x78\x0F\x83\x1A\xB1\x25\xBC"
"\x53\xEA\x5E\xF5\x8C\x00\x97\x2E"
"\xC5\x39\xD0\x67\xFE\x72\x09\xA0"
"\x14\xAB\x42\xD9\x4D\xE4\x7B\x12"
"\x86\x1D\xB4\x28\xBF\x56\xED\x61"
"\xF8\x8F\x03\x9A\x31\xC8\x3C\xD3"
"\x6A\x01\x75\x0C\xA3\x17\xAE\x45"
"\xDC\x50\xE7\x7E\x15\x89\x20\xB7"
"\x2B\xC2\x59\xF0\x64\xFB\x92\x06"
"\x9D\x34\xCB\x3F\xD6\x6D\x04\x78"
"\x0F\xA6\x1A\xB1\x48\xDF\x53\xEA"
"\x81\x18\x8C\x23\xBA\x2E\xC5\x5C"
"\xF3\x67\xFE\x95\x09\xA0\x37\xCE"
"\x42\xD9\x70\x07\x7B\x12\xA9\x1D"
"\xB4\x4B\xE2\x56\xED\x84\x1B\x8F"
"\x26\xBD\x31\xC8\x5F\xF6\x6A\x01"
"\x98\x0C\xA3\x3A\xD1\x45\xDC\x73"
"\x0A\x7E\x15\xAC\x20\xB7\x4E\xE5"
"\x59\xF0\x87\x1E\x92\x29\xC0\x34"
"\xCB\x62\xF9\x6D\x04\x9B\x0F\xA6"
"\x3D\xD4\x48\xDF\x76\x0D\x81\x18"
"\xAF\x23\xBA\x51\xE8\x5C\xF3\x8A"
"\x21\x95\x2C\xC3\x37\xCE\x65\xFC"
"\x70\x07\x9E\x12\xA9\x40\xD7\x4B"
"\xE2\x79\x10\x84\x1B\xB2\x26\xBD"
"\x54\xEB\x5F\xF6\x8D\x01\x98\x2F"
"\xC6\x3A\xD1\x68\xFF\x73\x0A\xA1"
"\x15\xAC\x43\xDA\x4E\xE5\x7C\x13"
"\x87\x1E\xB5\x29\xC0\x57\xEE\x62"
"\xF9\x90\x04\x9B\x32\xC9\x3D\xD4"
"\x6B\x02\x76\x0D\xA4\x18\xAF\x46"
"\xDD\x51\xE8\x7F\x16\x8A\x21\xB8"
"\x2C\xC3\x5A\xF1\x65\xFC\x93\x07"
"\x9E\x35\xCC\x40\xD7\x6E\x05\x79"
"\x10\xA7\x1B\xB2\x49\xE0\x54\xEB"
"\x82\x19\x8D\x24\xBB\x2F\xC6\x5D"
"\xF4\x68\xFF\x96\x0A\xA1\x38\xCF"
"\x43\xDA\x71\x08\x7C\x13\xAA\x1E"
"\xB5\x4C\xE3\x57\xEE\x85\x1C\x90"
"\x27\xBE\x32\xC9\x60\xF7\x6B\x02"
"\x99\x0D\xA4\x3B\xD2\x46\xDD\x74"
"\x0B\x7F\x16\xAD\x21\xB8\x4F\xE6"
"\x5A\xF1\x88\x1F\x93\x2A\xC1\x35"
"\xCC\x63\xFA\x6E\x05\x9C\x10\xA7"
"\x3E\xD5\x49\xE0\x77\x0E\x82\x19"
"\xB0\x24\xBB\x52\xE9\x5D\xF4\x8B"
"\x22\x96\x2D\xC4\x38\xCF\x66\xFD"
"\x71\x08\x9F\x13\xAA\x41\xD8\x4C"
"\xE3\x7A\x11\x85\x1C\xB3\x27\xBE"
"\x55\xEC\x60\xF7\x8E\x02\x99\x30"
"\xC7\x3B\xD2\x69\x00\x74\x0B\xA2"
"\x16\xAD\x44\xDB\x4F\xE6\x7D\x14"
"\x88\x1F\xB6\x2A\xC1\x58\xEF\x63"
"\xFA\x91\x05\x9C\x33\xCA\x3E\xD5"
"\x6C\x03\x77\x0E\xA5\x19\xB0\x47"
"\xDE\x52\xE9\x80\x17\x8B\x22\xB9"
"\x2D\xC4\x5B\xF2\x66\xFD\x94\x08"
"\x9F\x36\xCD\x41\xD8\x6F\x06\x7A"
"\x11\xA8\x1C\xB3\x4A\xE1\x55\xEC"
"\x83\x1A\x8E\x25\xBC\x30\xC7\x5E"
"\xF5\x69\x00\x97\x0B\xA2\x39\xD0"
"\x44\xDB\x72\x09\x7D\x14\xAB\x1F"
"\xB6\x4D\xE4\x58\xEF\x86\x1D\x91"
"\x28\xBF\x33\xCA\x61\xF8\x6C\x03"
"\x9A\x0E\xA5\x3C\xD3\x47\xDE\x75"
"\x0C\x80\x17\xAE\x22\xB9\x50\xE7"
"\x5B\xF2\x89\x20\x94\x2B\xC2\x36"
"\xCD\x64\xFB\x6F\x06\x9D\x11\xA8"
"\x3F\xD6\x4A\xE1\x78\x0F\x83\x1A"
"\xB1\x25\xBC\x53\xEA\x5E\xF5\x8C"
"\x00\x97\x2E\xC5\x39\xD0\x67\xFE"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\x72\x09\xA0\x14\xAB\x42\xD9\x4D",
.ctext = "\x85\x79\x6C\x8B\x2B\x6D\x14\xF9"
"\xA6\x83\xB6\x80\x5B\x3A\xF3\x7E"
"\x30\x29\xEB\x1F\xDC\x19\x5F\xEB"
"\xF7\xC4\x27\x04\x51\x87\xD7\x6F"
"\xB8\x4E\x07\xFB\xAC\x3B\x08\xB4"
"\x4D\xCB\xE8\xE1\x71\x7D\x4F\x48"
"\xCD\x81\x64\xA5\xC4\x07\x1A\x9A"
"\x4B\x62\x90\x0E\xC8\xB3\x2B\x6B"
"\x8F\x9C\x6E\x72\x4B\xBA\xEF\x07"
"\x2C\x56\x07\x5E\x37\x30\x60\xA9"
"\xE3\xEF\xD6\x69\xE1\xA1\x77\x64"
"\x93\x75\x7A\xB7\x7A\x3B\xE9\x43"
"\x23\x35\x95\x91\x80\x8A\xC7\xCF"
"\xC3\xD5\xBF\xE7\xFE\x4C\x06\x6B"
"\x05\x19\x48\xE2\x62\xBA\x4F\xF2"
"\xFB\xEE\xE4\xCB\x79\x9D\xA3\x10"
"\x1D\x29\x8C\x1D\x7A\x88\x5A\xDD"
"\x4E\xB6\x18\xAA\xCD\xE6\x33\x96"
"\xD9\x0F\x90\x5A\x78\x76\x4D\x77"
"\x3C\x20\x89\x3B\xA3\xF9\x07\xFD"
"\xE4\xE8\x20\x2D\x15\x0A\x63\x49"
"\xF5\x4F\x89\xD8\xDE\xA1\x28\x78"
"\x28\x07\x09\x1B\x03\x94\x1D\x4B"
"\x82\x28\x1E\x1D\x95\xBA\xAC\x85"
"\x71\x6E\x3C\x18\x4B\x77\x74\x79"
"\xBF\x67\x0A\x53\x3C\x94\xD9\x60"
"\xE9\x6D\x40\x34\xA0\x2A\x53\x5D"
"\x27\xD5\x47\xF9\xC3\x4B\x27\x29"
"\xE4\x76\x9C\x3F\xA7\x1C\x87\xFC"
"\x6E\x0F\xCF\x9B\x60\xF0\xF0\x8B"
"\x70\x1C\x84\x81\x72\x4D\xB4\x98"
"\x23\x62\xE7\x6A\x2B\xFC\xA5\xB2"
"\xFF\xF5\x71\x07\xCD\x90\x23\x13"
"\x19\xD7\x79\x36\x6C\x9D\x55\x8B"
"\x93\x78\x86\x05\x69\x46\xD0\xC5"
"\x39\x09\xEB\x79\xEF\xFA\x9F\xAE"
"\xF3\xD5\x44\xC3\xFD\x86\xD2\x7C"
"\x83\x4B\xD8\x75\x9C\x18\x04\x7B"
"\x73\xAD\x72\xA4\xF6\xAB\xCF\x4B"
"\xCC\x01\x45\x90\xA6\x43\x05\x0C"
"\x6C\x4F\x62\x77\x57\x97\x9F\xEE"
"\x75\xA7\x3C\x38\xD1\x0F\x3D\x0E"
"\x2C\x43\x98\xFB\x13\x65\x73\xE4"
"\x3C\x1E\xD6\x90\x08\xF7\xE0\x99"
"\x3B\xF1\x9D\x6C\x48\xA9\x0E\x32"
"\x17\xC2\xCC\x20\xA1\x19\x26\xAA"
"\xE0\x75\x2F\xFB\x54\x66\x0A\xDF"
"\xB5\xF2\x1F\xC1\x34\x3C\x30\x56"
"\xE8\xDC\xF7\x92\x6B\xBF\x17\x24"
"\xEC\x94\xB5\x3B\xD6\xCE\xA2\x54"
"\x10\x7F\x50\xDE\x69\x77\xD5\x37"
"\xFE\x9C\x10\x83\xC5\xEB\xC9\x53"
"\xB7\xF3\xC4\x20\xAF\x0A\x7E\x57"
"\x3A\xE6\x75\xFE\x89\x00\x6E\x48"
"\xFB\x99\x17\x2C\xF6\x64\x40\x95"
"\x5E\xDC\x7A\xA6\x70\xC7\xF4\xDD"
"\x52\x05\x24\x34\xF9\x0E\xC8\x64"
"\x6D\xE2\xD8\x80\x53\x31\x4C\xFE"
"\xB4\x3A\x5F\x19\xCF\x42\x1B\x22"
"\x0B\x2D\x7B\xF1\xC5\x43\xF7\x5E"
"\x12\xA8\x01\x64\x16\x0B\x26\x5A"
"\x0C\x95\x0F\x40\xC5\x5A\x06\x7C"
"\xCF\xF5\xD5\xB7\x7A\x34\x23\xB6"
"\xAA\x9E\xA8\x98\xA2\xF8\x3D\xD3"
"\x3F\x23\x69\x63\x56\x96\x45\xD6"
"\x74\x23\x1D\x5C\x63\xCC\xD8\x78"
"\x16\xE2\x9C\xD2\x80\x02\xF2\x28"
"\x69\x2F\xC4\xA8\x15\x15\x24\x3B"
"\xCB\xF0\x14\xE4\x62\xC8\xF3\xD1"
"\x03\x58\x1B\x33\x77\x74\x1F\xB4"
"\x07\x86\xF2\x21\xB7\x41\xAE\xBF"
"\x25\xC2\xFF\x51\xEF\xEA\xCE\xC4"
"\x5F\xD9\xB8\x18\x6A\xF0\x0F\x0D"
"\xF8\x04\xBB\x6D\x62\x33\x87\x26"
"\x4F\x2F\x14\x6E\xDC\xDB\x66\x09"
"\x2A\xEF\x7D\x84\x10\xAC\x82\x5E"
"\xD2\xE4\xAD\x74\x7A\x6D\xCC\x3A"
"\x7B\x62\xD8\xD6\x07\x2D\xF7\xDF"
"\x9B\xB3\x82\xCF\x9C\x1D\x76\x5C"
"\xAC\x7B\xD4\x9B\x45\xA1\x64\x11"
"\x66\xF1\xA7\x0B\xF9\xDD\x00\xDD"
"\xA4\x45\x3D\x3E\x03\xC9\x2E\xCB"
"\xC3\x14\x84\x72\xFD\x41\xDC\xBD"
"\x75\xBE\xA8\xE5\x16\x48\x64\x39"
"\xCA\xF3\xE6\xDC\x25\x24\xF1\x6D"
"\xB2\x8D\xC5\x38\x54\xD3\x5D\x6D"
"\x0B\x29\x10\x15\x0E\x13\x3B\xAC"
"\x7E\xCC\x9E\x3E\x18\x48\xA6\x02"
"\xEF\x03\xB2\x2E\xE3\xD2\x70\x21"
"\xB4\x19\x26\xBE\x3A\x3D\x05\xE0"
"\xF8\x09\xAF\xE4\x31\x26\x92\x2F"
"\x8F\x55\xAC\xED\x0B\xB2\xA5\x34"
"\xBE\x50\xB1\x02\x22\x96\xE3\x40"
"\x7B\x70\x50\x6E\x3B\xD5\xE5\xA0"
"\x8E\xA2\xAD\x14\x60\x5C\x7A\x2B"
"\x3D\x1B\x7F\xC1\xC0\x2C\x56\x36"
"\xD2\x0A\x32\x06\x97\x34\xB9\xF4"
"\x6F\x9F\x7E\x80\xD0\x9D\xF7\x6A"
"\x21\xC1\xA2\x6A\xB1\x96\x5B\x4D"
"\x7A\x15\x6C\xC4\x4E\xB8\xE0\x9E"
"\x6C\x50\xF3\x9C\xC9\xB5\x23\xB7"
"\xF1\xD4\x29\x4A\x23\xC4\xAD\x1E"
"\x2C\x07\xD2\x43\x5F\x57\x93\xCA"
"\x85\xF9\x9F\xAD\x4C\xF1\xE4\xB1"
"\x1A\x8E\x28\xA4\xB6\x52\x77\x7E"
"\x68\xC6\x47\xB9\x76\xCC\x65\x5F"
"\x0B\xF9\x67\x93\xD8\x0E\x9A\x37"
"\x5F\x41\xED\x64\x6C\xAD\x5F\xED"
"\x3F\x8D\xFB\x8E\x1E\xA0\xE4\x1F"
"\xC2\xC7\xED\x18\x43\xE1\x20\x86"
"\x5D\xBC\x30\x70\x22\xA1\xDC\x53"
"\x10\x3A\x8D\x47\x82\xCD\x7F\x59"
"\x03\x2D\x6D\xF5\xE7\x79\xD4\x07"
"\x68\x2A\xA5\x42\x19\x4D\xAF\xF5"
"\xED\x47\x83\xBC\x5F\x62\x84\xDA"
"\xDA\x41\xFF\xB0\x1D\x64\xA3\xC8"
"\xBD\x4E\xE0\xB8\x7F\xEE\x55\x0A"
"\x4E\x61\xB2\x51\xF6\x9C\x95\xF6"
"\x92\xBB\xF6\xC5\xF0\x09\x86\xDE"
"\x37\x9E\x29\xF9\x2A\x18\x73\x0D"
"\xDC\x7E\x6B\x7B\x1B\x43\x8C\xEA"
"\x13\xC8\x1A\x47\x0A\x2D\x6D\x56"
"\xCD\xD2\xE7\x53\x1A\xAB\x1C\x3C"
"\xC5\x9B\x03\x70\x29\x2A\x49\x09"
"\x67\xA1\xEA\xD6\x3A\x5B\xBF\x71"
"\x1D\x48\x64\x6C\xFB\xC0\x9E\x36",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 1008,
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec camellia_lrw_tv_template[] = {
/* Generated from AES-LRW test vectors */
{
.key = "\x45\x62\xac\x25\xf8\x28\x17\x6d"
"\x4c\x26\x84\x14\xb5\x68\x01\x85"
"\x25\x8e\x2a\x05\xe7\x3e\x9d\x03"
"\xee\x5a\x83\x0c\xcc\x09\x4c\x87",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x92\x68\x19\xd7\xb7\x5b\x0a\x31"
"\x97\xcc\x72\xbe\x99\x17\xeb\x3e",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
}, {
.key = "\x59\x70\x47\x14\xf5\x57\x47\x8c"
"\xd7\x79\xe8\x0f\x54\x88\x79\x44"
"\x0d\x48\xf0\xb7\xb1\x5a\x53\xea"
"\x1c\xaa\x6b\x29\xc2\xca\xfb\xaf",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x02",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x73\x09\xb7\x50\xb6\x77\x30\x50"
"\x5c\x8a\x9c\x26\x77\x9d\xfc\x4a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
}, {
.key = "\xd8\x2a\x91\x34\xb2\x6a\x56\x50"
"\x30\xfe\x69\xe2\x37\x7f\x98\x47"
"\xcd\xf9\x0b\x16\x0c\x64\x8f\xb6"
"\xb0\x0d\x0d\x1b\xae\x85\x87\x1f",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x90\xae\x83\xe0\x22\xb9\x60\x91"
"\xfa\xa9\xb7\x98\xe3\xed\x87\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
}, {
.key = "\x0f\x6a\xef\xf8\xd3\xd2\xbb\x15"
"\x25\x83\xf7\x3c\x1f\x01\x28\x74"
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
"\xca\xc6\xbc\x35\x4d\x4a\x65\x54"
"\x90\xae\x61\xcf\x7b\xae\xbd\xcc"
"\xad\xe4\x94\xc5\x4a\x29\xae\x70",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x99\xe9\x6e\xd4\xc9\x21\xa5\xf0"
"\xd8\x83\xef\xd9\x07\x16\x5f\x35",
.len = 16,
}, {
.key = "\x8a\xd4\xee\x10\x2f\xbd\x81\xff"
"\xf8\x86\xce\xac\x93\xc5\xad\xc6"
"\xa0\x19\x07\xc0\x9d\xf7\xbb\xdd"
"\x52\x13\xb2\xb7\xf0\xff\x11\xd8"
"\xd6\x08\xd0\xcd\x2e\xb1\x17\x6f",
.klen = 40,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x42\x88\xf4\xcb\x21\x11\x6d\x8e"
"\xde\x1a\xf2\x29\xf1\x4a\xe0\x15",
.len = 16,
}, {
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x40\xaa\x34\x86\x4a\x8f\x78\xb9"
"\xdb\xdb\x0f\x3d\x48\x70\xbe\x8d",
.len = 16,
}, {
.key = "\xfb\x76\x15\xb2\x3d\x80\x89\x1d"
"\xd4\x70\x98\x0b\xc7\x95\x84\xc8"
"\xb2\xfb\x64\xce\x60\x97\x87\x8d"
"\x17\xfc\xe4\x5a\x49\xe8\x30\xb7"
"\x6e\x78\x17\xe7\x2d\x5e\x12\xd4"
"\x60\x64\x04\x7a\xf1\x2f\x9e\x0c",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x00\x00\x00\x00",
.ptext = "\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x41\x42\x43\x44\x45\x46",
.ctext = "\x04\xab\x28\x37\x31\x7a\x26\xab"
"\xa1\x70\x1b\x9c\xe7\xdd\x83\xff",
.len = 16,
}, {
.key = "\xf8\xd4\x76\xff\xd6\x46\xee\x6c"
"\x23\x84\xcb\x1c\x77\xd6\x19\x5d"
"\xfe\xf1\xa9\xf3\x7b\xbc\x8d\x21"
"\xa7\x9c\x21\xf8\xcb\x90\x02\x89"
"\xa8\x45\x34\x8e\xc8\xc5\xb5\xf1"
"\x26\xf5\x0e\x76\xfe\xfd\x1b\x1e",
.klen = 48,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.ptext = "\x05\x11\xb7\x18\xab\xc6\x2d\xac"
"\x70\x5d\xf6\x22\x94\xcd\xe5\x6c"
"\x17\x6b\xf6\x1c\xf0\xf3\x6e\xf8"
"\x50\x38\x1f\x71\x49\xb6\x57\xd6"
"\x8f\xcb\x8d\x6b\xe3\xa6\x29\x90"
"\xfe\x2a\x62\x82\xae\x6d\x8b\xf6"
"\xad\x1e\x9e\x20\x5f\x38\xbe\x04"
"\xda\x10\x8e\xed\xa2\xa4\x87\xab"
"\xda\x6b\xb4\x0c\x75\xba\xd3\x7c"
"\xc9\xac\x42\x31\x95\x7c\xc9\x04"
"\xeb\xd5\x6e\x32\x69\x8a\xdb\xa6"
"\x15\xd7\x3f\x4f\x2f\x66\x69\x03"
"\x9c\x1f\x54\x0f\xde\x1f\xf3\x65"
"\x4c\x96\x12\xed\x7c\x92\x03\x01"
"\x6f\xbc\x35\x93\xac\xf1\x27\xf1"
"\xb4\x96\x82\x5a\x5f\xb0\xa0\x50"
"\x89\xa4\x8e\x66\x44\x85\xcc\xfd"
"\x33\x14\x70\xe3\x96\xb2\xc3\xd3"
"\xbb\x54\x5a\x1a\xf9\x74\xa2\xc5"
"\x2d\x64\x75\xdd\xb4\x54\xe6\x74"
"\x8c\xd3\x9d\x9e\x86\xab\x51\x53"
"\xb7\x93\x3e\x6f\xd0\x4e\x2c\x40"
"\xf6\xa8\x2e\x3e\x9d\xf4\x66\xa5"
"\x76\x12\x73\x44\x1a\x56\xd7\x72"
"\x88\xcd\x21\x8c\x4c\x0f\xfe\xda"
"\x95\xe0\x3a\xa6\xa5\x84\x46\xcd"
"\xd5\x3e\x9d\x3a\xe2\x67\xe6\x60"
"\x1a\xe2\x70\x85\x58\xc2\x1b\x09"
"\xe1\xd7\x2c\xca\xad\xa8\x8f\xf9"
"\xac\xb3\x0e\xdb\xca\x2e\xe2\xb8"
"\x51\x71\xd9\x3c\x6c\xf1\x56\xf8"
"\xea\x9c\xf1\xfb\x0c\xe6\xb7\x10"
"\x1c\xf8\xa9\x7c\xe8\x53\x35\xc1"
"\x90\x3e\x76\x4a\x74\xa4\x21\x2c"
"\xf6\x2c\x4e\x0f\x94\x3a\x88\x2e"
"\x41\x09\x6a\x33\x7d\xf6\xdd\x3f"
"\x8d\x23\x31\x74\x84\xeb\x88\x6e"
"\xcc\xb9\xbc\x22\x83\x19\x07\x22"
"\xa5\x2d\xdf\xa5\xf3\x80\x85\x78"
"\x84\x39\x6a\x6d\x6a\x99\x4f\xa5"
"\x15\xfe\x46\xb0\xe4\x6c\xa5\x41"
"\x3c\xce\x8f\x42\x60\x71\xa7\x75"
"\x08\x40\x65\x8a\x82\xbf\xf5\x43"
"\x71\x96\xa9\x4d\x44\x8a\x20\xbe"
"\xfa\x4d\xbb\xc0\x7d\x31\x96\x65"
"\xe7\x75\xe5\x3e\xfd\x92\x3b\xc9"
"\x55\xbb\x16\x7e\xf7\xc2\x8c\xa4"
"\x40\x1d\xe5\xef\x0e\xdf\xe4\x9a"
"\x62\x73\x65\xfd\x46\x63\x25\x3d"
"\x2b\xaf\xe5\x64\xfe\xa5\x5c\xcf"
"\x24\xf3\xb4\xac\x64\xba\xdf\x4b"
"\xc6\x96\x7d\x81\x2d\x8d\x97\xf7"
"\xc5\x68\x77\x84\x32\x2b\xcc\x85"
"\x74\x96\xf0\x12\x77\x61\xb9\xeb"
"\x71\xaa\x82\xcb\x1c\xdb\x89\xc8"
"\xc6\xb5\xe3\x5c\x7d\x39\x07\x24"
"\xda\x39\x87\x45\xc0\x2b\xbb\x01"
"\xac\xbc\x2a\x5c\x7f\xfc\xe8\xce"
"\x6d\x9c\x6f\xed\xd3\xc1\xa1\xd6"
"\xc5\x55\xa9\x66\x2f\xe1\xc8\x32"
"\xa6\x5d\xa4\x3a\x98\x73\xe8\x45"
"\xa4\xc7\xa8\xb4\xf6\x13\x03\xf6"
"\xe9\x2e\xc4\x29\x0f\x84\xdb\xc4"
"\x21\xc4\xc2\x75\x67\x89\x37\x0a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x90\x69\x8e\xf2\x14\x86\x59\xf9"
"\xec\xe7\xfa\x3f\x48\x9d\x7f\x96"
"\x67\x76\xac\x2c\xd2\x63\x18\x93"
"\x13\xf8\xf1\xf6\x71\x77\xb3\xee"
"\x93\xb2\xcc\xf3\x26\xc1\x16\x4f"
"\xd4\xe8\x43\xc1\x68\xa3\x3e\x06"
"\x38\x51\xff\xa8\xb9\xa4\xeb\xb1"
"\x62\xdd\x78\x81\xea\x1d\xef\x04"
"\x1d\x07\xc1\x67\xc8\xd6\x77\xa1"
"\x84\x95\xf4\x9a\xd9\xbc\x2d\xe2"
"\xf6\x80\xfc\x91\x2a\xbc\x42\xa0"
"\x40\x41\x69\xaa\x71\xc0\x37\xec"
"\x39\xf3\xf2\xec\x82\xc3\x88\x79"
"\xbc\xc3\xaa\xb7\xcf\x6a\x72\x80"
"\x4c\xf4\x84\x8f\x13\x9e\x94\x5c"
"\xe5\xb2\x91\xbb\x92\x51\x4d\xf1"
"\xd6\x0d\x71\x6b\x7a\xc2\x2f\x12"
"\x6f\x75\xc7\x80\x99\x50\x84\xcf"
"\xa8\xeb\xd6\xe1\x1c\x59\x81\x7e"
"\xb9\xb3\xde\x7a\x93\x14\x12\xa2"
"\xf7\x43\xb3\x9d\x1a\x87\x65\x91"
"\x42\x08\x40\x82\x06\x1c\x2d\x55"
"\x6e\x48\xd5\x74\x07\x6e\x9d\x80"
"\xeb\xb4\x97\xa1\x36\xdf\xfa\x74"
"\x79\x7f\x5a\x75\xe7\x71\xc8\x8c"
"\x7e\xf8\x3a\x77\xcd\x32\x05\xf9"
"\x3d\xd4\xe9\xa2\xbb\xc4\x8b\x83"
"\x42\x5c\x82\xfa\xe9\x4b\x96\x3b"
"\x7f\x89\x8b\xf9\xf1\x87\xda\xf0"
"\x87\xef\x13\x5d\xf0\xe2\xc5\xc1"
"\xed\x14\xa9\x57\x19\x63\x40\x04"
"\x24\xeb\x6e\x19\xd1\x3d\x70\x78"
"\xeb\xda\x55\x70\x2c\x4f\x41\x5b"
"\x56\x9f\x1a\xd3\xac\xf1\xc0\xc3"
"\x21\xec\xd7\xd2\x55\x32\x7c\x2e"
"\x3c\x48\x8e\xb4\x85\x35\x47\xfe"
"\xe2\x88\x79\x98\x6a\xc9\x8d\xff"
"\xe9\x89\x6e\xb8\xe2\x97\x00\xbd"
"\xa4\x8f\xba\xd0\x8c\xcb\x79\x99"
"\xb3\xb2\xb2\x7a\xc3\xb7\xef\x75"
"\x23\x52\x76\xc3\x50\x6e\x66\xf8"
"\xa2\xe2\xce\xba\x40\x21\x3f\xc9"
"\x0a\x32\x7f\xf7\x08\x8c\x66\xcf"
"\xd3\xdf\x57\x59\x83\xb8\xe1\x85"
"\xd6\x8f\xfb\x48\x1f\x3a\xc4\x2f"
"\xb4\x2d\x58\xab\xd8\x7f\x5e\x3a"
"\xbc\x62\x3e\xe2\x6a\x52\x0d\x76"
"\x2f\x1c\x1a\x30\xed\x95\x2a\x44"
"\x35\xa5\x83\x04\x84\x01\x99\x56"
"\xb7\xe3\x10\x96\xfa\xdc\x19\xdd"
"\xe2\x7f\xcb\xa0\x49\x1b\xff\x4c"
"\x73\xf6\xbb\x94\x00\xe8\xa9\x3d"
"\xe2\x20\xe9\x3f\xfa\x07\x5d\x77"
"\x06\xd5\x4f\x4d\x02\xb8\x40\x1b"
"\x30\xed\x1a\x50\x19\xef\xc4\x2c"
"\x02\xd9\xc5\xd3\x11\x33\x37\xe5"
"\x2b\xa3\x95\xa6\xee\xd8\x74\x1d"
"\x68\xa0\xeb\xbf\xdd\x5e\x99\x96"
"\x91\xc3\x94\x24\xa5\x12\xa2\x37"
"\xb3\xac\xcf\x2a\xfd\x55\x34\xfe"
"\x79\x92\x3e\xe6\x1b\x49\x57\x5d"
"\x93\x6c\x01\xf7\xcc\x4e\x20\xd1"
"\xb2\x1a\xd8\x4c\xbd\x1d\x10\xe9"
"\x5a\xa8\x92\x7f\xba\xe6\x0c\x95",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec camellia_xts_tv_template[] = {
/* Generated from AES-XTS test vectors */
{
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x06\xcb\xa5\xf1\x04\x63\xb2\x41"
"\xdc\xca\xfa\x09\xba\x74\xb9\x05"
"\x78\xba\xa4\xf8\x67\x4d\x7e\xad"
"\x20\x18\xf5\x0c\x41\x16\x2a\x61",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 32,
}, {
.key = "\x11\x11\x11\x11\x11\x11\x11\x11"
"\x11\x11\x11\x11\x11\x11\x11\x11"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc2\xb9\xdc\x44\x1d\xdf\xf2\x86"
"\x8d\x35\x42\x0a\xa5\x5e\x3d\x4f"
"\xb5\x37\x06\xff\xbd\xd4\x91\x70"
"\x80\x1f\xb2\x39\x10\x89\x44\xf5",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 32,
}, {
.key = "\xff\xfe\xfd\xfc\xfb\xfa\xf9\xf8"
"\xf7\xf6\xf5\xf4\xf3\xf2\xf1\xf0"
"\x22\x22\x22\x22\x22\x22\x22\x22"
"\x22\x22\x22\x22\x22\x22\x22\x22",
.klen = 32,
.iv = "\x33\x33\x33\x33\x33\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44"
"\x44\x44\x44\x44\x44\x44\x44\x44",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x52\x1f\x9d\xf5\x5a\x58\x5a\x7e"
"\x9f\xd0\x8e\x02\x9c\x9a\x6a\xa7"
"\xb4\x3b\xce\xe7\x17\xaa\x89\x6a"
"\x35\x3c\x6b\xb5\x61\x1c\x79\x38",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 32,
}, {
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xc7\xf9\x0a\xaa\xcb\xb5\x8f\x33"
"\x60\xc3\xe9\x47\x90\xb7\x50\x57"
"\xa3\xad\x81\x2f\xf5\x22\x96\x02"
"\xaa\x7f\xea\xac\x29\x78\xca\x2a"
"\x7c\xcd\x31\x1a\x3c\x40\x0a\x73"
"\x09\x66\xad\x72\x0e\x4d\x5d\x77"
"\xbc\xb8\x76\x80\x37\x59\xa9\x01"
"\x9e\xfb\xdb\x6c\x93\xef\xb6\x8d"
"\x1e\xc1\x94\xa8\xd4\xb5\xb0\x01"
"\xd5\x01\x97\x28\xcd\x7a\x1f\xe8"
"\x08\xda\x76\x00\x65\xcf\x7b\x31"
"\xc6\xfa\xf2\x3b\x00\xa7\x6a\x9e"
"\x6c\x43\x80\x87\xe0\xbb\x4e\xe5"
"\xdc\x8a\xdf\xc3\x1d\x1b\x41\x04"
"\xfb\x54\xdd\x29\x27\xc2\x65\x17"
"\x36\x88\xb0\x85\x8d\x73\x7e\x4b"
"\x1d\x16\x8a\x52\xbc\xa6\xbc\xa4"
"\x8c\xd1\x04\x16\xbf\x8c\x01\x0f"
"\x7e\x6b\x59\x15\x29\xd1\x9b\xd3"
"\x6c\xee\xac\xdc\x45\x58\xca\x5b"
"\x70\x0e\x6a\x12\x86\x82\x79\x9f"
"\x16\xd4\x9d\x67\xcd\x70\x65\x26"
"\x21\x72\x1e\xa1\x94\x8a\x83\x0c"
"\x92\x42\x58\x5e\xa2\xc5\x31\xf3"
"\x7b\xd1\x31\xd4\x15\x80\x31\x61"
"\x5c\x53\x10\xdd\xea\xc8\x83\x5c"
"\x7d\xa7\x05\x66\xcc\x1e\xbb\x05"
"\x47\xae\xb4\x0f\x84\xd8\xf6\xb5"
"\xa1\xc6\x52\x00\x52\xe8\xdc\xd9"
"\x16\x31\xb2\x47\x91\x67\xaa\x28"
"\x2c\x29\x85\xa3\xf7\xf2\x24\x93"
"\x23\x80\x1f\xa8\x1b\x82\x8d\xdc"
"\x9f\x0b\xcd\xb4\x3c\x20\xbc\xec"
"\x4f\xc7\xee\xf8\xfd\xd9\xfb\x7e"
"\x3f\x0d\x23\xfa\x3f\xa7\xcc\x66"
"\x1c\xfe\xa6\x86\xf6\xf7\x85\xc7"
"\x43\xc1\xd4\xfc\xe4\x79\xc9\x1d"
"\xf8\x89\xcd\x20\x27\x84\x5d\x5c"
"\x8e\x4f\x1f\xeb\x08\x21\x4f\xa3"
"\xe0\x7e\x0b\x9c\xe7\x42\xcf\xb7"
"\x3f\x43\xcc\x86\x71\x34\x6a\xd9"
"\x5e\xec\x8f\x36\xc9\x0a\x03\xfe"
"\x18\x41\xdc\x9e\x2e\x75\x20\x3e"
"\xcc\x77\xe0\x8f\xe8\x43\x37\x4c"
"\xed\x1a\x5a\xb3\xfa\x43\xc9\x71"
"\x9f\xc5\xce\xcf\xff\xe7\x77\x1e"
"\x35\x93\xde\x6b\xc0\x6a\x7e\xa9"
"\x34\xb8\x27\x74\x08\xda\xf2\x4a"
"\x23\x5b\x9f\x55\x3a\x57\x82\x52"
"\xea\x6d\xc3\xc7\xf2\xc8\xb5\xdc"
"\xc5\xb9\xbb\xaa\xf2\x29\x9f\x49"
"\x7a\xef\xfe\xdc\x9f\xc9\x28\xe2"
"\x96\x0b\x35\x84\x05\x0d\xd6\x2a"
"\xea\x5a\xbf\x69\xde\xee\x4f\x8f"
"\x84\xb9\xcf\xa7\x57\xea\xe0\xe8"
"\x96\xef\x0f\x0e\xec\xc7\xa6\x74"
"\xb1\xfe\x7a\x6d\x11\xdd\x0e\x15"
"\x4a\x1e\x73\x7f\x55\xea\xf6\xe1"
"\x5b\xb6\x71\xda\xb0\x0c\xba\x26"
"\x5c\x48\x38\x6d\x1c\x32\xb2\x7d"
"\x05\x87\xc2\x1e\x7e\x2d\xd4\x33"
"\xcc\x06\xdb\xe7\x82\x29\x63\xd1"
"\x52\x84\x4f\xee\x27\xe8\x02\xd4"
"\x34\x3c\x69\xc2\xbd\x20\xe6\x7a",
.len = 512,
}, {
.key = "\x27\x18\x28\x18\x28\x45\x90\x45"
"\x23\x53\x60\x28\x74\x71\x35\x26"
"\x62\x49\x77\x57\x24\x70\x93\x69"
"\x99\x59\x57\x49\x66\x96\x76\x27"
"\x31\x41\x59\x26\x53\x58\x97\x93"
"\x23\x84\x62\x64\x33\x83\x27\x95"
"\x02\x88\x41\x97\x16\x93\x99\x37"
"\x51\x05\x82\x09\x74\x94\x45\x92",
.klen = 64,
.iv = "\xff\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x49\xcd\xb8\xbf\x2f\x73\x37\x28"
"\x9a\x7f\x6e\x57\x55\xb8\x07\x88"
"\x4a\x0d\x8b\x55\x60\xed\xb6\x7b"
"\xf1\x74\xac\x96\x05\x7b\x32\xca"
"\xd1\x4e\xf1\x58\x29\x16\x24\x6c"
"\xf2\xb3\xe4\x88\x84\xac\x4d\xee"
"\x97\x07\x82\xf0\x07\x12\x38\x0a"
"\x67\x62\xaf\xfd\x85\x9f\x0a\x55"
"\xa5\x20\xc5\x60\xe4\x68\x53\xa4"
"\x0e\x2e\x65\xe3\xe4\x0c\x30\x7c"
"\x1c\x01\x4f\x55\xa9\x13\xeb\x25"
"\x21\x87\xbc\xd3\xe7\x67\x4f\x38"
"\xa8\x14\x25\x71\xe9\x2e\x4c\x21"
"\x41\x82\x0c\x45\x39\x35\xa8\x75"
"\x03\x29\x01\x84\x8c\xab\x48\xbe"
"\x11\x56\x22\x67\xb7\x67\x1a\x09"
"\xa1\x72\x25\x41\x3c\x39\x65\x80"
"\x7d\x2f\xf8\x2c\x73\x04\x58\x9d"
"\xdd\x16\x8b\x63\x70\x4e\xc5\x17"
"\x21\xe0\x84\x51\x4b\x6f\x05\x52"
"\xe3\x63\x34\xfa\xa4\xaf\x33\x20"
"\xc1\xae\x32\xc4\xb8\x2b\xdb\x76"
"\xd9\x02\x31\x2f\xa3\xc6\xd0\x7b"
"\xaf\x1b\x84\xe3\x9b\xbf\xa6\xe0"
"\xb8\x8a\x13\x88\x71\xf4\x11\xa5"
"\xe9\xa9\x10\x33\xe0\xbe\x49\x89"
"\x41\x22\xf5\x9d\x80\x3e\x3b\x76"
"\x01\x16\x50\x6e\x7c\x6a\x81\xe9"
"\x13\x2c\xde\xb2\x5f\x79\xba\xb2"
"\xb1\x75\xae\xd2\x07\x98\x4b\x69"
"\xae\x7d\x5b\x90\xc2\x6c\xe6\x98"
"\xd3\x4c\xa1\xa3\x9c\xc9\x33\x6a"
"\x0d\x23\xb1\x79\x25\x13\x4b\xe5"
"\xaf\x93\x20\x5c\x7f\x06\x7a\x34"
"\x0b\x78\xe3\x67\x26\xe0\xad\x95"
"\xc5\x4e\x26\x22\xcf\x73\x77\x62"
"\x3e\x10\xd7\x90\x4b\x52\x1c\xc9"
"\xef\x38\x52\x18\x0e\x29\x7e\xef"
"\x34\xfe\x31\x95\xc5\xbc\xa8\xe2"
"\xa8\x4e\x9f\xea\xa6\xf0\xfe\x5d"
"\xc5\x39\x86\xed\x2f\x6d\xa0\xfe"
"\x96\xcd\x41\x10\x78\x4e\x0c\xc9"
"\xc3\x6d\x0f\xb7\xe8\xe0\x62\xab"
"\x8b\xf1\x21\x89\xa1\x12\xaa\xfa"
"\x9d\x70\xbe\x4c\xa8\x98\x89\x01"
"\xb9\xe2\x61\xde\x0c\x4a\x0b\xaa"
"\x89\xf5\x14\x79\x18\x8f\x3b\x0d"
"\x21\x17\xf8\x59\x15\x24\x64\x22"
"\x57\x48\x80\xd5\x3d\x92\x30\x07"
"\xd9\xa1\x4a\x23\x16\x43\x48\x0e"
"\x2b\x2d\x1b\x87\xef\x7e\xbd\xfa"
"\x49\xbc\x7e\x68\x6e\xa8\x46\x95"
"\xad\x5e\xfe\x0a\xa8\xd3\x1a\x5d"
"\x6b\x84\xf3\x00\xba\x52\x05\x02"
"\xe3\x96\x4e\xb6\x79\x3f\x43\xd3"
"\x4d\x3f\xd6\xab\x0a\xc4\x75\x2d"
"\xd1\x08\xc3\x6a\xc8\x37\x29\xa0"
"\xcc\x9a\x05\xdd\x5c\xe1\xff\x66"
"\xf2\x7a\x1d\xf2\xaf\xa9\x48\x89"
"\xf5\x21\x0f\x02\x48\x83\x74\xbf"
"\x2e\xe6\x93\x7b\xa0\xf4\xb1\x2b"
"\xb1\x02\x0a\x5c\x79\x19\x3b\x75"
"\xb7\x16\xd8\x12\x5c\xcd\x7d\x4e"
"\xd5\xc6\x99\xcc\x4e\x6c\x94\x95",
.len = 512,
.also_non_np = 1,
.np = 3,
.tap = { 512 - 20, 4, 16 },
},
};
/*
* SEED test vectors
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec seed_tv_template[] = {
{
.key = zeroed_string,
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x5e\xba\xc6\xe0\x05\x4e\x16\x68"
"\x19\xaf\xf1\xcc\x6d\x34\x6c\xdb",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
}, {
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = zeroed_string,
.ctext = "\xc1\x1f\x22\xf2\x01\x40\x50\x50"
"\x84\x48\x35\x97\xe4\x37\x0f\x43",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
}, {
.key = "\x47\x06\x48\x08\x51\xe6\x1b\xe8"
"\x5d\x74\xbf\xb3\xfd\x95\x61\x85",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x83\xa2\xf8\xa2\x88\x64\x1f\xb9"
"\xa4\xe9\xa5\xcc\x2f\x13\x1c\x7d",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xee\x54\xd1\x3e\xbc\xae\x70\x6d"
"\x22\x6b\xc3\x14\x2c\xd4\x0d\x4a",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
}, {
.key = "\x28\xdb\xc3\xbc\x49\xff\xd8\x7d"
"\xcf\xa5\x09\xb1\x1d\x42\x2b\xe7",
.klen = 16,
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\xb4\x1e\x6b\xe2\xeb\xa8\x4a\x14"
"\x8e\x2e\xed\x84\x59\x3c\x5e\xc7",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x9b\x9b\x7b\xfc\xd1\x81\x3c\xb9"
"\x5d\x0b\x36\x18\xf4\x0f\x51\x22",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 16,
}
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec salsa20_stream_tv_template[] = {
/*
* Testvectors from verified.test-vectors submitted to ECRYPT.
* They are truncated to size 39, 64, 111, 129 to test a variety
* of input length.
*/
{ /* Set 3, vector 0 */
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0A\x0B\x0C\x0D\x0E\x0F",
.klen = 16,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x2D\xD5\xC3\xF7\xBA\x2B\x20\xF7"
"\x68\x02\x41\x0C\x68\x86\x88\x89"
"\x5A\xD8\xC1\xBD\x4E\xA6\xC9\xB1"
"\x40\xFB\x9B\x90\xE2\x10\x49\xBF"
"\x58\x3F\x52\x79\x70\xEB\xC1",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 39,
}, { /* Set 5, vector 0 */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 16,
.iv = "\x80\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xB6\x6C\x1E\x44\x46\xDD\x95\x57"
"\xE5\x78\xE2\x23\xB0\xB7\x68\x01"
"\x7B\x23\xB2\x67\xBB\x02\x34\xAE"
"\x46\x26\xBF\x44\x3F\x21\x97\x76"
"\x43\x6F\xB1\x9F\xD0\xE8\x86\x6F"
"\xCD\x0D\xE9\xA9\x53\x8F\x4A\x09"
"\xCA\x9A\xC0\x73\x2E\x30\xBC\xF9"
"\x8E\x4F\x13\xE4\xB9\xE2\x01\xD9",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 64,
}, { /* Set 3, vector 27 */
.key = "\x1B\x1C\x1D\x1E\x1F\x20\x21\x22"
"\x23\x24\x25\x26\x27\x28\x29\x2A"
"\x2B\x2C\x2D\x2E\x2F\x30\x31\x32"
"\x33\x34\x35\x36\x37\x38\x39\x3A",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xAE\x39\x50\x8E\xAC\x9A\xEC\xE7"
"\xBF\x97\xBB\x20\xB9\xDE\xE4\x1F"
"\x87\xD9\x47\xF8\x28\x91\x35\x98"
"\xDB\x72\xCC\x23\x29\x48\x56\x5E"
"\x83\x7E\x0B\xF3\x7D\x5D\x38\x7B"
"\x2D\x71\x02\xB4\x3B\xB5\xD8\x23"
"\xB0\x4A\xDF\x3C\xEC\xB6\xD9\x3B"
"\x9B\xA7\x52\xBE\xC5\xD4\x50\x59"
"\x15\x14\xB4\x0E\x40\xE6\x53\xD1"
"\x83\x9C\x5B\xA0\x92\x29\x6B\x5E"
"\x96\x5B\x1E\x2F\xD3\xAC\xC1\x92"
"\xB1\x41\x3F\x19\x2F\xC4\x3B\xC6"
"\x95\x46\x45\x54\xE9\x75\x03\x08"
"\x44\xAF\xE5\x8A\x81\x12\x09",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 111,
}, { /* Set 5, vector 27 */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.iv = "\x00\x00\x00\x10\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xD2\xDB\x1A\x5C\xF1\xC1\xAC\xDB"
"\xE8\x1A\x7A\x43\x40\xEF\x53\x43"
"\x5E\x7F\x4B\x1A\x50\x52\x3F\x8D"
"\x28\x3D\xCF\x85\x1D\x69\x6E\x60"
"\xF2\xDE\x74\x56\x18\x1B\x84\x10"
"\xD4\x62\xBA\x60\x50\xF0\x61\xF2"
"\x1C\x78\x7F\xC1\x24\x34\xAF\x58"
"\xBF\x2C\x59\xCA\x90\x77\xF3\xB0"
"\x5B\x4A\xDF\x89\xCE\x2C\x2F\xFC"
"\x67\xF0\xE3\x45\xE8\xB3\xB3\x75"
"\xA0\x95\x71\xA1\x29\x39\x94\xCA"
"\x45\x2F\xBD\xCB\x10\xB6\xBE\x9F"
"\x8E\xF9\xB2\x01\x0A\x5A\x0A\xB7"
"\x6B\x9D\x70\x8E\x4B\xD6\x2F\xCD"
"\x2E\x40\x48\x75\xE9\xE2\x21\x45"
"\x0B\xC9\xB6\xB5\x66\xBC\x9A\x59"
"\x5A",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 129,
}, { /* large test vector generated using Crypto++ */
.key = "\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext =
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff"
"\x00\x03\x06\x09\x0c\x0f\x12\x15"
"\x18\x1b\x1e\x21\x24\x27\x2a\x2d"
"\x30\x33\x36\x39\x3c\x3f\x42\x45"
"\x48\x4b\x4e\x51\x54\x57\x5a\x5d"
"\x60\x63\x66\x69\x6c\x6f\x72\x75"
"\x78\x7b\x7e\x81\x84\x87\x8a\x8d"
"\x90\x93\x96\x99\x9c\x9f\xa2\xa5"
"\xa8\xab\xae\xb1\xb4\xb7\xba\xbd"
"\xc0\xc3\xc6\xc9\xcc\xcf\xd2\xd5"
"\xd8\xdb\xde\xe1\xe4\xe7\xea\xed"
"\xf0\xf3\xf6\xf9\xfc\xff\x02\x05"
"\x08\x0b\x0e\x11\x14\x17\x1a\x1d"
"\x20\x23\x26\x29\x2c\x2f\x32\x35"
"\x38\x3b\x3e\x41\x44\x47\x4a\x4d"
"\x50\x53\x56\x59\x5c\x5f\x62\x65"
"\x68\x6b\x6e\x71\x74\x77\x7a\x7d"
"\x80\x83\x86\x89\x8c\x8f\x92\x95"
"\x98\x9b\x9e\xa1\xa4\xa7\xaa\xad"
"\xb0\xb3\xb6\xb9\xbc\xbf\xc2\xc5"
"\xc8\xcb\xce\xd1\xd4\xd7\xda\xdd"
"\xe0\xe3\xe6\xe9\xec\xef\xf2\xf5"
"\xf8\xfb\xfe\x01\x04\x07\x0a\x0d"
"\x10\x13\x16\x19\x1c\x1f\x22\x25"
"\x28\x2b\x2e\x31\x34\x37\x3a\x3d"
"\x40\x43\x46\x49\x4c\x4f\x52\x55"
"\x58\x5b\x5e\x61\x64\x67\x6a\x6d"
"\x70\x73\x76\x79\x7c\x7f\x82\x85"
"\x88\x8b\x8e\x91\x94\x97\x9a\x9d"
"\xa0\xa3\xa6\xa9\xac\xaf\xb2\xb5"
"\xb8\xbb\xbe\xc1\xc4\xc7\xca\xcd"
"\xd0\xd3\xd6\xd9\xdc\xdf\xe2\xe5"
"\xe8\xeb\xee\xf1\xf4\xf7\xfa\xfd"
"\x00\x05\x0a\x0f\x14\x19\x1e\x23"
"\x28\x2d\x32\x37\x3c\x41\x46\x4b"
"\x50\x55\x5a\x5f\x64\x69\x6e\x73"
"\x78\x7d\x82\x87\x8c\x91\x96\x9b"
"\xa0\xa5\xaa\xaf\xb4\xb9\xbe\xc3"
"\xc8\xcd\xd2\xd7\xdc\xe1\xe6\xeb"
"\xf0\xf5\xfa\xff\x04\x09\x0e\x13"
"\x18\x1d\x22\x27\x2c\x31\x36\x3b"
"\x40\x45\x4a\x4f\x54\x59\x5e\x63"
"\x68\x6d\x72\x77\x7c\x81\x86\x8b"
"\x90\x95\x9a\x9f\xa4\xa9\xae\xb3"
"\xb8\xbd\xc2\xc7\xcc\xd1\xd6\xdb"
"\xe0\xe5\xea\xef\xf4\xf9\xfe\x03"
"\x08\x0d\x12\x17\x1c\x21\x26\x2b"
"\x30\x35\x3a\x3f\x44\x49\x4e\x53"
"\x58\x5d\x62\x67\x6c\x71\x76\x7b"
"\x80\x85\x8a\x8f\x94\x99\x9e\xa3"
"\xa8\xad\xb2\xb7\xbc\xc1\xc6\xcb"
"\xd0\xd5\xda\xdf\xe4\xe9\xee\xf3"
"\xf8\xfd\x02\x07\x0c\x11\x16\x1b"
"\x20\x25\x2a\x2f\x34\x39\x3e\x43"
"\x48\x4d\x52\x57\x5c\x61\x66\x6b"
"\x70\x75\x7a\x7f\x84\x89\x8e\x93"
"\x98\x9d\xa2\xa7\xac\xb1\xb6\xbb"
"\xc0\xc5\xca\xcf\xd4\xd9\xde\xe3"
"\xe8\xed\xf2\xf7\xfc\x01\x06\x0b"
"\x10\x15\x1a\x1f\x24\x29\x2e\x33"
"\x38\x3d\x42\x47\x4c\x51\x56\x5b"
"\x60\x65\x6a\x6f\x74\x79\x7e\x83"
"\x88\x8d\x92\x97\x9c\xa1\xa6\xab"
"\xb0\xb5\xba\xbf\xc4\xc9\xce\xd3"
"\xd8\xdd\xe2\xe7\xec\xf1\xf6\xfb"
"\x00\x07\x0e\x15\x1c\x23\x2a\x31"
"\x38\x3f\x46\x4d\x54\x5b\x62\x69"
"\x70\x77\x7e\x85\x8c\x93\x9a\xa1"
"\xa8\xaf\xb6\xbd\xc4\xcb\xd2\xd9"
"\xe0\xe7\xee\xf5\xfc\x03\x0a\x11"
"\x18\x1f\x26\x2d\x34\x3b\x42\x49"
"\x50\x57\x5e\x65\x6c\x73\x7a\x81"
"\x88\x8f\x96\x9d\xa4\xab\xb2\xb9"
"\xc0\xc7\xce\xd5\xdc\xe3\xea\xf1"
"\xf8\xff\x06\x0d\x14\x1b\x22\x29"
"\x30\x37\x3e\x45\x4c\x53\x5a\x61"
"\x68\x6f\x76\x7d\x84\x8b\x92\x99"
"\xa0\xa7\xae\xb5\xbc\xc3\xca\xd1"
"\xd8\xdf\xe6\xed\xf4\xfb\x02\x09"
"\x10\x17\x1e\x25\x2c\x33\x3a\x41"
"\x48\x4f\x56\x5d\x64\x6b\x72\x79"
"\x80\x87\x8e\x95\x9c\xa3\xaa\xb1"
"\xb8\xbf\xc6\xcd\xd4\xdb\xe2\xe9"
"\xf0\xf7\xfe\x05\x0c\x13\x1a\x21"
"\x28\x2f\x36\x3d\x44\x4b\x52\x59"
"\x60\x67\x6e\x75\x7c\x83\x8a\x91"
"\x98\x9f\xa6\xad\xb4\xbb\xc2\xc9"
"\xd0\xd7\xde\xe5\xec\xf3\xfa\x01"
"\x08\x0f\x16\x1d\x24\x2b\x32\x39"
"\x40\x47\x4e\x55\x5c\x63\x6a\x71"
"\x78\x7f\x86\x8d\x94\x9b\xa2\xa9"
"\xb0\xb7\xbe\xc5\xcc\xd3\xda\xe1"
"\xe8\xef\xf6\xfd\x04\x0b\x12\x19"
"\x20\x27\x2e\x35\x3c\x43\x4a\x51"
"\x58\x5f\x66\x6d\x74\x7b\x82\x89"
"\x90\x97\x9e\xa5\xac\xb3\xba\xc1"
"\xc8\xcf\xd6\xdd\xe4\xeb\xf2\xf9"
"\x00\x09\x12\x1b\x24\x2d\x36\x3f"
"\x48\x51\x5a\x63\x6c\x75\x7e\x87"
"\x90\x99\xa2\xab\xb4\xbd\xc6\xcf"
"\xd8\xe1\xea\xf3\xfc\x05\x0e\x17"
"\x20\x29\x32\x3b\x44\x4d\x56\x5f"
"\x68\x71\x7a\x83\x8c\x95\x9e\xa7"
"\xb0\xb9\xc2\xcb\xd4\xdd\xe6\xef"
"\xf8\x01\x0a\x13\x1c\x25\x2e\x37"
"\x40\x49\x52\x5b\x64\x6d\x76\x7f"
"\x88\x91\x9a\xa3\xac\xb5\xbe\xc7"
"\xd0\xd9\xe2\xeb\xf4\xfd\x06\x0f"
"\x18\x21\x2a\x33\x3c\x45\x4e\x57"
"\x60\x69\x72\x7b\x84\x8d\x96\x9f"
"\xa8\xb1\xba\xc3\xcc\xd5\xde\xe7"
"\xf0\xf9\x02\x0b\x14\x1d\x26\x2f"
"\x38\x41\x4a\x53\x5c\x65\x6e\x77"
"\x80\x89\x92\x9b\xa4\xad\xb6\xbf"
"\xc8\xd1\xda\xe3\xec\xf5\xfe\x07"
"\x10\x19\x22\x2b\x34\x3d\x46\x4f"
"\x58\x61\x6a\x73\x7c\x85\x8e\x97"
"\xa0\xa9\xb2\xbb\xc4\xcd\xd6\xdf"
"\xe8\xf1\xfa\x03\x0c\x15\x1e\x27"
"\x30\x39\x42\x4b\x54\x5d\x66\x6f"
"\x78\x81\x8a\x93\x9c\xa5\xae\xb7"
"\xc0\xc9\xd2\xdb\xe4\xed\xf6\xff"
"\x08\x11\x1a\x23\x2c\x35\x3e\x47"
"\x50\x59\x62\x6b\x74\x7d\x86\x8f"
"\x98\xa1\xaa\xb3\xbc\xc5\xce\xd7"
"\xe0\xe9\xf2\xfb\x04\x0d\x16\x1f"
"\x28\x31\x3a\x43\x4c\x55\x5e\x67"
"\x70\x79\x82\x8b\x94\x9d\xa6\xaf"
"\xb8\xc1\xca\xd3\xdc\xe5\xee\xf7"
"\x00\x0b\x16\x21\x2c\x37\x42\x4d"
"\x58\x63\x6e\x79\x84\x8f\x9a\xa5"
"\xb0\xbb\xc6\xd1\xdc\xe7\xf2\xfd"
"\x08\x13\x1e\x29\x34\x3f\x4a\x55"
"\x60\x6b\x76\x81\x8c\x97\xa2\xad"
"\xb8\xc3\xce\xd9\xe4\xef\xfa\x05"
"\x10\x1b\x26\x31\x3c\x47\x52\x5d"
"\x68\x73\x7e\x89\x94\x9f\xaa\xb5"
"\xc0\xcb\xd6\xe1\xec\xf7\x02\x0d"
"\x18\x23\x2e\x39\x44\x4f\x5a\x65"
"\x70\x7b\x86\x91\x9c\xa7\xb2\xbd"
"\xc8\xd3\xde\xe9\xf4\xff\x0a\x15"
"\x20\x2b\x36\x41\x4c\x57\x62\x6d"
"\x78\x83\x8e\x99\xa4\xaf\xba\xc5"
"\xd0\xdb\xe6\xf1\xfc\x07\x12\x1d"
"\x28\x33\x3e\x49\x54\x5f\x6a\x75"
"\x80\x8b\x96\xa1\xac\xb7\xc2\xcd"
"\xd8\xe3\xee\xf9\x04\x0f\x1a\x25"
"\x30\x3b\x46\x51\x5c\x67\x72\x7d"
"\x88\x93\x9e\xa9\xb4\xbf\xca\xd5"
"\xe0\xeb\xf6\x01\x0c\x17\x22\x2d"
"\x38\x43\x4e\x59\x64\x6f\x7a\x85"
"\x90\x9b\xa6\xb1\xbc\xc7\xd2\xdd"
"\xe8\xf3\xfe\x09\x14\x1f\x2a\x35"
"\x40\x4b\x56\x61\x6c\x77\x82\x8d"
"\x98\xa3\xae\xb9\xc4\xcf\xda\xe5"
"\xf0\xfb\x06\x11\x1c\x27\x32\x3d"
"\x48\x53\x5e\x69\x74\x7f\x8a\x95"
"\xa0\xab\xb6\xc1\xcc\xd7\xe2\xed"
"\xf8\x03\x0e\x19\x24\x2f\x3a\x45"
"\x50\x5b\x66\x71\x7c\x87\x92\x9d"
"\xa8\xb3\xbe\xc9\xd4\xdf\xea\xf5"
"\x00\x0d\x1a\x27\x34\x41\x4e\x5b"
"\x68\x75\x82\x8f\x9c\xa9\xb6\xc3"
"\xd0\xdd\xea\xf7\x04\x11\x1e\x2b"
"\x38\x45\x52\x5f\x6c\x79\x86\x93"
"\xa0\xad\xba\xc7\xd4\xe1\xee\xfb"
"\x08\x15\x22\x2f\x3c\x49\x56\x63"
"\x70\x7d\x8a\x97\xa4\xb1\xbe\xcb"
"\xd8\xe5\xf2\xff\x0c\x19\x26\x33"
"\x40\x4d\x5a\x67\x74\x81\x8e\x9b"
"\xa8\xb5\xc2\xcf\xdc\xe9\xf6\x03"
"\x10\x1d\x2a\x37\x44\x51\x5e\x6b"
"\x78\x85\x92\x9f\xac\xb9\xc6\xd3"
"\xe0\xed\xfa\x07\x14\x21\x2e\x3b"
"\x48\x55\x62\x6f\x7c\x89\x96\xa3"
"\xb0\xbd\xca\xd7\xe4\xf1\xfe\x0b"
"\x18\x25\x32\x3f\x4c\x59\x66\x73"
"\x80\x8d\x9a\xa7\xb4\xc1\xce\xdb"
"\xe8\xf5\x02\x0f\x1c\x29\x36\x43"
"\x50\x5d\x6a\x77\x84\x91\x9e\xab"
"\xb8\xc5\xd2\xdf\xec\xf9\x06\x13"
"\x20\x2d\x3a\x47\x54\x61\x6e\x7b"
"\x88\x95\xa2\xaf\xbc\xc9\xd6\xe3"
"\xf0\xfd\x0a\x17\x24\x31\x3e\x4b"
"\x58\x65\x72\x7f\x8c\x99\xa6\xb3"
"\xc0\xcd\xda\xe7\xf4\x01\x0e\x1b"
"\x28\x35\x42\x4f\x5c\x69\x76\x83"
"\x90\x9d\xaa\xb7\xc4\xd1\xde\xeb"
"\xf8\x05\x12\x1f\x2c\x39\x46\x53"
"\x60\x6d\x7a\x87\x94\xa1\xae\xbb"
"\xc8\xd5\xe2\xef\xfc\x09\x16\x23"
"\x30\x3d\x4a\x57\x64\x71\x7e\x8b"
"\x98\xa5\xb2\xbf\xcc\xd9\xe6\xf3"
"\x00\x0f\x1e\x2d\x3c\x4b\x5a\x69"
"\x78\x87\x96\xa5\xb4\xc3\xd2\xe1"
"\xf0\xff\x0e\x1d\x2c\x3b\x4a\x59"
"\x68\x77\x86\x95\xa4\xb3\xc2\xd1"
"\xe0\xef\xfe\x0d\x1c\x2b\x3a\x49"
"\x58\x67\x76\x85\x94\xa3\xb2\xc1"
"\xd0\xdf\xee\xfd\x0c\x1b\x2a\x39"
"\x48\x57\x66\x75\x84\x93\xa2\xb1"
"\xc0\xcf\xde\xed\xfc\x0b\x1a\x29"
"\x38\x47\x56\x65\x74\x83\x92\xa1"
"\xb0\xbf\xce\xdd\xec\xfb\x0a\x19"
"\x28\x37\x46\x55\x64\x73\x82\x91"
"\xa0\xaf\xbe\xcd\xdc\xeb\xfa\x09"
"\x18\x27\x36\x45\x54\x63\x72\x81"
"\x90\x9f\xae\xbd\xcc\xdb\xea\xf9"
"\x08\x17\x26\x35\x44\x53\x62\x71"
"\x80\x8f\x9e\xad\xbc\xcb\xda\xe9"
"\xf8\x07\x16\x25\x34\x43\x52\x61"
"\x70\x7f\x8e\x9d\xac\xbb\xca\xd9"
"\xe8\xf7\x06\x15\x24\x33\x42\x51"
"\x60\x6f\x7e\x8d\x9c\xab\xba\xc9"
"\xd8\xe7\xf6\x05\x14\x23\x32\x41"
"\x50\x5f\x6e\x7d\x8c\x9b\xaa\xb9"
"\xc8\xd7\xe6\xf5\x04\x13\x22\x31"
"\x40\x4f\x5e\x6d\x7c\x8b\x9a\xa9"
"\xb8\xc7\xd6\xe5\xf4\x03\x12\x21"
"\x30\x3f\x4e\x5d\x6c\x7b\x8a\x99"
"\xa8\xb7\xc6\xd5\xe4\xf3\x02\x11"
"\x20\x2f\x3e\x4d\x5c\x6b\x7a\x89"
"\x98\xa7\xb6\xc5\xd4\xe3\xf2\x01"
"\x10\x1f\x2e\x3d\x4c\x5b\x6a\x79"
"\x88\x97\xa6\xb5\xc4\xd3\xe2\xf1"
"\x00\x11\x22\x33\x44\x55\x66\x77"
"\x88\x99\xaa\xbb\xcc\xdd\xee\xff"
"\x10\x21\x32\x43\x54\x65\x76\x87"
"\x98\xa9\xba\xcb\xdc\xed\xfe\x0f"
"\x20\x31\x42\x53\x64\x75\x86\x97"
"\xa8\xb9\xca\xdb\xec\xfd\x0e\x1f"
"\x30\x41\x52\x63\x74\x85\x96\xa7"
"\xb8\xc9\xda\xeb\xfc\x0d\x1e\x2f"
"\x40\x51\x62\x73\x84\x95\xa6\xb7"
"\xc8\xd9\xea\xfb\x0c\x1d\x2e\x3f"
"\x50\x61\x72\x83\x94\xa5\xb6\xc7"
"\xd8\xe9\xfa\x0b\x1c\x2d\x3e\x4f"
"\x60\x71\x82\x93\xa4\xb5\xc6\xd7"
"\xe8\xf9\x0a\x1b\x2c\x3d\x4e\x5f"
"\x70\x81\x92\xa3\xb4\xc5\xd6\xe7"
"\xf8\x09\x1a\x2b\x3c\x4d\x5e\x6f"
"\x80\x91\xa2\xb3\xc4\xd5\xe6\xf7"
"\x08\x19\x2a\x3b\x4c\x5d\x6e\x7f"
"\x90\xa1\xb2\xc3\xd4\xe5\xf6\x07"
"\x18\x29\x3a\x4b\x5c\x6d\x7e\x8f"
"\xa0\xb1\xc2\xd3\xe4\xf5\x06\x17"
"\x28\x39\x4a\x5b\x6c\x7d\x8e\x9f"
"\xb0\xc1\xd2\xe3\xf4\x05\x16\x27"
"\x38\x49\x5a\x6b\x7c\x8d\x9e\xaf"
"\xc0\xd1\xe2\xf3\x04\x15\x26\x37"
"\x48\x59\x6a\x7b\x8c\x9d\xae\xbf"
"\xd0\xe1\xf2\x03\x14\x25\x36\x47"
"\x58\x69\x7a\x8b\x9c\xad\xbe\xcf"
"\xe0\xf1\x02\x13\x24\x35\x46\x57"
"\x68\x79\x8a\x9b\xac\xbd\xce\xdf"
"\xf0\x01\x12\x23\x34\x45\x56\x67"
"\x78\x89\x9a\xab\xbc\xcd\xde\xef"
"\x00\x13\x26\x39\x4c\x5f\x72\x85"
"\x98\xab\xbe\xd1\xe4\xf7\x0a\x1d"
"\x30\x43\x56\x69\x7c\x8f\xa2\xb5"
"\xc8\xdb\xee\x01\x14\x27\x3a\x4d"
"\x60\x73\x86\x99\xac\xbf\xd2\xe5"
"\xf8\x0b\x1e\x31\x44\x57\x6a\x7d"
"\x90\xa3\xb6\xc9\xdc\xef\x02\x15"
"\x28\x3b\x4e\x61\x74\x87\x9a\xad"
"\xc0\xd3\xe6\xf9\x0c\x1f\x32\x45"
"\x58\x6b\x7e\x91\xa4\xb7\xca\xdd"
"\xf0\x03\x16\x29\x3c\x4f\x62\x75"
"\x88\x9b\xae\xc1\xd4\xe7\xfa\x0d"
"\x20\x33\x46\x59\x6c\x7f\x92\xa5"
"\xb8\xcb\xde\xf1\x04\x17\x2a\x3d"
"\x50\x63\x76\x89\x9c\xaf\xc2\xd5"
"\xe8\xfb\x0e\x21\x34\x47\x5a\x6d"
"\x80\x93\xa6\xb9\xcc\xdf\xf2\x05"
"\x18\x2b\x3e\x51\x64\x77\x8a\x9d"
"\xb0\xc3\xd6\xe9\xfc\x0f\x22\x35"
"\x48\x5b\x6e\x81\x94\xa7\xba\xcd"
"\xe0\xf3\x06\x19\x2c\x3f\x52\x65"
"\x78\x8b\x9e\xb1\xc4\xd7\xea\xfd"
"\x10\x23\x36\x49\x5c\x6f\x82\x95"
"\xa8\xbb\xce\xe1\xf4\x07\x1a\x2d"
"\x40\x53\x66\x79\x8c\x9f\xb2\xc5"
"\xd8\xeb\xfe\x11\x24\x37\x4a\x5d"
"\x70\x83\x96\xa9\xbc\xcf\xe2\xf5"
"\x08\x1b\x2e\x41\x54\x67\x7a\x8d"
"\xa0\xb3\xc6\xd9\xec\xff\x12\x25"
"\x38\x4b\x5e\x71\x84\x97\xaa\xbd"
"\xd0\xe3\xf6\x09\x1c\x2f\x42\x55"
"\x68\x7b\x8e\xa1\xb4\xc7\xda\xed"
"\x00\x15\x2a\x3f\x54\x69\x7e\x93"
"\xa8\xbd\xd2\xe7\xfc\x11\x26\x3b"
"\x50\x65\x7a\x8f\xa4\xb9\xce\xe3"
"\xf8\x0d\x22\x37\x4c\x61\x76\x8b"
"\xa0\xb5\xca\xdf\xf4\x09\x1e\x33"
"\x48\x5d\x72\x87\x9c\xb1\xc6\xdb"
"\xf0\x05\x1a\x2f\x44\x59\x6e\x83"
"\x98\xad\xc2\xd7\xec\x01\x16\x2b"
"\x40\x55\x6a\x7f\x94\xa9\xbe\xd3"
"\xe8\xfd\x12\x27\x3c\x51\x66\x7b"
"\x90\xa5\xba\xcf\xe4\xf9\x0e\x23"
"\x38\x4d\x62\x77\x8c\xa1\xb6\xcb"
"\xe0\xf5\x0a\x1f\x34\x49\x5e\x73"
"\x88\x9d\xb2\xc7\xdc\xf1\x06\x1b"
"\x30\x45\x5a\x6f\x84\x99\xae\xc3"
"\xd8\xed\x02\x17\x2c\x41\x56\x6b"
"\x80\x95\xaa\xbf\xd4\xe9\xfe\x13"
"\x28\x3d\x52\x67\x7c\x91\xa6\xbb"
"\xd0\xe5\xfa\x0f\x24\x39\x4e\x63"
"\x78\x8d\xa2\xb7\xcc\xe1\xf6\x0b"
"\x20\x35\x4a\x5f\x74\x89\x9e\xb3"
"\xc8\xdd\xf2\x07\x1c\x31\x46\x5b"
"\x70\x85\x9a\xaf\xc4\xd9\xee\x03"
"\x18\x2d\x42\x57\x6c\x81\x96\xab"
"\xc0\xd5\xea\xff\x14\x29\x3e\x53"
"\x68\x7d\x92\xa7\xbc\xd1\xe6\xfb"
"\x10\x25\x3a\x4f\x64\x79\x8e\xa3"
"\xb8\xcd\xe2\xf7\x0c\x21\x36\x4b"
"\x60\x75\x8a\x9f\xb4\xc9\xde\xf3"
"\x08\x1d\x32\x47\x5c\x71\x86\x9b"
"\xb0\xc5\xda\xef\x04\x19\x2e\x43"
"\x58\x6d\x82\x97\xac\xc1\xd6\xeb"
"\x00\x17\x2e\x45\x5c\x73\x8a\xa1"
"\xb8\xcf\xe6\xfd\x14\x2b\x42\x59"
"\x70\x87\x9e\xb5\xcc\xe3\xfa\x11"
"\x28\x3f\x56\x6d\x84\x9b\xb2\xc9"
"\xe0\xf7\x0e\x25\x3c\x53\x6a\x81"
"\x98\xaf\xc6\xdd\xf4\x0b\x22\x39"
"\x50\x67\x7e\x95\xac\xc3\xda\xf1"
"\x08\x1f\x36\x4d\x64\x7b\x92\xa9"
"\xc0\xd7\xee\x05\x1c\x33\x4a\x61"
"\x78\x8f\xa6\xbd\xd4\xeb\x02\x19"
"\x30\x47\x5e\x75\x8c\xa3\xba\xd1"
"\xe8\xff\x16\x2d\x44\x5b\x72\x89"
"\xa0\xb7\xce\xe5\xfc\x13\x2a\x41"
"\x58\x6f\x86\x9d\xb4\xcb\xe2\xf9"
"\x10\x27\x3e\x55\x6c\x83\x9a\xb1"
"\xc8\xdf\xf6\x0d\x24\x3b\x52\x69"
"\x80\x97\xae\xc5\xdc\xf3\x0a\x21"
"\x38\x4f\x66\x7d\x94\xab\xc2\xd9"
"\xf0\x07\x1e\x35\x4c\x63\x7a\x91"
"\xa8\xbf\xd6\xed\x04\x1b\x32\x49"
"\x60\x77\x8e\xa5\xbc\xd3\xea\x01"
"\x18\x2f\x46\x5d\x74\x8b\xa2\xb9"
"\xd0\xe7\xfe\x15\x2c\x43\x5a\x71"
"\x88\x9f\xb6\xcd\xe4\xfb\x12\x29"
"\x40\x57\x6e\x85\x9c\xb3\xca\xe1"
"\xf8\x0f\x26\x3d\x54\x6b\x82\x99"
"\xb0\xc7\xde\xf5\x0c\x23\x3a\x51"
"\x68\x7f\x96\xad\xc4\xdb\xf2\x09"
"\x20\x37\x4e\x65\x7c\x93\xaa\xc1"
"\xd8\xef\x06\x1d\x34\x4b\x62\x79"
"\x90\xa7\xbe\xd5\xec\x03\x1a\x31"
"\x48\x5f\x76\x8d\xa4\xbb\xd2\xe9"
"\x00\x19\x32\x4b\x64\x7d\x96\xaf"
"\xc8\xe1\xfa\x13\x2c\x45\x5e\x77"
"\x90\xa9\xc2\xdb\xf4\x0d\x26\x3f"
"\x58\x71\x8a\xa3\xbc\xd5\xee\x07"
"\x20\x39\x52\x6b\x84\x9d\xb6\xcf"
"\xe8\x01\x1a\x33\x4c\x65\x7e\x97"
"\xb0\xc9\xe2\xfb\x14\x2d\x46\x5f"
"\x78\x91\xaa\xc3\xdc\xf5\x0e\x27"
"\x40\x59\x72\x8b\xa4\xbd\xd6\xef"
"\x08\x21\x3a\x53\x6c\x85\x9e\xb7"
"\xd0\xe9\x02\x1b\x34\x4d\x66\x7f"
"\x98\xb1\xca\xe3\xfc\x15\x2e\x47"
"\x60\x79\x92\xab\xc4\xdd\xf6\x0f"
"\x28\x41\x5a\x73\x8c\xa5\xbe\xd7"
"\xf0\x09\x22\x3b\x54\x6d\x86\x9f"
"\xb8\xd1\xea\x03\x1c\x35\x4e\x67"
"\x80\x99\xb2\xcb\xe4\xfd\x16\x2f"
"\x48\x61\x7a\x93\xac\xc5\xde\xf7"
"\x10\x29\x42\x5b\x74\x8d\xa6\xbf"
"\xd8\xf1\x0a\x23\x3c\x55\x6e\x87"
"\xa0\xb9\xd2\xeb\x04\x1d\x36\x4f"
"\x68\x81\x9a\xb3\xcc\xe5\xfe\x17"
"\x30\x49\x62\x7b\x94\xad\xc6\xdf"
"\xf8\x11\x2a\x43\x5c\x75\x8e\xa7"
"\xc0\xd9\xf2\x0b\x24\x3d\x56\x6f"
"\x88\xa1\xba\xd3\xec\x05\x1e\x37"
"\x50\x69\x82\x9b\xb4\xcd\xe6\xff"
"\x18\x31\x4a\x63\x7c\x95\xae\xc7"
"\xe0\xf9\x12\x2b\x44\x5d\x76\x8f"
"\xa8\xc1\xda\xf3\x0c\x25\x3e\x57"
"\x70\x89\xa2\xbb\xd4\xed\x06\x1f"
"\x38\x51\x6a\x83\x9c\xb5\xce\xe7"
"\x00\x1b\x36\x51\x6c\x87\xa2\xbd"
"\xd8\xf3\x0e\x29\x44\x5f\x7a\x95"
"\xb0\xcb\xe6\x01\x1c\x37\x52\x6d"
"\x88\xa3\xbe\xd9\xf4\x0f\x2a\x45"
"\x60\x7b\x96\xb1\xcc\xe7\x02\x1d"
"\x38\x53\x6e\x89\xa4\xbf\xda\xf5"
"\x10\x2b\x46\x61\x7c\x97\xb2\xcd"
"\xe8\x03\x1e\x39\x54\x6f\x8a\xa5"
"\xc0\xdb\xf6\x11\x2c\x47\x62\x7d"
"\x98\xb3\xce\xe9\x04\x1f\x3a\x55"
"\x70\x8b\xa6\xc1\xdc\xf7\x12\x2d"
"\x48\x63\x7e\x99\xb4\xcf\xea\x05"
"\x20\x3b\x56\x71\x8c\xa7\xc2\xdd"
"\xf8\x13\x2e\x49\x64\x7f\x9a\xb5"
"\xd0\xeb\x06\x21\x3c\x57\x72\x8d"
"\xa8\xc3\xde\xf9\x14\x2f\x4a\x65"
"\x80\x9b\xb6\xd1\xec\x07\x22\x3d"
"\x58\x73\x8e\xa9\xc4\xdf\xfa\x15"
"\x30\x4b\x66\x81\x9c\xb7\xd2\xed"
"\x08\x23\x3e\x59\x74\x8f\xaa\xc5"
"\xe0\xfb\x16\x31\x4c\x67\x82\x9d"
"\xb8\xd3\xee\x09\x24\x3f\x5a\x75"
"\x90\xab\xc6\xe1\xfc\x17\x32\x4d"
"\x68\x83\x9e\xb9\xd4\xef\x0a\x25"
"\x40\x5b\x76\x91\xac\xc7\xe2\xfd"
"\x18\x33\x4e\x69\x84\x9f\xba\xd5"
"\xf0\x0b\x26\x41\x5c\x77\x92\xad"
"\xc8\xe3\xfe\x19\x34\x4f\x6a\x85"
"\xa0\xbb\xd6\xf1\x0c\x27\x42\x5d"
"\x78\x93\xae\xc9\xe4\xff\x1a\x35"
"\x50\x6b\x86\xa1\xbc\xd7\xf2\x0d"
"\x28\x43\x5e\x79\x94\xaf\xca\xe5"
"\x00\x1d\x3a\x57\x74\x91\xae\xcb"
"\xe8\x05\x22\x3f\x5c\x79\x96\xb3"
"\xd0\xed\x0a\x27\x44\x61\x7e\x9b"
"\xb8\xd5\xf2\x0f\x2c\x49\x66\x83"
"\xa0\xbd\xda\xf7\x14\x31\x4e\x6b"
"\x88\xa5\xc2\xdf\xfc\x19\x36\x53"
"\x70\x8d\xaa\xc7\xe4\x01\x1e\x3b"
"\x58\x75\x92\xaf\xcc\xe9\x06\x23"
"\x40\x5d\x7a\x97\xb4\xd1\xee\x0b"
"\x28\x45\x62\x7f\x9c\xb9\xd6\xf3"
"\x10\x2d\x4a\x67\x84\xa1\xbe\xdb"
"\xf8\x15\x32\x4f\x6c\x89\xa6\xc3"
"\xe0\xfd\x1a\x37\x54\x71\x8e\xab"
"\xc8\xe5\x02\x1f\x3c\x59\x76\x93"
"\xb0\xcd\xea\x07\x24\x41\x5e\x7b"
"\x98\xb5\xd2\xef\x0c\x29\x46\x63"
"\x80\x9d\xba\xd7\xf4\x11\x2e\x4b"
"\x68\x85\xa2\xbf\xdc\xf9\x16\x33"
"\x50\x6d\x8a\xa7\xc4\xe1\xfe\x1b"
"\x38\x55\x72\x8f\xac\xc9\xe6\x03"
"\x20\x3d\x5a\x77\x94\xb1\xce\xeb"
"\x08\x25\x42\x5f\x7c\x99\xb6\xd3"
"\xf0\x0d\x2a\x47\x64\x81\x9e\xbb"
"\xd8\xf5\x12\x2f\x4c\x69\x86\xa3"
"\xc0\xdd\xfa\x17\x34\x51\x6e\x8b"
"\xa8\xc5\xe2\xff\x1c\x39\x56\x73"
"\x90\xad\xca\xe7\x04\x21\x3e\x5b"
"\x78\x95\xb2\xcf\xec\x09\x26\x43"
"\x60\x7d\x9a\xb7\xd4\xf1\x0e\x2b"
"\x48\x65\x82\x9f\xbc\xd9\xf6\x13"
"\x30\x4d\x6a\x87\xa4\xc1\xde\xfb"
"\x18\x35\x52\x6f\x8c\xa9\xc6\xe3"
"\x00\x1f\x3e\x5d\x7c\x9b\xba\xd9"
"\xf8\x17\x36\x55\x74\x93\xb2\xd1"
"\xf0\x0f\x2e\x4d\x6c\x8b\xaa\xc9"
"\xe8\x07\x26\x45\x64\x83\xa2\xc1"
"\xe0\xff\x1e\x3d\x5c\x7b\x9a\xb9"
"\xd8\xf7\x16\x35\x54\x73\x92\xb1"
"\xd0\xef\x0e\x2d\x4c\x6b\x8a\xa9"
"\xc8\xe7\x06\x25\x44\x63\x82\xa1"
"\xc0\xdf\xfe\x1d\x3c\x5b\x7a\x99"
"\xb8\xd7\xf6\x15\x34\x53\x72\x91"
"\xb0\xcf\xee\x0d\x2c\x4b\x6a\x89"
"\xa8\xc7\xe6\x05\x24\x43\x62\x81"
"\xa0\xbf\xde\xfd\x1c\x3b\x5a\x79"
"\x98\xb7\xd6\xf5\x14\x33\x52\x71"
"\x90\xaf\xce\xed\x0c\x2b\x4a\x69"
"\x88\xa7\xc6\xe5\x04\x23\x42\x61"
"\x80\x9f\xbe\xdd\xfc\x1b\x3a\x59"
"\x78\x97\xb6\xd5\xf4\x13\x32\x51"
"\x70\x8f\xae\xcd\xec\x0b\x2a\x49"
"\x68\x87\xa6\xc5\xe4\x03\x22\x41"
"\x60\x7f\x9e\xbd\xdc\xfb\x1a\x39"
"\x58\x77\x96\xb5\xd4\xf3\x12\x31"
"\x50\x6f\x8e\xad\xcc\xeb\x0a\x29"
"\x48\x67\x86\xa5\xc4\xe3\x02\x21"
"\x40\x5f\x7e\x9d\xbc\xdb\xfa\x19"
"\x38\x57\x76\x95\xb4\xd3\xf2\x11"
"\x30\x4f\x6e\x8d\xac\xcb\xea\x09"
"\x28\x47\x66\x85\xa4\xc3\xe2\x01"
"\x20\x3f\x5e\x7d\x9c\xbb\xda\xf9"
"\x18\x37\x56\x75\x94\xb3\xd2\xf1"
"\x10\x2f\x4e\x6d\x8c\xab\xca\xe9"
"\x08\x27\x46\x65\x84\xa3\xc2\xe1"
"\x00\x21\x42\x63",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext =
"\xb5\x81\xf5\x64\x18\x73\xe3\xf0"
"\x4c\x13\xf2\x77\x18\x60\x65\x5e"
"\x29\x01\xce\x98\x55\x53\xf9\x0c"
"\x2a\x08\xd5\x09\xb3\x57\x55\x56"
"\xc5\xe9\x56\x90\xcb\x6a\xa3\xc0"
"\xff\xc4\x79\xb4\xd2\x97\x5d\xc4"
"\x43\xd1\xfe\x94\x7b\x88\x06\x5a"
"\xb2\x9e\x2c\xfc\x44\x03\xb7\x90"
"\xa0\xc1\xba\x6a\x33\xb8\xc7\xb2"
"\x9d\xe1\x12\x4f\xc0\x64\xd4\x01"
"\xfe\x8c\x7a\x66\xf7\xe6\x5a\x91"
"\xbb\xde\x56\x86\xab\x65\x21\x30"
"\x00\x84\x65\x24\xa5\x7d\x85\xb4"
"\xe3\x17\xed\x3a\xb7\x6f\xb4\x0b"
"\x0b\xaf\x15\xae\x5a\x8f\xf2\x0c"
"\x2f\x27\xf4\x09\xd8\xd2\x96\xb7"
"\x71\xf2\xc5\x99\x4d\x7e\x7f\x75"
"\x77\x89\x30\x8b\x59\xdb\xa2\xb2"
"\xa0\xf3\x19\x39\x2b\xc5\x7e\x3f"
"\x4f\xd9\xd3\x56\x28\x97\x44\xdc"
"\xc0\x8b\x77\x24\xd9\x52\xe7\xc5"
"\xaf\xf6\x7d\x59\xb2\x44\x05\x1d"
"\xb1\xb0\x11\xa5\x0f\xec\x33\xe1"
"\x6d\x1b\x4e\x1f\xff\x57\x91\xb4"
"\x5b\x9a\x96\xc5\x53\xbc\xae\x20"
"\x3c\xbb\x14\xe2\xe8\x22\x33\xc1"
"\x5e\x76\x9e\x46\x99\xf6\x2a\x15"
"\xc6\x97\x02\xa0\x66\x43\xd1\xa6"
"\x31\xa6\x9f\xfb\xf4\xd3\x69\xe5"
"\xcd\x76\x95\xb8\x7a\x82\x7f\x21"
"\x45\xff\x3f\xce\x55\xf6\x95\x10"
"\x08\x77\x10\x43\xc6\xf3\x09\xe5"
"\x68\xe7\x3c\xad\x00\x52\x45\x0d"
"\xfe\x2d\xc6\xc2\x94\x8c\x12\x1d"
"\xe6\x25\xae\x98\x12\x8e\x19\x9c"
"\x81\x68\xb1\x11\xf6\x69\xda\xe3"
"\x62\x08\x18\x7a\x25\x49\x28\xac"
"\xba\x71\x12\x0b\xe4\xa2\xe5\xc7"
"\x5d\x8e\xec\x49\x40\x21\xbf\x5a"
"\x98\xf3\x02\x68\x55\x03\x7f\x8a"
"\xe5\x94\x0c\x32\x5c\x07\x82\x63"
"\xaf\x6f\x91\x40\x84\x8e\x52\x25"
"\xd0\xb0\x29\x53\x05\xe2\x50\x7a"
"\x34\xeb\xc9\x46\x20\xa8\x3d\xde"
"\x7f\x16\x5f\x36\xc5\x2e\xdc\xd1"
"\x15\x47\xc7\x50\x40\x6d\x91\xc5"
"\xe7\x93\x95\x1a\xd3\x57\xbc\x52"
"\x33\xee\x14\x19\x22\x52\x89\xa7"
"\x4a\x25\x56\x77\x4b\xca\xcf\x0a"
"\xe1\xf5\x35\x85\x30\x7e\x59\x4a"
"\xbd\x14\x5b\xdf\xe3\x46\xcb\xac"
"\x1f\x6c\x96\x0e\xf4\x81\xd1\x99"
"\xca\x88\x63\x3d\x02\x58\x6b\xa9"
"\xe5\x9f\xb3\x00\xb2\x54\xc6\x74"
"\x1c\xbf\x46\xab\x97\xcc\xf8\x54"
"\x04\x07\x08\x52\xe6\xc0\xda\x93"
"\x74\x7d\x93\x99\x5d\x78\x68\xa6"
"\x2e\x6b\xd3\x6a\x69\xcc\x12\x6b"
"\xd4\xc7\xa5\xc6\xe7\xf6\x03\x04"
"\x5d\xcd\x61\x5e\x17\x40\xdc\xd1"
"\x5c\xf5\x08\xdf\x5c\x90\x85\xa4"
"\xaf\xf6\x78\xbb\x0d\xf1\xf4\xa4"
"\x54\x26\x72\x9e\x61\xfa\x86\xcf"
"\xe8\x9e\xa1\xe0\xc7\x48\x23\xae"
"\x5a\x90\xae\x75\x0a\x74\x18\x89"
"\x05\xb1\x92\xb2\x7f\xd0\x1b\xa6"
"\x62\x07\x25\x01\xc7\xc2\x4f\xf9"
"\xe8\xfe\x63\x95\x80\x07\xb4\x26"
"\xcc\xd1\x26\xb6\xc4\x3f\x9e\xcb"
"\x8e\x3b\x2e\x44\x16\xd3\x10\x9a"
"\x95\x08\xeb\xc8\xcb\xeb\xbf\x6f"
"\x0b\xcd\x1f\xc8\xca\x86\xaa\xec"
"\x33\xe6\x69\xf4\x45\x25\x86\x3a"
"\x22\x94\x4f\x00\x23\x6a\x44\xc2"
"\x49\x97\x33\xab\x36\x14\x0a\x70"
"\x24\xc3\xbe\x04\x3b\x79\xa0\xf9"
"\xb8\xe7\x76\x29\x22\x83\xd7\xf2"
"\x94\xf4\x41\x49\xba\x5f\x7b\x07"
"\xb5\xfb\xdb\x03\x1a\x9f\xb6\x4c"
"\xc2\x2e\x37\x40\x49\xc3\x38\x16"
"\xe2\x4f\x77\x82\xb0\x68\x4c\x71"
"\x1d\x57\x61\x9c\xd9\x4e\x54\x99"
"\x47\x13\x28\x73\x3c\xbb\x00\x90"
"\xf3\x4d\xc9\x0e\xfd\xe7\xb1\x71"
"\xd3\x15\x79\xbf\xcc\x26\x2f\xbd"
"\xad\x6c\x50\x69\x6c\x3e\x6d\x80"
"\x9a\xea\x78\xaf\x19\xb2\x0d\x4d"
"\xad\x04\x07\xae\x22\x90\x4a\x93"
"\x32\x0e\x36\x9b\x1b\x46\xba\x3b"
"\xb4\xac\xc6\xd1\xa2\x31\x53\x3b"
"\x2a\x3d\x45\xfe\x03\x61\x10\x85"
"\x17\x69\xa6\x78\xcc\x6c\x87\x49"
"\x53\xf9\x80\x10\xde\x80\xa2\x41"
"\x6a\xc3\x32\x02\xad\x6d\x3c\x56"
"\x00\x71\x51\x06\xa7\xbd\xfb\xef"
"\x3c\xb5\x9f\xfc\x48\x7d\x53\x7c"
"\x66\xb0\x49\x23\xc4\x47\x10\x0e"
"\xe5\x6c\x74\x13\xe6\xc5\x3f\xaa"
"\xde\xff\x07\x44\xdd\x56\x1b\xad"
"\x09\x77\xfb\x5b\x12\xb8\x0d\x38"
"\x17\x37\x35\x7b\x9b\xbc\xfe\xd4"
"\x7e\x8b\xda\x7e\x5b\x04\xa7\x22"
"\xa7\x31\xa1\x20\x86\xc7\x1b\x99"
"\xdb\xd1\x89\xf4\x94\xa3\x53\x69"
"\x8d\xe7\xe8\x74\x11\x8d\x74\xd6"
"\x07\x37\x91\x9f\xfd\x67\x50\x3a"
"\xc9\xe1\xf4\x36\xd5\xa0\x47\xd1"
"\xf9\xe5\x39\xa3\x31\xac\x07\x36"
"\x23\xf8\x66\x18\x14\x28\x34\x0f"
"\xb8\xd0\xe7\x29\xb3\x04\x4b\x55"
"\x01\x41\xb2\x75\x8d\xcb\x96\x85"
"\x3a\xfb\xab\x2b\x9e\xfa\x58\x20"
"\x44\x1f\xc0\x14\x22\x75\x61\xe8"
"\xaa\x19\xcf\xf1\x82\x56\xf4\xd7"
"\x78\x7b\x3d\x5f\xb3\x9e\x0b\x8a"
"\x57\x50\xdb\x17\x41\x65\x4d\xa3"
"\x02\xc9\x9c\x9c\x53\xfb\x39\x39"
"\x9b\x1d\x72\x24\xda\xb7\x39\xbe"
"\x13\x3b\xfa\x29\xda\x9e\x54\x64"
"\x6e\xba\xd8\xa1\xcb\xb3\x36\xfa"
"\xcb\x47\x85\xe9\x61\x38\xbc\xbe"
"\xc5\x00\x38\x2a\x54\xf7\xc4\xb9"
"\xb3\xd3\x7b\xa0\xa0\xf8\x72\x7f"
"\x8c\x8e\x82\x0e\xc6\x1c\x75\x9d"
"\xca\x8e\x61\x87\xde\xad\x80\xd2"
"\xf5\xf9\x80\xef\x15\x75\xaf\xf5"
"\x80\xfb\xff\x6d\x1e\x25\xb7\x40"
"\x61\x6a\x39\x5a\x6a\xb5\x31\xab"
"\x97\x8a\x19\x89\x44\x40\xc0\xa6"
"\xb4\x4e\x30\x32\x7b\x13\xe7\x67"
"\xa9\x8b\x57\x04\xc2\x01\xa6\xf4"
"\x28\x99\xad\x2c\x76\xa3\x78\xc2"
"\x4a\xe6\xca\x5c\x50\x6a\xc1\xb0"
"\x62\x4b\x10\x8e\x7c\x17\x43\xb3"
"\x17\x66\x1c\x3e\x8d\x69\xf0\x5a"
"\x71\xf5\x97\xdc\xd1\x45\xdd\x28"
"\xf3\x5d\xdf\x53\x7b\x11\xe5\xbc"
"\x4c\xdb\x1b\x51\x6b\xe9\xfb\x3d"
"\xc1\xc3\x2c\xb9\x71\xf5\xb6\xb2"
"\x13\x36\x79\x80\x53\xe8\xd3\xa6"
"\x0a\xaf\xfd\x56\x97\xf7\x40\x8e"
"\x45\xce\xf8\xb0\x9e\x5c\x33\x82"
"\xb0\x44\x56\xfc\x05\x09\xe9\x2a"
"\xac\x26\x80\x14\x1d\xc8\x3a\x35"
"\x4c\x82\x97\xfd\x76\xb7\xa9\x0a"
"\x35\x58\x79\x8e\x0f\x66\xea\xaf"
"\x51\x6c\x09\xa9\x6e\x9b\xcb\x9a"
"\x31\x47\xa0\x2f\x7c\x71\xb4\x4a"
"\x11\xaa\x8c\x66\xc5\x64\xe6\x3a"
"\x54\xda\x24\x6a\xc4\x41\x65\x46"
"\x82\xa0\x0a\x0f\x5f\xfb\x25\xd0"
"\x2c\x91\xa7\xee\xc4\x81\x07\x86"
"\x75\x5e\x33\x69\x97\xe4\x2c\xa8"
"\x9d\x9f\x0b\x6a\xbe\xad\x98\xda"
"\x6d\x94\x41\xda\x2c\x1e\x89\xc4"
"\xc2\xaf\x1e\x00\x05\x0b\x83\x60"
"\xbd\x43\xea\x15\x23\x7f\xb9\xac"
"\xee\x4f\x2c\xaf\x2a\xf3\xdf\xd0"
"\xf3\x19\x31\xbb\x4a\x74\x84\x17"
"\x52\x32\x2c\x7d\x61\xe4\xcb\xeb"
"\x80\x38\x15\x52\xcb\x6f\xea\xe5"
"\x73\x9c\xd9\x24\x69\xc6\x95\x32"
"\x21\xc8\x11\xe4\xdc\x36\xd7\x93"
"\x38\x66\xfb\xb2\x7f\x3a\xb9\xaf"
"\x31\xdd\x93\x75\x78\x8a\x2c\x94"
"\x87\x1a\x58\xec\x9e\x7d\x4d\xba"
"\xe1\xe5\x4d\xfc\xbc\xa4\x2a\x14"
"\xef\xcc\xa7\xec\xab\x43\x09\x18"
"\xd3\xab\x68\xd1\x07\x99\x44\x47"
"\xd6\x83\x85\x3b\x30\xea\xa9\x6b"
"\x63\xea\xc4\x07\xfb\x43\x2f\xa4"
"\xaa\xb0\xab\x03\x89\xce\x3f\x8c"
"\x02\x7c\x86\x54\xbc\x88\xaf\x75"
"\xd2\xdc\x63\x17\xd3\x26\xf6\x96"
"\xa9\x3c\xf1\x61\x8c\x11\x18\xcc"
"\xd6\xea\x5b\xe2\xcd\xf0\xf1\xb2"
"\xe5\x35\x90\x1f\x85\x4c\x76\x5b"
"\x66\xce\x44\xa4\x32\x9f\xe6\x7b"
"\x71\x6e\x9f\x58\x15\x67\x72\x87"
"\x64\x8e\x3a\x44\x45\xd4\x76\xfa"
"\xc2\xf6\xef\x85\x05\x18\x7a\x9b"
"\xba\x41\x54\xac\xf0\xfc\x59\x12"
"\x3f\xdf\xa0\xe5\x8a\x65\xfd\x3a"
"\x62\x8d\x83\x2c\x03\xbe\x05\x76"
"\x2e\x53\x49\x97\x94\x33\xae\x40"
"\x81\x15\xdb\x6e\xad\xaa\xf5\x4b"
"\xe3\x98\x70\xdf\xe0\x7c\xcd\xdb"
"\x02\xd4\x7d\x2f\xc1\xe6\xb4\xf3"
"\xd7\x0d\x7a\xd9\x23\x9e\x87\x2d"
"\xce\x87\xad\xcc\x72\x05\x00\x29"
"\xdc\x73\x7f\x64\xc1\x15\x0e\xc2"
"\xdf\xa7\x5f\xeb\x41\xa1\xcd\xef"
"\x5c\x50\x79\x2a\x56\x56\x71\x8c"
"\xac\xc0\x79\x50\x69\xca\x59\x32"
"\x65\xf2\x54\xe4\x52\x38\x76\xd1"
"\x5e\xde\x26\x9e\xfb\x75\x2e\x11"
"\xb5\x10\xf4\x17\x73\xf5\x89\xc7"
"\x4f\x43\x5c\x8e\x7c\xb9\x05\x52"
"\x24\x40\x99\xfe\x9b\x85\x0b\x6c"
"\x22\x3e\x8b\xae\x86\xa1\xd2\x79"
"\x05\x68\x6b\xab\xe3\x41\x49\xed"
"\x15\xa1\x8d\x40\x2d\x61\xdf\x1a"
"\x59\xc9\x26\x8b\xef\x30\x4c\x88"
"\x4b\x10\xf8\x8d\xa6\x92\x9f\x4b"
"\xf3\xc4\x53\x0b\x89\x5d\x28\x92"
"\xcf\x78\xb2\xc0\x5d\xed\x7e\xfc"
"\xc0\x12\x23\x5f\x5a\x78\x86\x43"
"\x6e\x27\xf7\x5a\xa7\x6a\xed\x19"
"\x04\xf0\xb3\x12\xd1\xbd\x0e\x89"
"\x6e\xbc\x96\xa8\xd8\x49\x39\x9f"
"\x7e\x67\xf0\x2e\x3e\x01\xa9\xba"
"\xec\x8b\x62\x8e\xcb\x4a\x70\x43"
"\xc7\xc2\xc4\xca\x82\x03\x73\xe9"
"\x11\xdf\xcf\x54\xea\xc9\xb0\x95"
"\x51\xc0\x13\x3d\x92\x05\xfa\xf4"
"\xa9\x34\xc8\xce\x6c\x3d\x54\xcc"
"\xc4\xaf\xf1\xdc\x11\x44\x26\xa2"
"\xaf\xf1\x85\x75\x7d\x03\x61\x68"
"\x4e\x78\xc6\x92\x7d\x86\x7d\x77"
"\xdc\x71\x72\xdb\xc6\xae\xa1\xcb"
"\x70\x9a\x0b\x19\xbe\x4a\x6c\x2a"
"\xe2\xba\x6c\x64\x9a\x13\x28\xdf"
"\x85\x75\xe6\x43\xf6\x87\x08\x68"
"\x6e\xba\x6e\x79\x9f\x04\xbc\x23"
"\x50\xf6\x33\x5c\x1f\x24\x25\xbe"
"\x33\x47\x80\x45\x56\xa3\xa7\xd7"
"\x7a\xb1\x34\x0b\x90\x3c\x9c\xad"
"\x44\x5f\x9e\x0e\x9d\xd4\xbd\x93"
"\x5e\xfa\x3c\xe0\xb0\xd9\xed\xf3"
"\xd6\x2e\xff\x24\xd8\x71\x6c\xed"
"\xaf\x55\xeb\x22\xac\x93\x68\x32"
"\x05\x5b\x47\xdd\xc6\x4a\xcb\xc7"
"\x10\xe1\x3c\x92\x1a\xf3\x23\x78"
"\x2b\xa1\xd2\x80\xf4\x12\xb1\x20"
"\x8f\xff\x26\x35\xdd\xfb\xc7\x4e"
"\x78\xf1\x2d\x50\x12\x77\xa8\x60"
"\x7c\x0f\xf5\x16\x2f\x63\x70\x2a"
"\xc0\x96\x80\x4e\x0a\xb4\x93\x35"
"\x5d\x1d\x3f\x56\xf7\x2f\xbb\x90"
"\x11\x16\x8f\xa2\xec\x47\xbe\xac"
"\x56\x01\x26\x56\xb1\x8c\xb2\x10"
"\xf9\x1a\xca\xf5\xd1\xb7\x39\x20"
"\x63\xf1\x69\x20\x4f\x13\x12\x1f"
"\x5b\x65\xfc\x98\xf7\xc4\x7a\xbe"
"\xf7\x26\x4d\x2b\x84\x7b\x42\xad"
"\xd8\x7a\x0a\xb4\xd8\x74\xbf\xc1"
"\xf0\x6e\xb4\x29\xa3\xbb\xca\x46"
"\x67\x70\x6a\x2d\xce\x0e\xa2\x8a"
"\xa9\x87\xbf\x05\xc4\xc1\x04\xa3"
"\xab\xd4\x45\x43\x8c\xb6\x02\xb0"
"\x41\xc8\xfc\x44\x3d\x59\xaa\x2e"
"\x44\x21\x2a\x8d\x88\x9d\x57\xf4"
"\xa0\x02\x77\xb8\xa6\xa0\xe6\x75"
"\x5c\x82\x65\x3e\x03\x5c\x29\x8f"
"\x38\x55\xab\x33\x26\xef\x9f\x43"
"\x52\xfd\x68\xaf\x36\xb4\xbb\x9a"
"\x58\x09\x09\x1b\xc3\x65\x46\x46"
"\x1d\xa7\x94\x18\x23\x50\x2c\xca"
"\x2c\x55\x19\x97\x01\x9d\x93\x3b"
"\x63\x86\xf2\x03\x67\x45\xd2\x72"
"\x28\x52\x6c\xf4\xe3\x1c\xb5\x11"
"\x13\xf1\xeb\x21\xc7\xd9\x56\x82"
"\x2b\x82\x39\xbd\x69\x54\xed\x62"
"\xc3\xe2\xde\x73\xd4\x6a\x12\xae"
"\x13\x21\x7f\x4b\x5b\xfc\xbf\xe8"
"\x2b\xbe\x56\xba\x68\x8b\x9a\xb1"
"\x6e\xfa\xbf\x7e\x5a\x4b\xf1\xac"
"\x98\x65\x85\xd1\x93\x53\xd3\x7b"
"\x09\xdd\x4b\x10\x6d\x84\xb0\x13"
"\x65\xbd\xcf\x52\x09\xc4\x85\xe2"
"\x84\x74\x15\x65\xb7\xf7\x51\xaf"
"\x55\xad\xa4\xd1\x22\x54\x70\x94"
"\xa0\x1c\x90\x41\xfd\x99\xd7\x5a"
"\x31\xef\xaa\x25\xd0\x7f\x4f\xea"
"\x1d\x55\x42\xe5\x49\xb0\xd0\x46"
"\x62\x36\x43\xb2\x82\x15\x75\x50"
"\xa4\x72\xeb\x54\x27\x1f\x8a\xe4"
"\x7d\xe9\x66\xc5\xf1\x53\xa4\xd1"
"\x0c\xeb\xb8\xf8\xbc\xd4\xe2\xe7"
"\xe1\xf8\x4b\xcb\xa9\xa1\xaf\x15"
"\x83\xcb\x72\xd0\x33\x79\x00\x2d"
"\x9f\xd7\xf1\x2e\x1e\x10\xe4\x45"
"\xc0\x75\x3a\x39\xea\x68\xf7\x5d"
"\x1b\x73\x8f\xe9\x8e\x0f\x72\x47"
"\xae\x35\x0a\x31\x7a\x14\x4d\x4a"
"\x6f\x47\xf7\x7e\x91\x6e\x74\x8b"
"\x26\x47\xf9\xc3\xf9\xde\x70\xf5"
"\x61\xab\xa9\x27\x9f\x82\xe4\x9c"
"\x89\x91\x3f\x2e\x6a\xfd\xb5\x49"
"\xe9\xfd\x59\x14\x36\x49\x40\x6d"
"\x32\xd8\x85\x42\xf3\xa5\xdf\x0c"
"\xa8\x27\xd7\x54\xe2\x63\x2f\xf2"
"\x7e\x8b\x8b\xe7\xf1\x9a\x95\x35"
"\x43\xdc\x3a\xe4\xb6\xf4\xd0\xdf"
"\x9c\xcb\x94\xf3\x21\xa0\x77\x50"
"\xe2\xc6\xc4\xc6\x5f\x09\x64\x5b"
"\x92\x90\xd8\xe1\xd1\xed\x4b\x42"
"\xd7\x37\xaf\x65\x3d\x11\x39\xb6"
"\x24\x8a\x60\xae\xd6\x1e\xbf\x0e"
"\x0d\xd7\xdc\x96\x0e\x65\x75\x4e"
"\x29\x06\x9d\xa4\x51\x3a\x10\x63"
"\x8f\x17\x07\xd5\x8e\x3c\xf4\x28"
"\x00\x5a\x5b\x05\x19\xd8\xc0\x6c"
"\xe5\x15\xe4\x9c\x9d\x71\x9d\x5e"
"\x94\x29\x1a\xa7\x80\xfa\x0e\x33"
"\x03\xdd\xb7\x3e\x9a\xa9\x26\x18"
"\x37\xa9\x64\x08\x4d\x94\x5a\x88"
"\xca\x35\xce\x81\x02\xe3\x1f\x1b"
"\x89\x1a\x77\x85\xe3\x41\x6d\x32"
"\x42\x19\x23\x7d\xc8\x73\xee\x25"
"\x85\x0d\xf8\x31\x25\x79\x1b\x6f"
"\x79\x25\xd2\xd8\xd4\x23\xfd\xf7"
"\x82\x36\x6a\x0c\x46\x22\x15\xe9"
"\xff\x72\x41\x91\x91\x7d\x3a\xb7"
"\xdd\x65\x99\x70\xf6\x8d\x84\xf8"
"\x67\x15\x20\x11\xd6\xb2\x55\x7b"
"\xdb\x87\xee\xef\x55\x89\x2a\x59"
"\x2b\x07\x8f\x43\x8a\x59\x3c\x01"
"\x8b\x65\x54\xa1\x66\xd5\x38\xbd"
"\xc6\x30\xa9\xcc\x49\xb6\xa8\x1b"
"\xb8\xc0\x0e\xe3\x45\x28\xe2\xff"
"\x41\x9f\x7e\x7c\xd1\xae\x9e\x25"
"\x3f\x4c\x7c\x7c\xf4\xa8\x26\x4d"
"\x5c\xfd\x4b\x27\x18\xf9\x61\x76"
"\x48\xba\x0c\x6b\xa9\x4d\xfc\xf5"
"\x3b\x35\x7e\x2f\x4a\xa9\xc2\x9a"
"\xae\xab\x86\x09\x89\xc9\xc2\x40"
"\x39\x2c\x81\xb3\xb8\x17\x67\xc2"
"\x0d\x32\x4a\x3a\x67\x81\xd7\x1a"
"\x34\x52\xc5\xdb\x0a\xf5\x63\x39"
"\xea\x1f\xe1\x7c\xa1\x9e\xc1\x35"
"\xe3\xb1\x18\x45\x67\xf9\x22\x38"
"\x95\xd9\x34\x34\x86\xc6\x41\x94"
"\x15\xf9\x5b\x41\xa6\x87\x8b\xf8"
"\xd5\xe1\x1b\xe2\x5b\xf3\x86\x10"
"\xff\xe6\xae\x69\x76\xbc\x0d\xb4"
"\x09\x90\x0c\xa2\x65\x0c\xad\x74"
"\xf5\xd7\xff\xda\xc1\xce\x85\xbe"
"\x00\xa7\xff\x4d\x2f\x65\xd3\x8c"
"\x86\x2d\x05\xe8\xed\x3e\x6b\x8b"
"\x0f\x3d\x83\x8c\xf1\x1d\x5b\x96"
"\x2e\xb1\x9c\xc2\x98\xe1\x70\xb9"
"\xba\x5c\x8a\x43\xd6\x34\xa7\x2d"
"\xc9\x92\xae\xf2\xa5\x7b\x05\x49"
"\xa7\x33\x34\x86\xca\xe4\x96\x23"
"\x76\x5b\xf2\xc6\xf1\x51\x28\x42"
"\x7b\xcc\x76\x8f\xfa\xa2\xad\x31"
"\xd4\xd6\x7a\x6d\x25\x25\x54\xe4"
"\x3f\x50\x59\xe1\x5c\x05\xb7\x27"
"\x48\xbf\x07\xec\x1b\x13\xbe\x2b"
"\xa1\x57\x2b\xd5\xab\xd7\xd0\x4c"
"\x1e\xcb\x71\x9b\xc5\x90\x85\xd3"
"\xde\x59\xec\x71\xeb\x89\xbb\xd0"
"\x09\x50\xe1\x16\x3f\xfd\x1c\x34"
"\xc3\x1c\xa1\x10\x77\x53\x98\xef"
"\xf2\xfd\xa5\x01\x59\xc2\x9b\x26"
"\xc7\x42\xd9\x49\xda\x58\x2b\x6e"
"\x9f\x53\x19\x76\x7e\xd9\xc9\x0e"
"\x68\xc8\x7f\x51\x22\x42\xef\x49"
"\xa4\x55\xb6\x36\xac\x09\xc7\x31"
"\x88\x15\x4b\x2e\x8f\x3a\x08\xf7"
"\xd8\xf7\xa8\xc5\xa9\x33\xa6\x45"
"\xe4\xc4\x94\x76\xf3\x0d\x8f\x7e"
"\xc8\xf6\xbc\x23\x0a\xb6\x4c\xd3"
"\x6a\xcd\x36\xc2\x90\x5c\x5c\x3c"
"\x65\x7b\xc2\xd6\xcc\xe6\x0d\x87"
"\x73\x2e\x71\x79\x16\x06\x63\x28"
"\x09\x15\xd8\x89\x38\x38\x3d\xb5"
"\x42\x1c\x08\x24\xf7\x2a\xd2\x9d"
"\xc8\xca\xef\xf9\x27\xd8\x07\x86"
"\xf7\x43\x0b\x55\x15\x3f\x9f\x83"
"\xef\xdc\x49\x9d\x2a\xc1\x54\x62"
"\xbd\x9b\x66\x55\x9f\xb7\x12\xf3"
"\x1b\x4d\x9d\x2a\x5c\xed\x87\x75"
"\x87\x26\xec\x61\x2c\xb4\x0f\x89"
"\xb0\xfb\x2e\x68\x5d\x15\xc7\x8d"
"\x2e\xc0\xd9\xec\xaf\x4f\xd2\x25"
"\x29\xe8\xd2\x26\x2b\x67\xe9\xfc"
"\x2b\xa8\x67\x96\x12\x1f\x5b\x96"
"\xc6\x14\x53\xaf\x44\xea\xd6\xe2"
"\x94\x98\xe4\x12\x93\x4c\x92\xe0"
"\x18\xa5\x8d\x2d\xe4\x71\x3c\x47"
"\x4c\xf7\xe6\x47\x9e\xc0\x68\xdf"
"\xd4\xf5\x5a\x74\xb1\x2b\x29\x03"
"\x19\x07\xaf\x90\x62\x5c\x68\x98"
"\x48\x16\x11\x02\x9d\xee\xb4\x9b"
"\xe5\x42\x7f\x08\xfd\x16\x32\x0b"
"\xd0\xb3\xfa\x2b\xb7\x99\xf9\x29"
"\xcd\x20\x45\x9f\xb3\x1a\x5d\xa2"
"\xaf\x4d\xe0\xbd\x42\x0d\xbc\x74"
"\x99\x9c\x8e\x53\x1a\xb4\x3e\xbd"
"\xa2\x9a\x2d\xf7\xf8\x39\x0f\x67"
"\x63\xfc\x6b\xc0\xaf\xb3\x4b\x4f"
"\x55\xc4\xcf\xa7\xc8\x04\x11\x3e"
"\x14\x32\xbb\x1b\x38\x77\xd6\x7f"
"\x54\x4c\xdf\x75\xf3\x07\x2d\x33"
"\x9b\xa8\x20\xe1\x7b\x12\xb5\xf3"
"\xef\x2f\xce\x72\xe5\x24\x60\xc1"
"\x30\xe2\xab\xa1\x8e\x11\x09\xa8"
"\x21\x33\x44\xfe\x7f\x35\x32\x93"
"\x39\xa7\xad\x8b\x79\x06\xb2\xcb"
"\x4e\xa9\x5f\xc7\xba\x74\x29\xec"
"\x93\xa0\x4e\x54\x93\xc0\xbc\x55"
"\x64\xf0\x48\xe5\x57\x99\xee\x75"
"\xd6\x79\x0f\x66\xb7\xc6\x57\x76"
"\xf7\xb7\xf3\x9c\xc5\x60\xe8\x7f"
"\x83\x76\xd6\x0e\xaa\xe6\x90\x39"
"\x1d\xa6\x32\x6a\x34\xe3\x55\xf8"
"\x58\xa0\x58\x7d\x33\xe0\x22\x39"
"\x44\x64\x87\x86\x5a\x2f\xa7\x7e"
"\x0f\x38\xea\xb0\x30\xcc\x61\xa5"
"\x6a\x32\xae\x1e\xf7\xe9\xd0\xa9"
"\x0c\x32\x4b\xb5\x49\x28\xab\x85"
"\x2f\x8e\x01\x36\x38\x52\xd0\xba"
"\xd6\x02\x78\xf8\x0e\x3e\x9c\x8b"
"\x6b\x45\x99\x3f\x5c\xfe\x58\xf1"
"\x5c\x94\x04\xe1\xf5\x18\x6d\x51"
"\xb2\x5d\x18\x20\xb6\xc2\x9a\x42"
"\x1d\xb3\xab\x3c\xb6\x3a\x13\x03"
"\xb2\x46\x82\x4f\xfc\x64\xbc\x4f"
"\xca\xfa\x9c\xc0\xd5\xa7\xbd\x11"
"\xb7\xe4\x5a\xf6\x6f\x4d\x4d\x54"
"\xea\xa4\x98\x66\xd4\x22\x3b\xd3"
"\x8f\x34\x47\xd9\x7c\xf4\x72\x3b"
"\x4d\x02\x77\xf6\xd6\xdd\x08\x0a"
"\x81\xe1\x86\x89\x3e\x56\x10\x3c"
"\xba\xd7\x81\x8c\x08\xbc\x8b\xe2"
"\x53\xec\xa7\x89\xee\xc8\x56\xb5"
"\x36\x2c\xb2\x03\xba\x99\xdd\x7c"
"\x48\xa0\xb0\xbc\x91\x33\xe9\xa8"
"\xcb\xcd\xcf\x59\x5f\x1f\x15\xe2"
"\x56\xf5\x4e\x01\x35\x27\x45\x77"
"\x47\xc8\xbc\xcb\x7e\x39\xc1\x97"
"\x28\xd3\x84\xfc\x2c\x3e\xc8\xad"
"\x9c\xf8\x8a\x61\x9c\x28\xaa\xc5"
"\x99\x20\x43\x85\x9d\xa5\xe2\x8b"
"\xb8\xae\xeb\xd0\x32\x0d\x52\x78"
"\x09\x56\x3f\xc7\xd8\x7e\x26\xfc"
"\x37\xfb\x6f\x04\xfc\xfa\x92\x10"
"\xac\xf8\x3e\x21\xdc\x8c\x21\x16"
"\x7d\x67\x6e\xf6\xcd\xda\xb6\x98"
"\x23\xab\x23\x3c\xb2\x10\xa0\x53"
"\x5a\x56\x9f\xc5\xd0\xff\xbb\xe4"
"\x98\x3c\x69\x1e\xdb\x38\x8f\x7e"
"\x0f\xd2\x98\x88\x81\x8b\x45\x67"
"\xea\x33\xf1\xeb\xe9\x97\x55\x2e"
"\xd9\xaa\xeb\x5a\xec\xda\xe1\x68"
"\xa8\x9d\x3c\x84\x7c\x05\x3d\x62"
"\x87\x8f\x03\x21\x28\x95\x0c\x89"
"\x25\x22\x4a\xb0\x93\xa9\x50\xa2"
"\x2f\x57\x6e\x18\x42\x19\x54\x0c"
"\x55\x67\xc6\x11\x49\xf4\x5c\xd2"
"\xe9\x3d\xdd\x8b\x48\x71\x21\x00"
"\xc3\x9a\x6c\x85\x74\x28\x83\x4a"
"\x1b\x31\x05\xe1\x06\x92\xe7\xda"
"\x85\x73\x78\x45\x20\x7f\xae\x13"
"\x7c\x33\x06\x22\xf4\x83\xf9\x35"
"\x3f\x6c\x71\xa8\x4e\x48\xbe\x9b"
"\xce\x8a\xba\xda\xbe\x28\x08\xf7"
"\xe2\x14\x8c\x71\xea\x72\xf9\x33"
"\xf2\x88\x3f\xd7\xbb\x69\x6c\x29"
"\x19\xdc\x84\xce\x1f\x12\x4f\xc8"
"\xaf\xa5\x04\xba\x5a\xab\xb0\xd9"
"\x14\x1f\x6c\x68\x98\x39\x89\x7a"
"\xd9\xd8\x2f\xdf\xa8\x47\x4a\x25"
"\xe2\xfb\x33\xf4\x59\x78\xe1\x68"
"\x85\xcf\xfe\x59\x20\xd4\x05\x1d"
"\x80\x99\xae\xbc\xca\xae\x0f\x2f"
"\x65\x43\x34\x8e\x7e\xac\xd3\x93"
"\x2f\xac\x6d\x14\x3d\x02\x07\x70"
"\x9d\xa4\xf3\x1b\x5c\x36\xfc\x01"
"\x73\x34\x85\x0c\x6c\xd6\xf1\xbd"
"\x3f\xdf\xee\xf5\xd9\xba\x56\xef"
"\xf4\x9b\x6b\xee\x9f\x5a\x78\x6d"
"\x32\x19\xf4\xf7\xf8\x4c\x69\x0b"
"\x4b\xbc\xbb\xb7\xf2\x85\xaf\x70"
"\x75\x24\x6c\x54\xa7\x0e\x4d\x1d"
"\x01\xbf\x08\xac\xcf\x7f\x2c\xe3"
"\x14\x89\x5e\x70\x5a\x99\x92\xcd"
"\x01\x84\xc8\xd2\xab\xe5\x4f\x58"
"\xe7\x0f\x2f\x0e\xff\x68\xea\xfd"
"\x15\xb3\x17\xe6\xb0\xe7\x85\xd8"
"\x23\x2e\x05\xc7\xc9\xc4\x46\x1f"
"\xe1\x9e\x49\x20\x23\x24\x4d\x7e"
"\x29\x65\xff\xf4\xb6\xfd\x1a\x85"
"\xc4\x16\xec\xfc\xea\x7b\xd6\x2c"
"\x43\xf8\xb7\xbf\x79\xc0\x85\xcd"
"\xef\xe1\x98\xd3\xa5\xf7\x90\x8c"
"\xe9\x7f\x80\x6b\xd2\xac\x4c\x30"
"\xa7\xc6\x61\x6c\xd2\xf9\x2c\xff"
"\x30\xbc\x22\x81\x7d\x93\x12\xe4"
"\x0a\xcd\xaf\xdd\xe8\xab\x0a\x1e"
"\x13\xa4\x27\xc3\x5f\xf7\x4b\xbb"
"\x37\x09\x4b\x91\x6f\x92\x4f\xaf"
"\x52\xee\xdf\xef\x09\x6f\xf7\x5c"
"\x6e\x12\x17\x72\x63\x57\xc7\xba"
"\x3b\x6b\x38\x32\x73\x1b\x9c\x80"
"\xc1\x7a\xc6\xcf\xcd\x35\xc0\x6b"
"\x31\x1a\x6b\xe9\xd8\x2c\x29\x3f"
"\x96\xfb\xb6\xcd\x13\x91\x3b\xc2"
"\xd2\xa3\x31\x8d\xa4\xcd\x57\xcd"
"\x13\x3d\x64\xfd\x06\xce\xe6\xdc"
"\x0c\x24\x43\x31\x40\x57\xf1\x72"
"\x17\xe3\x3a\x63\x6d\x35\xcf\x5d"
"\x97\x40\x59\xdd\xf7\x3c\x02\xf7"
"\x1c\x7e\x05\xbb\xa9\x0d\x01\xb1"
"\x8e\xc0\x30\xa9\x53\x24\xc9\x89"
"\x84\x6d\xaa\xd0\xcd\x91\xc2\x4d"
"\x91\xb0\x89\xe2\xbf\x83\x44\xaa"
"\x28\x72\x23\xa0\xc2\xad\xad\x1c"
"\xfc\x3f\x09\x7a\x0b\xdc\xc5\x1b"
"\x87\x13\xc6\x5b\x59\x8d\xf2\xc8"
"\xaf\xdf\x11\x95",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 4100,
.np = 2,
.tap = { 4064, 36 },
},
};
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec chacha20_tv_template[] = {
{ /* RFC7539 A.2. Test Vector #1 */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x76\xb8\xe0\xad\xa0\xf1\x3d\x90"
"\x40\x5d\x6a\xe5\x53\x86\xbd\x28"
"\xbd\xd2\x19\xb8\xa0\x8d\xed\x1a"
"\xa8\x36\xef\xcc\x8b\x77\x0d\xc7"
"\xda\x41\x59\x7c\x51\x57\x48\x8d"
"\x77\x24\xe0\x3f\xb8\xd8\x4a\x37"
"\x6a\x43\xb8\xf4\x15\x18\xa1\x1c"
"\xc3\x87\xb6\x69\xb2\xee\x65\x86",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 64,
}, { /* RFC7539 A.2. Test Vector #2 */
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.klen = 32,
.iv = "\x01\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x02",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
"\x69\x73\x73\x69\x6f\x6e\x20\x74"
"\x6f\x20\x74\x68\x65\x20\x49\x45"
"\x54\x46\x20\x69\x6e\x74\x65\x6e"
"\x64\x65\x64\x20\x62\x79\x20\x74"
"\x68\x65\x20\x43\x6f\x6e\x74\x72"
"\x69\x62\x75\x74\x6f\x72\x20\x66"
"\x6f\x72\x20\x70\x75\x62\x6c\x69"
"\x63\x61\x74\x69\x6f\x6e\x20\x61"
"\x73\x20\x61\x6c\x6c\x20\x6f\x72"
"\x20\x70\x61\x72\x74\x20\x6f\x66"
"\x20\x61\x6e\x20\x49\x45\x54\x46"
"\x20\x49\x6e\x74\x65\x72\x6e\x65"
"\x74\x2d\x44\x72\x61\x66\x74\x20"
"\x6f\x72\x20\x52\x46\x43\x20\x61"
"\x6e\x64\x20\x61\x6e\x79\x20\x73"
"\x74\x61\x74\x65\x6d\x65\x6e\x74"
"\x20\x6d\x61\x64\x65\x20\x77\x69"
"\x74\x68\x69\x6e\x20\x74\x68\x65"
"\x20\x63\x6f\x6e\x74\x65\x78\x74"
"\x20\x6f\x66\x20\x61\x6e\x20\x49"
"\x45\x54\x46\x20\x61\x63\x74\x69"
"\x76\x69\x74\x79\x20\x69\x73\x20"
"\x63\x6f\x6e\x73\x69\x64\x65\x72"
"\x65\x64\x20\x61\x6e\x20\x22\x49"
"\x45\x54\x46\x20\x43\x6f\x6e\x74"
"\x72\x69\x62\x75\x74\x69\x6f\x6e"
"\x22\x2e\x20\x53\x75\x63\x68\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x63\x6c\x75"
"\x64\x65\x20\x6f\x72\x61\x6c\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x20\x49\x45"
"\x54\x46\x20\x73\x65\x73\x73\x69"
"\x6f\x6e\x73\x2c\x20\x61\x73\x20"
"\x77\x65\x6c\x6c\x20\x61\x73\x20"
"\x77\x72\x69\x74\x74\x65\x6e\x20"
"\x61\x6e\x64\x20\x65\x6c\x65\x63"
"\x74\x72\x6f\x6e\x69\x63\x20\x63"
"\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
"\x74\x69\x6f\x6e\x73\x20\x6d\x61"
"\x64\x65\x20\x61\x74\x20\x61\x6e"
"\x79\x20\x74\x69\x6d\x65\x20\x6f"
"\x72\x20\x70\x6c\x61\x63\x65\x2c"
"\x20\x77\x68\x69\x63\x68\x20\x61"
"\x72\x65\x20\x61\x64\x64\x72\x65"
"\x73\x73\x65\x64\x20\x74\x6f",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\xa3\xfb\xf0\x7d\xf3\xfa\x2f\xde"
"\x4f\x37\x6c\xa2\x3e\x82\x73\x70"
"\x41\x60\x5d\x9f\x4f\x4f\x57\xbd"
"\x8c\xff\x2c\x1d\x4b\x79\x55\xec"
"\x2a\x97\x94\x8b\xd3\x72\x29\x15"
"\xc8\xf3\xd3\x37\xf7\xd3\x70\x05"
"\x0e\x9e\x96\xd6\x47\xb7\xc3\x9f"
"\x56\xe0\x31\xca\x5e\xb6\x25\x0d"
"\x40\x42\xe0\x27\x85\xec\xec\xfa"
"\x4b\x4b\xb5\xe8\xea\xd0\x44\x0e"
"\x20\xb6\xe8\xdb\x09\xd8\x81\xa7"
"\xc6\x13\x2f\x42\x0e\x52\x79\x50"
"\x42\xbd\xfa\x77\x73\xd8\xa9\x05"
"\x14\x47\xb3\x29\x1c\xe1\x41\x1c"
"\x68\x04\x65\x55\x2a\xa6\xc4\x05"
"\xb7\x76\x4d\x5e\x87\xbe\xa8\x5a"
"\xd0\x0f\x84\x49\xed\x8f\x72\xd0"
"\xd6\x62\xab\x05\x26\x91\xca\x66"
"\x42\x4b\xc8\x6d\x2d\xf8\x0e\xa4"
"\x1f\x43\xab\xf9\x37\xd3\x25\x9d"
"\xc4\xb2\xd0\xdf\xb4\x8a\x6c\x91"
"\x39\xdd\xd7\xf7\x69\x66\xe9\x28"
"\xe6\x35\x55\x3b\xa7\x6c\x5c\x87"
"\x9d\x7b\x35\xd4\x9e\xb2\xe6\x2b"
"\x08\x71\xcd\xac\x63\x89\x39\xe2"
"\x5e\x8a\x1e\x0e\xf9\xd5\x28\x0f"
"\xa8\xca\x32\x8b\x35\x1c\x3c\x76"
"\x59\x89\xcb\xcf\x3d\xaa\x8b\x6c"
"\xcc\x3a\xaf\x9f\x39\x79\xc9\x2b"
"\x37\x20\xfc\x88\xdc\x95\xed\x84"
"\xa1\xbe\x05\x9c\x64\x99\xb9\xfd"
"\xa2\x36\xe7\xe8\x18\xb0\x4b\x0b"
"\xc3\x9c\x1e\x87\x6b\x19\x3b\xfe"
"\x55\x69\x75\x3f\x88\x12\x8c\xc0"
"\x8a\xaa\x9b\x63\xd1\xa1\x6f\x80"
"\xef\x25\x54\xd7\x18\x9c\x41\x1f"
"\x58\x69\xca\x52\xc5\xb8\x3f\xa3"
"\x6f\xf2\x16\xb9\xc1\xd3\x00\x62"
"\xbe\xbc\xfd\x2d\xc5\xbc\xe0\x91"
"\x19\x34\xfd\xa7\x9a\x86\xf6\xe6"
"\x98\xce\xd7\x59\xc3\xff\x9b\x64"
"\x77\x33\x8f\x3d\xa4\xf9\xcd\x85"
"\x14\xea\x99\x82\xcc\xaf\xb3\x41"
"\xb2\x38\x4d\xd9\x02\xf3\xd1\xab"
"\x7a\xc6\x1d\xd2\x9c\x6f\x21\xba"
"\x5b\x86\x2f\x37\x30\xe3\x7c\xfd"
"\xc4\xfd\x80\x6c\x22\xf2\x21",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 375,
.also_non_np = 1,
.np = 3,
.tap = { 375 - 20, 4, 16 },
}, { /* RFC7539 A.2. Test Vector #3 */
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
.iv = "\x2a\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x02",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x27\x54\x77\x61\x73\x20\x62\x72"
"\x69\x6c\x6c\x69\x67\x2c\x20\x61"
"\x6e\x64\x20\x74\x68\x65\x20\x73"
"\x6c\x69\x74\x68\x79\x20\x74\x6f"
"\x76\x65\x73\x0a\x44\x69\x64\x20"
"\x67\x79\x72\x65\x20\x61\x6e\x64"
"\x20\x67\x69\x6d\x62\x6c\x65\x20"
"\x69\x6e\x20\x74\x68\x65\x20\x77"
"\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
"\x20\x6d\x69\x6d\x73\x79\x20\x77"
"\x65\x72\x65\x20\x74\x68\x65\x20"
"\x62\x6f\x72\x6f\x67\x6f\x76\x65"
"\x73\x2c\x0a\x41\x6e\x64\x20\x74"
"\x68\x65\x20\x6d\x6f\x6d\x65\x20"
"\x72\x61\x74\x68\x73\x20\x6f\x75"
"\x74\x67\x72\x61\x62\x65\x2e",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x62\xe6\x34\x7f\x95\xed\x87\xa4"
"\x5f\xfa\xe7\x42\x6f\x27\xa1\xdf"
"\x5f\xb6\x91\x10\x04\x4c\x0d\x73"
"\x11\x8e\xff\xa9\x5b\x01\xe5\xcf"
"\x16\x6d\x3d\xf2\xd7\x21\xca\xf9"
"\xb2\x1e\x5f\xb1\x4c\x61\x68\x71"
"\xfd\x84\xc5\x4f\x9d\x65\xb2\x83"
"\x19\x6c\x7f\xe4\xf6\x05\x53\xeb"
"\xf3\x9c\x64\x02\xc4\x22\x34\xe3"
"\x2a\x35\x6b\x3e\x76\x43\x12\xa6"
"\x1a\x55\x32\x05\x57\x16\xea\xd6"
"\x96\x25\x68\xf8\x7d\x3f\x3f\x77"
"\x04\xc6\xa8\xd1\xbc\xd1\xbf\x4d"
"\x50\xd6\x15\x4b\x6d\xa7\x31\xb1"
"\x87\xb5\x8d\xfd\x72\x8a\xfa\x36"
"\x75\x7a\x79\x7a\xc1\x88\xd1",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 127,
}, { /* Self-made test vector for long data */
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
.iv = "\x1c\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd"
"\xc5\x40\x8f\x47\x05\xbc\xdd\x81"
"\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb"
"\x09\x0e\x6e\x22\x48\x1f\xbf\xb8"
"\x5c\xf7\x1e\x8a\xc1\x23\xf2\xd4"
"\x19\x4b\x01\x0f\x4e\xa4\x43\xce"
"\x01\xc6\x67\xda\x03\x91\x18\x90"
"\xa5\xa4\x8e\x45\x03\xb3\x2d\xac"
"\x74\x92\xd3\x53\x47\xc8\xdd\x25"
"\x53\x6c\x02\x03\x87\x0d\x11\x0c"
"\x58\xe3\x12\x18\xfd\x2a\x5b\x40"
"\x0c\x30\xf0\xb8\x3f\x43\xce\xae"
"\x65\x3a\x7d\x7c\xf4\x54\xaa\xcc"
"\x33\x97\xc3\x77\xba\xc5\x70\xde"
"\xd7\xd5\x13\xa5\x65\xc4\x5f\x0f"
"\x46\x1a\x0d\x97\xb5\xf3\xbb\x3c"
"\x84\x0f\x2b\xc5\xaa\xea\xf2\x6c"
"\xc9\xb5\x0c\xee\x15\xf3\x7d\xbe"
"\x9f\x7b\x5a\xa6\xae\x4f\x83\xb6"
"\x79\x49\x41\xf4\x58\x18\xcb\x86"
"\x7f\x30\x0e\xf8\x7d\x44\x36\xea"
"\x75\xeb\x88\x84\x40\x3c\xad\x4f"
"\x6f\x31\x6b\xaa\x5d\xe5\xa5\xc5"
"\x21\x66\xe9\xa7\xe3\xb2\x15\x88"
"\x78\xf6\x79\xa1\x59\x47\x12\x4e"
"\x9f\x9f\x64\x1a\xa0\x22\x5b\x08"
"\xbe\x7c\x36\xc2\x2b\x66\x33\x1b"
"\xdd\x60\x71\xf7\x47\x8c\x61\xc3"
"\xda\x8a\x78\x1e\x16\xfa\x1e\x86"
"\x81\xa6\x17\x2a\xa7\xb5\xc2\xe7"
"\xa4\xc7\x42\xf1\xcf\x6a\xca\xb4"
"\x45\xcf\xf3\x93\xf0\xe7\xea\xf6"
"\xf4\xe6\x33\x43\x84\x93\xa5\x67"
"\x9b\x16\x58\x58\x80\x0f\x2b\x5c"
"\x24\x74\x75\x7f\x95\x81\xb7\x30"
"\x7a\x33\xa7\xf7\x94\x87\x32\x27"
"\x10\x5d\x14\x4c\x43\x29\xdd\x26"
"\xbd\x3e\x3c\x0e\xfe\x0e\xa5\x10"
"\xea\x6b\x64\xfd\x73\xc6\xed\xec"
"\xa8\xc9\xbf\xb3\xba\x0b\x4d\x07"
"\x70\xfc\x16\xfd\x79\x1e\xd7\xc5"
"\x49\x4e\x1c\x8b\x8d\x79\x1b\xb1"
"\xec\xca\x60\x09\x4c\x6a\xd5\x09"
"\x49\x46\x00\x88\x22\x8d\xce\xea"
"\xb1\x17\x11\xde\x42\xd2\x23\xc1"
"\x72\x11\xf5\x50\x73\x04\x40\x47"
"\xf9\x5d\xe7\xa7\x26\xb1\x7e\xb0"
"\x3f\x58\xc1\x52\xab\x12\x67\x9d"
"\x3f\x43\x4b\x68\xd4\x9c\x68\x38"
"\x07\x8a\x2d\x3e\xf3\xaf\x6a\x4b"
"\xf9\xe5\x31\x69\x22\xf9\xa6\x69"
"\xc6\x9c\x96\x9a\x12\x35\x95\x1d"
"\x95\xd5\xdd\xbe\xbf\x93\x53\x24"
"\xfd\xeb\xc2\x0a\x64\xb0\x77\x00"
"\x6f\x88\xc4\x37\x18\x69\x7c\xd7"
"\x41\x92\x55\x4c\x03\xa1\x9a\x4b"
"\x15\xe5\xdf\x7f\x37\x33\x72\xc1"
"\x8b\x10\x67\xa3\x01\x57\x94\x25"
"\x7b\x38\x71\x7e\xdd\x1e\xcc\x73"
"\x55\xd2\x8e\xeb\x07\xdd\xf1\xda"
"\x58\xb1\x47\x90\xfe\x42\x21\x72"
"\xa3\x54\x7a\xa0\x40\xec\x9f\xdd"
"\xc6\x84\x6e\xca\xae\xe3\x68\xb4"
"\x9d\xe4\x78\xff\x57\xf2\xf8\x1b"
"\x03\xa1\x31\xd9\xde\x8d\xf5\x22"
"\x9c\xdd\x20\xa4\x1e\x27\xb1\x76"
"\x4f\x44\x55\xe2\x9b\xa1\x9c\xfe"
"\x54\xf7\x27\x1b\xf4\xde\x02\xf5"
"\x1b\x55\x48\x5c\xdc\x21\x4b\x9e"
"\x4b\x6e\xed\x46\x23\xdc\x65\xb2"
"\xcf\x79\x5f\x28\xe0\x9e\x8b\xe7"
"\x4c\x9d\x8a\xff\xc1\xa6\x28\xb8"
"\x65\x69\x8a\x45\x29\xef\x74\x85"
"\xde\x79\xc7\x08\xae\x30\xb0\xf4"
"\xa3\x1d\x51\x41\xab\xce\xcb\xf6"
"\xb5\xd8\x6d\xe0\x85\xe1\x98\xb3"
"\x43\xbb\x86\x83\x0a\xa0\xf5\xb7"
"\x04\x0b\xfa\x71\x1f\xb0\xf6\xd9"
"\x13\x00\x15\xf0\xc7\xeb\x0d\x5a"
"\x9f\xd7\xb9\x6c\x65\x14\x22\x45"
"\x6e\x45\x32\x3e\x7e\x60\x1a\x12"
"\x97\x82\x14\xfb\xaa\x04\x22\xfa"
"\xa0\xe5\x7e\x8c\x78\x02\x48\x5d"
"\x78\x33\x5a\x7c\xad\xdb\x29\xce"
"\xbb\x8b\x61\xa4\xb7\x42\xe2\xac"
"\x8b\x1a\xd9\x2f\x0b\x8b\x62\x21"
"\x83\x35\x7e\xad\x73\xc2\xb5\x6c"
"\x10\x26\x38\x07\xe5\xc7\x36\x80"
"\xe2\x23\x12\x61\xf5\x48\x4b\x2b"
"\xc5\xdf\x15\xd9\x87\x01\xaa\xac"
"\x1e\x7c\xad\x73\x78\x18\x63\xe0"
"\x8b\x9f\x81\xd8\x12\x6a\x28\x10"
"\xbe\x04\x68\x8a\x09\x7c\x1b\x1c"
"\x83\x66\x80\x47\x80\xe8\xfd\x35"
"\x1c\x97\x6f\xae\x49\x10\x66\xcc"
"\xc6\xd8\xcc\x3a\x84\x91\x20\x77"
"\x72\xe4\x24\xd2\x37\x9f\xc5\xc9"
"\x25\x94\x10\x5f\x40\x00\x64\x99"
"\xdc\xae\xd7\x21\x09\x78\x50\x15"
"\xac\x5f\xc6\x2c\xa2\x0b\xa9\x39"
"\x87\x6e\x6d\xab\xde\x08\x51\x16"
"\xc7\x13\xe9\xea\xed\x06\x8e\x2c"
"\xf8\x37\x8c\xf0\xa6\x96\x8d\x43"
"\xb6\x98\x37\xb2\x43\xed\xde\xdf"
"\x89\x1a\xe7\xeb\x9d\xa1\x7b\x0b"
"\x77\xb0\xe2\x75\xc0\xf1\x98\xd9"
"\x80\x55\xc9\x34\x91\xd1\x59\xe8"
"\x4b\x0f\xc1\xa9\x4b\x7a\x84\x06"
"\x20\xa8\x5d\xfa\xd1\xde\x70\x56"
"\x2f\x9e\x91\x9c\x20\xb3\x24\xd8"
"\x84\x3d\xe1\x8c\x7e\x62\x52\xe5"
"\x44\x4b\x9f\xc2\x93\x03\xea\x2b"
"\x59\xc5\xfa\x3f\x91\x2b\xbb\x23"
"\xf5\xb2\x7b\xf5\x38\xaf\xb3\xee"
"\x63\xdc\x7b\xd1\xff\xaa\x8b\xab"
"\x82\x6b\x37\x04\xeb\x74\xbe\x79"
"\xb9\x83\x90\xef\x20\x59\x46\xff"
"\xe9\x97\x3e\x2f\xee\xb6\x64\x18"
"\x38\x4c\x7a\x4a\xf9\x61\xe8\x9a"
"\xa1\xb5\x01\xa6\x47\xd3\x11\xd4"
"\xce\xd3\x91\x49\x88\xc7\xb8\x4d"
"\xb1\xb9\x07\x6d\x16\x72\xae\x46"
"\x5e\x03\xa1\x4b\xb6\x02\x30\xa8"
"\x3d\xa9\x07\x2a\x7c\x19\xe7\x62"
"\x87\xe3\x82\x2f\x6f\xe1\x09\xd9"
"\x94\x97\xea\xdd\x58\x9e\xae\x76"
"\x7e\x35\xe5\xb4\xda\x7e\xf4\xde"
"\xf7\x32\x87\xcd\x93\xbf\x11\x56"
"\x11\xbe\x08\x74\xe1\x69\xad\xe2"
"\xd7\xf8\x86\x75\x8a\x3c\xa4\xbe"
"\x70\xa7\x1b\xfc\x0b\x44\x2a\x76"
"\x35\xea\x5d\x85\x81\xaf\x85\xeb"
"\xa0\x1c\x61\xc2\xf7\x4f\xa5\xdc"
"\x02\x7f\xf6\x95\x40\x6e\x8a\x9a"
"\xf3\x5d\x25\x6e\x14\x3a\x22\xc9"
"\x37\x1c\xeb\x46\x54\x3f\xa5\x91"
"\xc2\xb5\x8c\xfe\x53\x08\x97\x32"
"\x1b\xb2\x30\x27\xfe\x25\x5d\xdc"
"\x08\x87\xd0\xe5\x94\x1a\xd4\xf1"
"\xfe\xd6\xb4\xa3\xe6\x74\x81\x3c"
"\x1b\xb7\x31\xa7\x22\xfd\xd4\xdd"
"\x20\x4e\x7c\x51\xb0\x60\x73\xb8"
"\x9c\xac\x91\x90\x7e\x01\xb0\xe1"
"\x8a\x2f\x75\x1c\x53\x2a\x98\x2a"
"\x06\x52\x95\x52\xb2\xe9\x25\x2e"
"\x4c\xe2\x5a\x00\xb2\x13\x81\x03"
"\x77\x66\x0d\xa5\x99\xda\x4e\x8c"
"\xac\xf3\x13\x53\x27\x45\xaf\x64"
"\x46\xdc\xea\x23\xda\x97\xd1\xab"
"\x7d\x6c\x30\x96\x1f\xbc\x06\x34"
"\x18\x0b\x5e\x21\x35\x11\x8d\x4c"
"\xe0\x2d\xe9\x50\x16\x74\x81\xa8"
"\xb4\x34\xb9\x72\x42\xa6\xcc\xbc"
"\xca\x34\x83\x27\x10\x5b\x68\x45"
"\x8f\x52\x22\x0c\x55\x3d\x29\x7c"
"\xe3\xc0\x66\x05\x42\x91\x5f\x58"
"\xfe\x4a\x62\xd9\x8c\xa9\x04\x19"
"\x04\xa9\x08\x4b\x57\xfc\x67\x53"
"\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f"
"\x92\xd6\x41\x7c\x5b\x2a\x00\x79"
"\x72",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ctext = "\x45\xe8\xe0\xb6\x9c\xca\xfd\x87"
"\xe8\x1d\x37\x96\x8a\xe3\x40\x35"
"\xcf\x5e\x3a\x46\x3d\xfb\xd0\x69"
"\xde\xaf\x7a\xd5\x0d\xe9\x52\xec"
"\xc2\x82\xe5\x3e\x7d\xb2\x4a\xd9"
"\xbb\xc3\x9f\xc0\x5d\xac\x93\x8d"
"\x0e\x6f\xd3\xd7\xfb\x6a\x0d\xce"
"\x92\x2c\xf7\xbb\x93\x57\xcc\xee"
"\x42\x72\x6f\xc8\x4b\xd2\x76\xbf"
"\xa0\xe3\x7a\x39\xf9\x5c\x8e\xfd"
"\xa1\x1d\x41\xe5\x08\xc1\x1c\x11"
"\x92\xfd\x39\x5c\x51\xd0\x2f\x66"
"\x33\x4a\x71\x15\xfe\xee\x12\x54"
"\x8c\x8f\x34\xd8\x50\x3c\x18\xa6"
"\xc5\xe1\x46\x8a\xfb\x5f\x7e\x25"
"\x9b\xe2\xc3\x66\x41\x2b\xb3\xa5"
"\x57\x0e\x94\x17\x26\x39\xbb\x54"
"\xae\x2e\x6f\x42\xfb\x4d\x89\x6f"
"\x9d\xf1\x16\x2e\xe3\xe7\xfc\xe3"
"\xb2\x4b\x2b\xa6\x7c\x04\x69\x3a"
"\x70\x5a\xa7\xf1\x31\x64\x19\xca"
"\x45\x79\xd8\x58\x23\x61\xaf\xc2"
"\x52\x05\xc3\x0b\xc1\x64\x7c\x81"
"\xd9\x11\xcf\xff\x02\x3d\x51\x84"
"\x01\xac\xc6\x2e\x34\x2b\x09\x3a"
"\xa8\x5d\x98\x0e\x89\xd9\xef\x8f"
"\xd9\xd7\x7d\xdd\x63\x47\x46\x7d"
"\xa1\xda\x0b\x53\x7d\x79\xcd\xc9"
"\x86\xdd\x6b\x13\xa1\x9a\x70\xdd"
"\x5c\xa1\x69\x3c\xe4\x5d\xe3\x8c"
"\xe5\xf4\x87\x9c\x10\xcf\x0f\x0b"
"\xc8\x43\xdc\xf8\x1d\x62\x5e\x5b"
"\xe2\x03\x06\xc5\x71\xb6\x48\xa5"
"\xf0\x0f\x2d\xd5\xa2\x73\x55\x8f"
"\x01\xa7\x59\x80\x5f\x11\x6c\x40"
"\xff\xb1\xf2\xc6\x7e\x01\xbb\x1c"
"\x69\x9c\xc9\x3f\x71\x5f\x07\x7e"
"\xdf\x6f\x99\xca\x9c\xfd\xf9\xb9"
"\x49\xe7\xcc\x91\xd5\x9b\x8f\x03"
"\xae\xe7\x61\x32\xef\x41\x6c\x75"
"\x84\x9b\x8c\xce\x1d\x6b\x93\x21"
"\x41\xec\xc6\xad\x8e\x0c\x48\xa8"
"\xe2\xf5\x57\xde\xf7\x38\xfd\x4a"
"\x6f\xa7\x4a\xf9\xac\x7d\xb1\x85"
"\x7d\x6c\x95\x0a\x5a\xcf\x68\xd2"
"\xe0\x7a\x26\xd9\xc1\x6d\x3e\xc6"
"\x37\xbd\xbe\x24\x36\x77\x9f\x1b"
"\xc1\x22\xf3\x79\xae\x95\x78\x66"
"\x97\x11\xc0\x1a\xf1\xe8\x0d\x38"
"\x09\xc2\xee\xb7\xd3\x46\x7b\x59"
"\x77\x23\xe8\xb4\x92\x3d\x78\xbe"
"\xe2\x25\x63\xa5\x2a\x06\x70\x92"
"\x32\x63\xf9\x19\x21\x68\xe1\x0b"
"\x9a\xd0\xee\x21\xdb\x1f\xe0\xde"
"\x3e\x64\x02\x4d\x0e\xe0\x0a\xa9"
"\xed\x19\x8c\xa8\xbf\xe3\x2e\x75"
"\x24\x2b\xb0\xe5\x82\x6a\x1e\x6f"
"\x71\x2a\x3a\x60\xed\x06\x0d\x17"
"\xa2\xdb\x29\x1d\xae\xb2\xc4\xfb"
"\x94\x04\xd8\x58\xfc\xc4\x04\x4e"
"\xee\xc7\xc1\x0f\xe9\x9b\x63\x2d"
"\x02\x3e\x02\x67\xe5\xd8\xbb\x79"
"\xdf\xd2\xeb\x50\xe9\x0a\x02\x46"
"\xdf\x68\xcf\xe7\x2b\x0a\x56\xd6"
"\xf7\xbc\x44\xad\xb8\xb5\x5f\xeb"
"\xbc\x74\x6b\xe8\x7e\xb0\x60\xc6"
"\x0d\x96\x09\xbb\x19\xba\xe0\x3c"
"\xc4\x6c\xbf\x0f\x58\xc0\x55\x62"
"\x23\xa0\xff\xb5\x1c\xfd\x18\xe1"
"\xcf\x6d\xd3\x52\xb4\xce\xa6\xfa"
"\xaa\xfb\x1b\x0b\x42\x6d\x79\x42"
"\x48\x70\x5b\x0e\xdd\x3a\xc9\x69"
"\x8b\x73\x67\xf6\x95\xdb\x8c\xfb"
"\xfd\xb5\x08\x47\x42\x84\x9a\xfa"
"\xcc\x67\xb2\x3c\xb6\xfd\xd8\x32"
"\xd6\x04\xb6\x4a\xea\x53\x4b\xf5"
"\x94\x16\xad\xf0\x10\x2e\x2d\xb4"
"\x8b\xab\xe5\x89\xc7\x39\x12\xf3"
"\x8d\xb5\x96\x0b\x87\x5d\xa7\x7c"
"\xb0\xc2\xf6\x2e\x57\x97\x2c\xdc"
"\x54\x1c\x34\x72\xde\x0c\x68\x39"
"\x9d\x32\xa5\x75\x92\x13\x32\xea"
"\x90\x27\xbd\x5b\x1d\xb9\x21\x02"
"\x1c\xcc\xba\x97\x5e\x49\x58\xe8"
"\xac\x8b\xf3\xce\x3c\xf0\x00\xe9"
"\x6c\xae\xe9\x77\xdf\xf4\x02\xcd"
"\x55\x25\x89\x9e\x90\xf3\x6b\x8f"
"\xb7\xd6\x47\x98\x26\x2f\x31\x2f"
"\x8d\xbf\x54\xcd\x99\xeb\x80\xd7"
"\xac\xc3\x08\xc2\xa6\x32\xf1\x24"
"\x76\x7c\x4f\x78\x53\x55\xfb\x00"
"\x8a\xd6\x52\x53\x25\x45\xfb\x0a"
"\x6b\xb9\xbe\x3c\x5e\x11\xcc\x6a"
"\xdd\xfc\xa7\xc4\x79\x4d\xbd\xfb"
"\xce\x3a\xf1\x7a\xda\xeb\xfe\x64"
"\x28\x3d\x0f\xee\x80\xba\x0c\xf8"
"\xe9\x5b\x3a\xd4\xae\xc9\xf3\x0e"
"\xe8\x5d\xc5\x5c\x0b\x20\x20\xee"
"\x40\x0d\xde\x07\xa7\x14\xb4\x90"
"\xb6\xbd\x3b\xae\x7d\x2b\xa7\xc7"
"\xdc\x0b\x4c\x5d\x65\xb0\xd2\xc5"
"\x79\x61\x23\xe0\xa2\x99\x73\x55"
"\xad\xc6\xfb\xc7\x54\xb5\x98\x1f"
"\x8c\x86\xc2\x3f\xbe\x5e\xea\x64"
"\xa3\x60\x18\x9f\x80\xaf\x52\x74"
"\x1a\xfe\x22\xc2\x92\x67\x40\x02"
"\x08\xee\x67\x5b\x67\xe0\x3d\xde"
"\x7a\xaf\x8e\x28\xf3\x5e\x0e\xf4"
"\x48\x56\xaa\x85\x22\xd8\x36\xed"
"\x3b\x3d\x68\x69\x30\xbc\x71\x23"
"\xb1\x6e\x61\x03\x89\x44\x03\xf4"
"\x32\xaa\x4c\x40\x9f\x69\xfb\x70"
"\x91\xcc\x1f\x11\xbd\x76\x67\xe6"
"\x10\x8b\x29\x39\x68\xea\x4e\x6d"
"\xae\xfb\x40\xcf\xe2\xd0\x0d\x8d"
"\x6f\xed\x9b\x8d\x64\x7a\x94\x8e"
"\x32\x38\x78\xeb\x7d\x5f\xf9\x4d"
"\x13\xbe\x21\xea\x16\xe7\x5c\xee"
"\xcd\xf6\x5f\xc6\x45\xb2\x8f\x2b"
"\xb5\x93\x3e\x45\xdb\xfd\xa2\x6a"
"\xec\x83\x92\x99\x87\x47\xe0\x7c"
"\xa2\x7b\xc4\x2a\xcd\xc0\x81\x03"
"\x98\xb0\x87\xb6\x86\x13\x64\x33"
"\x4c\xd7\x99\xbf\xdb\x7b\x6e\xaa"
"\x76\xcc\xa0\x74\x1b\xa3\x6e\x83"
"\xd4\xba\x7a\x84\x9d\x91\x71\xcd"
"\x60\x2d\x56\xfd\x26\x35\xcb\xeb"
"\xac\xe9\xee\xa4\xfc\x18\x5b\x91"
"\xd5\xfe\x84\x45\xe0\xc7\xfd\x11"
"\xe9\x00\xb6\x54\xdf\xe1\x94\xde"
"\x2b\x70\x9f\x94\x7f\x15\x0e\x83"
"\x63\x10\xb3\xf5\xea\xd3\xe8\xd1"
"\xa5\xfc\x17\x19\x68\x9a\xbc\x17"
"\x30\x43\x0a\x1a\x33\x92\xd4\x2a"
"\x2e\x68\x99\xbc\x49\xf0\x68\xe3"
"\xf0\x1f\xcb\xcc\xfa\xbb\x05\x56"
"\x46\x84\x8b\x69\x83\x64\xc5\xe0"
"\xc5\x52\x99\x07\x3c\xa6\x5c\xaf"
"\xa3\xde\xd7\xdb\x43\xe6\xb7\x76"
"\x4e\x4d\xd6\x71\x60\x63\x4a\x0c"
"\x5f\xae\x25\x84\x22\x90\x5f\x26"
"\x61\x4d\x8f\xaf\xc9\x22\xf2\x05"
"\xcf\xc1\xdc\x68\xe5\x57\x8e\x24"
"\x1b\x30\x59\xca\xd7\x0d\xc3\xd3"
"\x52\x9e\x09\x3e\x0e\xaf\xdb\x5f"
"\xc7\x2b\xde\x3a\xfd\xad\x93\x04"
"\x74\x06\x89\x0e\x90\xeb\x85\xff"
"\xe6\x3c\x12\x42\xf4\xfa\x80\x75"
"\x5e\x4e\xd7\x2f\x93\x0b\x34\x41"
"\x02\x85\x68\xd0\x03\x12\xde\x92"
"\x54\x7a\x7e\xfb\x55\xe7\x88\xfb"
"\xa4\xa9\xf2\xd1\xc6\x70\x06\x37"
"\x25\xee\xa7\x6e\xd9\x89\x86\x50"
"\x2e\x07\xdb\xfb\x2a\x86\x45\x0e"
"\x91\xf4\x7c\xbb\x12\x60\xe8\x3f"
"\x71\xbe\x8f\x9d\x26\xef\xd9\x89"
"\xc4\x8f\xd8\xc5\x73\xd8\x84\xaa"
"\x2f\xad\x22\x1e\x7e\xcf\xa2\x08"
"\x23\x45\x89\x42\xa0\x30\xeb\xbf"
"\xa1\xed\xad\xd5\x76\xfa\x24\x8f"
"\x98",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 1281,
.also_non_np = 1,
.np = 3,
.tap = { 1200, 1, 80 },
},
};
FROMGIT: crypto: chacha20-generic - add XChaCha20 support Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:20 -07:00
static const struct cipher_testvec xchacha20_tv_template[] = {
{ /* from libsodium test/default/xchacha20.c */
.key = "\x79\xc9\x97\x98\xac\x67\x30\x0b"
"\xbb\x27\x04\xc9\x5c\x34\x1e\x32"
"\x45\xf3\xdc\xb2\x17\x61\xb9\x8e"
"\x52\xff\x45\xb2\x4f\x30\x4f\xc4",
.klen = 32,
.iv = "\xb3\x3f\xfd\x30\x96\x47\x9b\xcf"
"\xbc\x9a\xee\x49\x41\x76\x88\xa0"
"\xa2\x55\x4f\x8d\x95\x38\x94\x19"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00",
.ctext = "\xc6\xe9\x75\x81\x60\x08\x3a\xc6"
"\x04\xef\x90\xe7\x12\xce\x6e\x75"
"\xd7\x79\x75\x90\x74\x4e\x0c\xf0"
"\x60\xf0\x13\x73\x9c",
.len = 29,
}, { /* from libsodium test/default/xchacha20.c */
.key = "\x9d\x23\xbd\x41\x49\xcb\x97\x9c"
"\xcf\x3c\x5c\x94\xdd\x21\x7e\x98"
"\x08\xcb\x0e\x50\xcd\x0f\x67\x81"
"\x22\x35\xea\xaf\x60\x1d\x62\x32",
.klen = 32,
.iv = "\xc0\x47\x54\x82\x66\xb7\xc3\x70"
"\xd3\x35\x66\xa2\x42\x5c\xbf\x30"
"\xd8\x2d\x1e\xaf\x52\x94\x10\x9e"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00",
.ctext = "\xa2\x12\x09\x09\x65\x94\xde\x8c"
"\x56\x67\xb1\xd1\x3a\xd9\x3f\x74"
"\x41\x06\xd0\x54\xdf\x21\x0e\x47"
"\x82\xcd\x39\x6f\xec\x69\x2d\x35"
"\x15\xa2\x0b\xf3\x51\xee\xc0\x11"
"\xa9\x2c\x36\x78\x88\xbc\x46\x4c"
"\x32\xf0\x80\x7a\xcd\x6c\x20\x3a"
"\x24\x7e\x0d\xb8\x54\x14\x84\x68"
"\xe9\xf9\x6b\xee\x4c\xf7\x18\xd6"
"\x8d\x5f\x63\x7c\xbd\x5a\x37\x64"
"\x57\x78\x8e\x6f\xae\x90\xfc\x31"
"\x09\x7c\xfc",
.len = 91,
}, { /* Taken from the ChaCha20 test vectors, appended 12 random bytes
to the nonce, zero-padded the stream position from 4 to 8 bytes,
and recomputed the ciphertext using libsodium's XChaCha20 */
FROMGIT: crypto: chacha20-generic - add XChaCha20 support Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:20 -07:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x67\xc6\x69\x73"
"\x51\xff\x4a\xec\x29\xcd\xba\xab"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\x9c\x49\x2a\xe7\x8a\x2f\x93\xc7"
"\xb3\x33\x6f\x82\x17\xd8\xc4\x1e"
"\xad\x80\x11\x11\x1d\x4c\x16\x18"
"\x07\x73\x9b\x4f\xdb\x7c\xcb\x47"
"\xfd\xef\x59\x74\xfa\x3f\xe5\x4c"
"\x9b\xd0\xea\xbc\xba\x56\xad\x32"
"\x03\xdc\xf8\x2b\xc1\xe1\x75\x67"
"\x23\x7b\xe6\xfc\xd4\x03\x86\x54",
.len = 64,
}, { /* Derived from a ChaCha20 test vector, via the process above */
FROMGIT: crypto: chacha20-generic - add XChaCha20 support Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:20 -07:00
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\xf2\xfb\xe3\x46"
"\x7c\xc2\x54\xf8\x1b\xe8\xe7\x8d"
"\x01\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
"\x69\x73\x73\x69\x6f\x6e\x20\x74"
"\x6f\x20\x74\x68\x65\x20\x49\x45"
"\x54\x46\x20\x69\x6e\x74\x65\x6e"
"\x64\x65\x64\x20\x62\x79\x20\x74"
"\x68\x65\x20\x43\x6f\x6e\x74\x72"
"\x69\x62\x75\x74\x6f\x72\x20\x66"
"\x6f\x72\x20\x70\x75\x62\x6c\x69"
"\x63\x61\x74\x69\x6f\x6e\x20\x61"
"\x73\x20\x61\x6c\x6c\x20\x6f\x72"
"\x20\x70\x61\x72\x74\x20\x6f\x66"
"\x20\x61\x6e\x20\x49\x45\x54\x46"
"\x20\x49\x6e\x74\x65\x72\x6e\x65"
"\x74\x2d\x44\x72\x61\x66\x74\x20"
"\x6f\x72\x20\x52\x46\x43\x20\x61"
"\x6e\x64\x20\x61\x6e\x79\x20\x73"
"\x74\x61\x74\x65\x6d\x65\x6e\x74"
"\x20\x6d\x61\x64\x65\x20\x77\x69"
"\x74\x68\x69\x6e\x20\x74\x68\x65"
"\x20\x63\x6f\x6e\x74\x65\x78\x74"
"\x20\x6f\x66\x20\x61\x6e\x20\x49"
"\x45\x54\x46\x20\x61\x63\x74\x69"
"\x76\x69\x74\x79\x20\x69\x73\x20"
"\x63\x6f\x6e\x73\x69\x64\x65\x72"
"\x65\x64\x20\x61\x6e\x20\x22\x49"
"\x45\x54\x46\x20\x43\x6f\x6e\x74"
"\x72\x69\x62\x75\x74\x69\x6f\x6e"
"\x22\x2e\x20\x53\x75\x63\x68\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x63\x6c\x75"
"\x64\x65\x20\x6f\x72\x61\x6c\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x20\x49\x45"
"\x54\x46\x20\x73\x65\x73\x73\x69"
"\x6f\x6e\x73\x2c\x20\x61\x73\x20"
"\x77\x65\x6c\x6c\x20\x61\x73\x20"
"\x77\x72\x69\x74\x74\x65\x6e\x20"
"\x61\x6e\x64\x20\x65\x6c\x65\x63"
"\x74\x72\x6f\x6e\x69\x63\x20\x63"
"\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
"\x74\x69\x6f\x6e\x73\x20\x6d\x61"
"\x64\x65\x20\x61\x74\x20\x61\x6e"
"\x79\x20\x74\x69\x6d\x65\x20\x6f"
"\x72\x20\x70\x6c\x61\x63\x65\x2c"
"\x20\x77\x68\x69\x63\x68\x20\x61"
"\x72\x65\x20\x61\x64\x64\x72\x65"
"\x73\x73\x65\x64\x20\x74\x6f",
.ctext = "\xf9\xab\x7a\x4a\x60\xb8\x5f\xa0"
"\x50\xbb\x57\xce\xef\x8c\xc1\xd9"
"\x24\x15\xb3\x67\x5e\x7f\x01\xf6"
"\x1c\x22\xf6\xe5\x71\xb1\x43\x64"
"\x63\x05\xd5\xfc\x5c\x3d\xc0\x0e"
"\x23\xef\xd3\x3b\xd9\xdc\x7f\xa8"
"\x58\x26\xb3\xd0\xc2\xd5\x04\x3f"
"\x0a\x0e\x8f\x17\xe4\xcd\xf7\x2a"
"\xb4\x2c\x09\xe4\x47\xec\x8b\xfb"
"\x59\x37\x7a\xa1\xd0\x04\x7e\xaa"
"\xf1\x98\x5f\x24\x3d\x72\x9a\x43"
"\xa4\x36\x51\x92\x22\x87\xff\x26"
"\xce\x9d\xeb\x59\x78\x84\x5e\x74"
"\x97\x2e\x63\xc0\xef\x29\xf7\x8a"
"\xb9\xee\x35\x08\x77\x6a\x35\x9a"
"\x3e\xe6\x4f\x06\x03\x74\x1b\xc1"
"\x5b\xb3\x0b\x89\x11\x07\xd3\xb7"
"\x53\xd6\x25\x04\xd9\x35\xb4\x5d"
"\x4c\x33\x5a\xc2\x42\x4c\xe6\xa4"
"\x97\x6e\x0e\xd2\xb2\x8b\x2f\x7f"
"\x28\xe5\x9f\xac\x4b\x2e\x02\xab"
"\x85\xfa\xa9\x0d\x7c\x2d\x10\xe6"
"\x91\xab\x55\x63\xf0\xde\x3a\x94"
"\x25\x08\x10\x03\xc2\x68\xd1\xf4"
"\xaf\x7d\x9c\x99\xf7\x86\x96\x30"
"\x60\xfc\x0b\xe6\xa8\x80\x15\xb0"
"\x81\xb1\x0c\xbe\xb9\x12\x18\x25"
"\xe9\x0e\xb1\xe7\x23\xb2\xef\x4a"
"\x22\x8f\xc5\x61\x89\xd4\xe7\x0c"
"\x64\x36\x35\x61\xb6\x34\x60\xf7"
"\x7b\x61\x37\x37\x12\x10\xa2\xf6"
"\x7e\xdb\x7f\x39\x3f\xb6\x8e\x89"
"\x9e\xf3\xfe\x13\x98\xbb\x66\x5a"
"\xec\xea\xab\x3f\x9c\x87\xc4\x8c"
"\x8a\x04\x18\x49\xfc\x77\x11\x50"
"\x16\xe6\x71\x2b\xee\xc0\x9c\xb6"
"\x87\xfd\x80\xff\x0b\x1d\x73\x38"
"\xa4\x1d\x6f\xae\xe4\x12\xd7\x93"
"\x9d\xcd\x38\x26\x09\x40\x52\xcd"
"\x67\x01\x67\x26\xe0\x3e\x98\xa8"
"\xe8\x1a\x13\x41\xbb\x90\x4d\x87"
"\xbb\x42\x82\x39\xce\x3a\xd0\x18"
"\x6d\x7b\x71\x8f\xbb\x2c\x6a\xd1"
"\xbd\xf5\xc7\x8a\x7e\xe1\x1e\x0f"
"\x0d\x0d\x13\x7c\xd9\xd8\x3c\x91"
"\xab\xff\x1f\x12\xc3\xee\xe5\x65"
"\x12\x8d\x7b\x61\xe5\x1f\x98",
.len = 375,
.also_non_np = 1,
.np = 3,
.tap = { 375 - 20, 4, 16 },
}, { /* Derived from a ChaCha20 test vector, via the process above */
FROMGIT: crypto: chacha20-generic - add XChaCha20 support Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:20 -07:00
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x76\x5a\x2e\x63"
"\x33\x9f\xc9\x9a\x66\x32\x0d\xb7"
"\x2a\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x27\x54\x77\x61\x73\x20\x62\x72"
"\x69\x6c\x6c\x69\x67\x2c\x20\x61"
"\x6e\x64\x20\x74\x68\x65\x20\x73"
"\x6c\x69\x74\x68\x79\x20\x74\x6f"
"\x76\x65\x73\x0a\x44\x69\x64\x20"
"\x67\x79\x72\x65\x20\x61\x6e\x64"
"\x20\x67\x69\x6d\x62\x6c\x65\x20"
"\x69\x6e\x20\x74\x68\x65\x20\x77"
"\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
"\x20\x6d\x69\x6d\x73\x79\x20\x77"
"\x65\x72\x65\x20\x74\x68\x65\x20"
"\x62\x6f\x72\x6f\x67\x6f\x76\x65"
"\x73\x2c\x0a\x41\x6e\x64\x20\x74"
"\x68\x65\x20\x6d\x6f\x6d\x65\x20"
"\x72\x61\x74\x68\x73\x20\x6f\x75"
"\x74\x67\x72\x61\x62\x65\x2e",
.ctext = "\x95\xb9\x51\xe7\x8f\xb4\xa4\x03"
"\xca\x37\xcc\xde\x60\x1d\x8c\xe2"
"\xf1\xbb\x8a\x13\x7f\x61\x85\xcc"
"\xad\xf4\xf0\xdc\x86\xa6\x1e\x10"
"\xbc\x8e\xcb\x38\x2b\xa5\xc8\x8f"
"\xaa\x03\x3d\x53\x4a\x42\xb1\x33"
"\xfc\xd3\xef\xf0\x8e\x7e\x10\x9c"
"\x6f\x12\x5e\xd4\x96\xfe\x5b\x08"
"\xb6\x48\xf0\x14\x74\x51\x18\x7c"
"\x07\x92\xfc\xac\x9d\xf1\x94\xc0"
"\xc1\x9d\xc5\x19\x43\x1f\x1d\xbb"
"\x07\xf0\x1b\x14\x25\x45\xbb\xcb"
"\x5c\xe2\x8b\x28\xf3\xcf\x47\x29"
"\x27\x79\x67\x24\xa6\x87\xc2\x11"
"\x65\x03\xfa\x45\xf7\x9e\x53\x7a"
"\x99\xf1\x82\x25\x4f\x8d\x07",
.len = 127,
}, { /* Derived from a ChaCha20 test vector, via the process above */
FROMGIT: crypto: chacha20-generic - add XChaCha20 support Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:20 -07:00
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\x31\x58\xa3\x5a"
"\x25\x5d\x05\x17\x58\xe9\x5e\xd4"
"\x1c\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd"
"\xc5\x40\x8f\x47\x05\xbc\xdd\x81"
"\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb"
"\x09\x0e\x6e\x22\x48\x1f\xbf\xb8"
"\x5c\xf7\x1e\x8a\xc1\x23\xf2\xd4"
"\x19\x4b\x01\x0f\x4e\xa4\x43\xce"
"\x01\xc6\x67\xda\x03\x91\x18\x90"
"\xa5\xa4\x8e\x45\x03\xb3\x2d\xac"
"\x74\x92\xd3\x53\x47\xc8\xdd\x25"
"\x53\x6c\x02\x03\x87\x0d\x11\x0c"
"\x58\xe3\x12\x18\xfd\x2a\x5b\x40"
"\x0c\x30\xf0\xb8\x3f\x43\xce\xae"
"\x65\x3a\x7d\x7c\xf4\x54\xaa\xcc"
"\x33\x97\xc3\x77\xba\xc5\x70\xde"
"\xd7\xd5\x13\xa5\x65\xc4\x5f\x0f"
"\x46\x1a\x0d\x97\xb5\xf3\xbb\x3c"
"\x84\x0f\x2b\xc5\xaa\xea\xf2\x6c"
"\xc9\xb5\x0c\xee\x15\xf3\x7d\xbe"
"\x9f\x7b\x5a\xa6\xae\x4f\x83\xb6"
"\x79\x49\x41\xf4\x58\x18\xcb\x86"
"\x7f\x30\x0e\xf8\x7d\x44\x36\xea"
"\x75\xeb\x88\x84\x40\x3c\xad\x4f"
"\x6f\x31\x6b\xaa\x5d\xe5\xa5\xc5"
"\x21\x66\xe9\xa7\xe3\xb2\x15\x88"
"\x78\xf6\x79\xa1\x59\x47\x12\x4e"
"\x9f\x9f\x64\x1a\xa0\x22\x5b\x08"
"\xbe\x7c\x36\xc2\x2b\x66\x33\x1b"
"\xdd\x60\x71\xf7\x47\x8c\x61\xc3"
"\xda\x8a\x78\x1e\x16\xfa\x1e\x86"
"\x81\xa6\x17\x2a\xa7\xb5\xc2\xe7"
"\xa4\xc7\x42\xf1\xcf\x6a\xca\xb4"
"\x45\xcf\xf3\x93\xf0\xe7\xea\xf6"
"\xf4\xe6\x33\x43\x84\x93\xa5\x67"
"\x9b\x16\x58\x58\x80\x0f\x2b\x5c"
"\x24\x74\x75\x7f\x95\x81\xb7\x30"
"\x7a\x33\xa7\xf7\x94\x87\x32\x27"
"\x10\x5d\x14\x4c\x43\x29\xdd\x26"
"\xbd\x3e\x3c\x0e\xfe\x0e\xa5\x10"
"\xea\x6b\x64\xfd\x73\xc6\xed\xec"
"\xa8\xc9\xbf\xb3\xba\x0b\x4d\x07"
"\x70\xfc\x16\xfd\x79\x1e\xd7\xc5"
"\x49\x4e\x1c\x8b\x8d\x79\x1b\xb1"
"\xec\xca\x60\x09\x4c\x6a\xd5\x09"
"\x49\x46\x00\x88\x22\x8d\xce\xea"
"\xb1\x17\x11\xde\x42\xd2\x23\xc1"
"\x72\x11\xf5\x50\x73\x04\x40\x47"
"\xf9\x5d\xe7\xa7\x26\xb1\x7e\xb0"
"\x3f\x58\xc1\x52\xab\x12\x67\x9d"
"\x3f\x43\x4b\x68\xd4\x9c\x68\x38"
"\x07\x8a\x2d\x3e\xf3\xaf\x6a\x4b"
"\xf9\xe5\x31\x69\x22\xf9\xa6\x69"
"\xc6\x9c\x96\x9a\x12\x35\x95\x1d"
"\x95\xd5\xdd\xbe\xbf\x93\x53\x24"
"\xfd\xeb\xc2\x0a\x64\xb0\x77\x00"
"\x6f\x88\xc4\x37\x18\x69\x7c\xd7"
"\x41\x92\x55\x4c\x03\xa1\x9a\x4b"
"\x15\xe5\xdf\x7f\x37\x33\x72\xc1"
"\x8b\x10\x67\xa3\x01\x57\x94\x25"
"\x7b\x38\x71\x7e\xdd\x1e\xcc\x73"
"\x55\xd2\x8e\xeb\x07\xdd\xf1\xda"
"\x58\xb1\x47\x90\xfe\x42\x21\x72"
"\xa3\x54\x7a\xa0\x40\xec\x9f\xdd"
"\xc6\x84\x6e\xca\xae\xe3\x68\xb4"
"\x9d\xe4\x78\xff\x57\xf2\xf8\x1b"
"\x03\xa1\x31\xd9\xde\x8d\xf5\x22"
"\x9c\xdd\x20\xa4\x1e\x27\xb1\x76"
"\x4f\x44\x55\xe2\x9b\xa1\x9c\xfe"
"\x54\xf7\x27\x1b\xf4\xde\x02\xf5"
"\x1b\x55\x48\x5c\xdc\x21\x4b\x9e"
"\x4b\x6e\xed\x46\x23\xdc\x65\xb2"
"\xcf\x79\x5f\x28\xe0\x9e\x8b\xe7"
"\x4c\x9d\x8a\xff\xc1\xa6\x28\xb8"
"\x65\x69\x8a\x45\x29\xef\x74\x85"
"\xde\x79\xc7\x08\xae\x30\xb0\xf4"
"\xa3\x1d\x51\x41\xab\xce\xcb\xf6"
"\xb5\xd8\x6d\xe0\x85\xe1\x98\xb3"
"\x43\xbb\x86\x83\x0a\xa0\xf5\xb7"
"\x04\x0b\xfa\x71\x1f\xb0\xf6\xd9"
"\x13\x00\x15\xf0\xc7\xeb\x0d\x5a"
"\x9f\xd7\xb9\x6c\x65\x14\x22\x45"
"\x6e\x45\x32\x3e\x7e\x60\x1a\x12"
"\x97\x82\x14\xfb\xaa\x04\x22\xfa"
"\xa0\xe5\x7e\x8c\x78\x02\x48\x5d"
"\x78\x33\x5a\x7c\xad\xdb\x29\xce"
"\xbb\x8b\x61\xa4\xb7\x42\xe2\xac"
"\x8b\x1a\xd9\x2f\x0b\x8b\x62\x21"
"\x83\x35\x7e\xad\x73\xc2\xb5\x6c"
"\x10\x26\x38\x07\xe5\xc7\x36\x80"
"\xe2\x23\x12\x61\xf5\x48\x4b\x2b"
"\xc5\xdf\x15\xd9\x87\x01\xaa\xac"
"\x1e\x7c\xad\x73\x78\x18\x63\xe0"
"\x8b\x9f\x81\xd8\x12\x6a\x28\x10"
"\xbe\x04\x68\x8a\x09\x7c\x1b\x1c"
"\x83\x66\x80\x47\x80\xe8\xfd\x35"
"\x1c\x97\x6f\xae\x49\x10\x66\xcc"
"\xc6\xd8\xcc\x3a\x84\x91\x20\x77"
"\x72\xe4\x24\xd2\x37\x9f\xc5\xc9"
"\x25\x94\x10\x5f\x40\x00\x64\x99"
"\xdc\xae\xd7\x21\x09\x78\x50\x15"
"\xac\x5f\xc6\x2c\xa2\x0b\xa9\x39"
"\x87\x6e\x6d\xab\xde\x08\x51\x16"
"\xc7\x13\xe9\xea\xed\x06\x8e\x2c"
"\xf8\x37\x8c\xf0\xa6\x96\x8d\x43"
"\xb6\x98\x37\xb2\x43\xed\xde\xdf"
"\x89\x1a\xe7\xeb\x9d\xa1\x7b\x0b"
"\x77\xb0\xe2\x75\xc0\xf1\x98\xd9"
"\x80\x55\xc9\x34\x91\xd1\x59\xe8"
"\x4b\x0f\xc1\xa9\x4b\x7a\x84\x06"
"\x20\xa8\x5d\xfa\xd1\xde\x70\x56"
"\x2f\x9e\x91\x9c\x20\xb3\x24\xd8"
"\x84\x3d\xe1\x8c\x7e\x62\x52\xe5"
"\x44\x4b\x9f\xc2\x93\x03\xea\x2b"
"\x59\xc5\xfa\x3f\x91\x2b\xbb\x23"
"\xf5\xb2\x7b\xf5\x38\xaf\xb3\xee"
"\x63\xdc\x7b\xd1\xff\xaa\x8b\xab"
"\x82\x6b\x37\x04\xeb\x74\xbe\x79"
"\xb9\x83\x90\xef\x20\x59\x46\xff"
"\xe9\x97\x3e\x2f\xee\xb6\x64\x18"
"\x38\x4c\x7a\x4a\xf9\x61\xe8\x9a"
"\xa1\xb5\x01\xa6\x47\xd3\x11\xd4"
"\xce\xd3\x91\x49\x88\xc7\xb8\x4d"
"\xb1\xb9\x07\x6d\x16\x72\xae\x46"
"\x5e\x03\xa1\x4b\xb6\x02\x30\xa8"
"\x3d\xa9\x07\x2a\x7c\x19\xe7\x62"
"\x87\xe3\x82\x2f\x6f\xe1\x09\xd9"
"\x94\x97\xea\xdd\x58\x9e\xae\x76"
"\x7e\x35\xe5\xb4\xda\x7e\xf4\xde"
"\xf7\x32\x87\xcd\x93\xbf\x11\x56"
"\x11\xbe\x08\x74\xe1\x69\xad\xe2"
"\xd7\xf8\x86\x75\x8a\x3c\xa4\xbe"
"\x70\xa7\x1b\xfc\x0b\x44\x2a\x76"
"\x35\xea\x5d\x85\x81\xaf\x85\xeb"
"\xa0\x1c\x61\xc2\xf7\x4f\xa5\xdc"
"\x02\x7f\xf6\x95\x40\x6e\x8a\x9a"
"\xf3\x5d\x25\x6e\x14\x3a\x22\xc9"
"\x37\x1c\xeb\x46\x54\x3f\xa5\x91"
"\xc2\xb5\x8c\xfe\x53\x08\x97\x32"
"\x1b\xb2\x30\x27\xfe\x25\x5d\xdc"
"\x08\x87\xd0\xe5\x94\x1a\xd4\xf1"
"\xfe\xd6\xb4\xa3\xe6\x74\x81\x3c"
"\x1b\xb7\x31\xa7\x22\xfd\xd4\xdd"
"\x20\x4e\x7c\x51\xb0\x60\x73\xb8"
"\x9c\xac\x91\x90\x7e\x01\xb0\xe1"
"\x8a\x2f\x75\x1c\x53\x2a\x98\x2a"
"\x06\x52\x95\x52\xb2\xe9\x25\x2e"
"\x4c\xe2\x5a\x00\xb2\x13\x81\x03"
"\x77\x66\x0d\xa5\x99\xda\x4e\x8c"
"\xac\xf3\x13\x53\x27\x45\xaf\x64"
"\x46\xdc\xea\x23\xda\x97\xd1\xab"
"\x7d\x6c\x30\x96\x1f\xbc\x06\x34"
"\x18\x0b\x5e\x21\x35\x11\x8d\x4c"
"\xe0\x2d\xe9\x50\x16\x74\x81\xa8"
"\xb4\x34\xb9\x72\x42\xa6\xcc\xbc"
"\xca\x34\x83\x27\x10\x5b\x68\x45"
"\x8f\x52\x22\x0c\x55\x3d\x29\x7c"
"\xe3\xc0\x66\x05\x42\x91\x5f\x58"
"\xfe\x4a\x62\xd9\x8c\xa9\x04\x19"
"\x04\xa9\x08\x4b\x57\xfc\x67\x53"
"\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f"
"\x92\xd6\x41\x7c\x5b\x2a\x00\x79"
"\x72",
.ctext = "\x3a\x92\xee\x53\x31\xaf\x2b\x60"
"\x5f\x55\x8d\x00\x5d\xfc\x74\x97"
"\x28\x54\xf4\xa5\x75\xf1\x9b\x25"
"\x62\x1c\xc0\xe0\x13\xc8\x87\x53"
"\xd0\xf3\xa7\x97\x1f\x3b\x1e\xea"
"\xe0\xe5\x2a\xd1\xdd\xa4\x3b\x50"
"\x45\xa3\x0d\x7e\x1b\xc9\xa0\xad"
"\xb9\x2c\x54\xa6\xc7\x55\x16\xd0"
"\xc5\x2e\x02\x44\x35\xd0\x7e\x67"
"\xf2\xc4\x9b\xcd\x95\x10\xcc\x29"
"\x4b\xfa\x86\x87\xbe\x40\x36\xbe"
"\xe1\xa3\x52\x89\x55\x20\x9b\xc2"
"\xab\xf2\x31\x34\x16\xad\xc8\x17"
"\x65\x24\xc0\xff\x12\x37\xfe\x5a"
"\x62\x3b\x59\x47\x6c\x5f\x3a\x8e"
"\x3b\xd9\x30\xc8\x7f\x2f\x88\xda"
"\x80\xfd\x02\xda\x7f\x9a\x7a\x73"
"\x59\xc5\x34\x09\x9a\x11\xcb\xa7"
"\xfc\xf6\xa1\xa0\x60\xfb\x43\xbb"
"\xf1\xe9\xd7\xc6\x79\x27\x4e\xff"
"\x22\xb4\x24\xbf\x76\xee\x47\xb9"
"\x6d\x3f\x8b\xb0\x9c\x3c\x43\xdd"
"\xff\x25\x2e\x6d\xa4\x2b\xfb\x5d"
"\x1b\x97\x6c\x55\x0a\x82\x7a\x7b"
"\x94\x34\xc2\xdb\x2f\x1f\xc1\xea"
"\xd4\x4d\x17\x46\x3b\x51\x69\x09"
"\xe4\x99\x32\x25\xfd\x94\xaf\xfb"
"\x10\xf7\x4f\xdd\x0b\x3c\x8b\x41"
"\xb3\x6a\xb7\xd1\x33\xa8\x0c\x2f"
"\x62\x4c\x72\x11\xd7\x74\xe1\x3b"
"\x38\x43\x66\x7b\x6c\x36\x48\xe7"
"\xe3\xe7\x9d\xb9\x42\x73\x7a\x2a"
"\x89\x20\x1a\x41\x80\x03\xf7\x8f"
"\x61\x78\x13\xbf\xfe\x50\xf5\x04"
"\x52\xf9\xac\x47\xf8\x62\x4b\xb2"
"\x24\xa9\xbf\x64\xb0\x18\x69\xd2"
"\xf5\xe4\xce\xc8\xb1\x87\x75\xd6"
"\x2c\x24\x79\x00\x7d\x26\xfb\x44"
"\xe7\x45\x7a\xee\x58\xa5\x83\xc1"
"\xb4\x24\xab\x23\x2f\x4d\xd7\x4f"
"\x1c\xc7\xaa\xa9\x50\xf4\xa3\x07"
"\x12\x13\x89\x74\xdc\x31\x6a\xb2"
"\xf5\x0f\x13\x8b\xb9\xdb\x85\x1f"
"\xf5\xbc\x88\xd9\x95\xea\x31\x6c"
"\x36\x60\xb6\x49\xdc\xc4\xf7\x55"
"\x3f\x21\xc1\xb5\x92\x18\x5e\xbc"
"\x9f\x87\x7f\xe7\x79\x25\x40\x33"
"\xd6\xb9\x33\xd5\x50\xb3\xc7\x89"
"\x1b\x12\xa0\x46\xdd\xa7\xd8\x3e"
"\x71\xeb\x6f\x66\xa1\x26\x0c\x67"
"\xab\xb2\x38\x58\x17\xd8\x44\x3b"
"\x16\xf0\x8e\x62\x8d\x16\x10\x00"
"\x32\x8b\xef\xb9\x28\xd3\xc5\xad"
"\x0a\x19\xa2\xe4\x03\x27\x7d\x94"
"\x06\x18\xcd\xd6\x27\x00\xf9\x1f"
"\xb6\xb3\xfe\x96\x35\x5f\xc4\x1c"
"\x07\x62\x10\x79\x68\x50\xf1\x7e"
"\x29\xe7\xc4\xc4\xe7\xee\x54\xd6"
"\x58\x76\x84\x6d\x8d\xe4\x59\x31"
"\xe9\xf4\xdc\xa1\x1f\xe5\x1a\xd6"
"\xe6\x64\x46\xf5\x77\x9c\x60\x7a"
"\x5e\x62\xe3\x0a\xd4\x9f\x7a\x2d"
"\x7a\xa5\x0a\x7b\x29\x86\x7a\x74"
"\x74\x71\x6b\xca\x7d\x1d\xaa\xba"
"\x39\x84\x43\x76\x35\xfe\x4f\x9b"
"\xbb\xbb\xb5\x6a\x32\xb5\x5d\x41"
"\x51\xf0\x5b\x68\x03\x47\x4b\x8a"
"\xca\x88\xf6\x37\xbd\x73\x51\x70"
"\x66\xfe\x9e\x5f\x21\x9c\xf3\xdd"
"\xc3\xea\x27\xf9\x64\x94\xe1\x19"
"\xa0\xa9\xab\x60\xe0\x0e\xf7\x78"
"\x70\x86\xeb\xe0\xd1\x5c\x05\xd3"
"\xd7\xca\xe0\xc0\x47\x47\x34\xee"
"\x11\xa3\xa3\x54\x98\xb7\x49\x8e"
"\x84\x28\x70\x2c\x9e\xfb\x55\x54"
"\x4d\xf8\x86\xf7\x85\x7c\xbd\xf3"
"\x17\xd8\x47\xcb\xac\xf4\x20\x85"
"\x34\x66\xad\x37\x2d\x5e\x52\xda"
"\x8a\xfe\x98\x55\x30\xe7\x2d\x2b"
"\x19\x10\x8e\x7b\x66\x5e\xdc\xe0"
"\x45\x1f\x7b\xb4\x08\xfb\x8f\xf6"
"\x8c\x89\x21\x34\x55\x27\xb2\x76"
"\xb2\x07\xd9\xd6\x68\x9b\xea\x6b"
"\x2d\xb4\xc4\x35\xdd\xd2\x79\xae"
"\xc7\xd6\x26\x7f\x12\x01\x8c\xa7"
"\xe3\xdb\xa8\xf4\xf7\x2b\xec\x99"
"\x11\x00\xf1\x35\x8c\xcf\xd5\xc9"
"\xbd\x91\x36\x39\x70\xcf\x7d\x70"
"\x47\x1a\xfc\x6b\x56\xe0\x3f\x9c"
"\x60\x49\x01\x72\xa9\xaf\x2c\x9c"
"\xe8\xab\xda\x8c\x14\x19\xf3\x75"
"\x07\x17\x9d\x44\x67\x7a\x2e\xef"
"\xb7\x83\x35\x4a\xd1\x3d\x1c\x84"
"\x32\xdd\xaa\xea\xca\x1d\xdc\x72"
"\x2c\xcc\x43\xcd\x5d\xe3\x21\xa4"
"\xd0\x8a\x4b\x20\x12\xa3\xd5\x86"
"\x76\x96\xff\x5f\x04\x57\x0f\xe6"
"\xba\xe8\x76\x50\x0c\x64\x1d\x83"
"\x9c\x9b\x9a\x9a\x58\x97\x9c\x5c"
"\xb4\xa4\xa6\x3e\x19\xeb\x8f\x5a"
"\x61\xb2\x03\x7b\x35\x19\xbe\xa7"
"\x63\x0c\xfd\xdd\xf9\x90\x6c\x08"
"\x19\x11\xd3\x65\x4a\xf5\x96\x92"
"\x59\xaa\x9c\x61\x0c\x29\xa7\xf8"
"\x14\x39\x37\xbf\x3c\xf2\x16\x72"
"\x02\xfa\xa2\xf3\x18\x67\x5d\xcb"
"\xdc\x4d\xbb\x96\xff\x70\x08\x2d"
"\xc2\xa8\x52\xe1\x34\x5f\x72\xfe"
"\x64\xbf\xca\xa7\x74\x38\xfb\x74"
"\x55\x9c\xfa\x8a\xed\xfb\x98\xeb"
"\x58\x2e\x6c\xe1\x52\x76\x86\xd7"
"\xcf\xa1\xa4\xfc\xb2\x47\x41\x28"
"\xa3\xc1\xe5\xfd\x53\x19\x28\x2b"
"\x37\x04\x65\x96\x99\x7a\x28\x0f"
"\x07\x68\x4b\xc7\x52\x0a\x55\x35"
"\x40\x19\x95\x61\xe8\x59\x40\x1f"
"\x9d\xbf\x78\x7d\x8f\x84\xff\x6f"
"\xd0\xd5\x63\xd2\x22\xbd\xc8\x4e"
"\xfb\xe7\x9f\x06\xe6\xe7\x39\x6d"
"\x6a\x96\x9f\xf0\x74\x7e\xc9\x35"
"\xb7\x26\xb8\x1c\x0a\xa6\x27\x2c"
"\xa2\x2b\xfe\xbe\x0f\x07\x73\xae"
"\x7f\x7f\x54\xf5\x7c\x6a\x0a\x56"
"\x49\xd4\x81\xe5\x85\x53\x99\x1f"
"\x95\x05\x13\x58\x8d\x0e\x1b\x90"
"\xc3\x75\x48\x64\x58\x98\x67\x84"
"\xae\xe2\x21\xa2\x8a\x04\x0a\x0b"
"\x61\xaa\xb0\xd4\x28\x60\x7a\xf8"
"\xbc\x52\xfb\x24\x7f\xed\x0d\x2a"
"\x0a\xb2\xf9\xc6\x95\xb5\x11\xc9"
"\xf4\x0f\x26\x11\xcf\x2a\x57\x87"
"\x7a\xf3\xe7\x94\x65\xc2\xb5\xb3"
"\xab\x98\xe3\xc1\x2b\x59\x19\x7c"
"\xd6\xf3\xf9\xbf\xff\x6d\xc6\x82"
"\x13\x2f\x4a\x2e\xcd\x26\xfe\x2d"
"\x01\x70\xf4\xc2\x7f\x1f\x4c\xcb"
"\x47\x77\x0c\xa0\xa3\x03\xec\xda"
"\xa9\xbf\x0d\x2d\xae\xe4\xb8\x7b"
"\xa9\xbc\x08\xb4\x68\x2e\xc5\x60"
"\x8d\x87\x41\x2b\x0f\x69\xf0\xaf"
"\x5f\xba\x72\x20\x0f\x33\xcd\x6d"
"\x36\x7d\x7b\xd5\x05\xf1\x4b\x05"
"\xc4\xfc\x7f\x80\xb9\x4d\xbd\xf7"
"\x7c\x84\x07\x01\xc2\x40\x66\x5b"
"\x98\xc7\x2c\xe3\x97\xfa\xdf\x87"
"\xa0\x1f\xe9\x21\x42\x0f\x3b\xeb"
"\x89\x1c\x3b\xca\x83\x61\x77\x68"
"\x84\xbb\x60\x87\x38\x2e\x25\xd5"
"\x9e\x04\x41\x70\xac\xda\xc0\x9c"
"\x9c\x69\xea\x8d\x4e\x55\x2a\x29"
"\xed\x05\x4b\x7b\x73\x71\x90\x59"
"\x4d\xc8\xd8\x44\xf0\x4c\xe1\x5e"
"\x84\x47\x55\xcc\x32\x3f\xe7\x97"
"\x42\xc6\x32\xac\x40\xe5\xa5\xc7"
"\x8b\xed\xdb\xf7\x83\xd6\xb1\xc2"
"\x52\x5e\x34\xb7\xeb\x6e\xd9\xfc"
"\xe5\x93\x9a\x97\x3e\xb0\xdc\xd9"
"\xd7\x06\x10\xb6\x1d\x80\x59\xdd"
"\x0d\xfe\x64\x35\xcd\x5d\xec\xf0"
"\xba\xd0\x34\xc9\x2d\x91\xc5\x17"
"\x11",
.len = 1281,
.also_non_np = 1,
.np = 3,
.tap = { 1200, 1, 80 },
}, { /* test vector from https://tools.ietf.org/html/draft-arciszewski-xchacha-02#appendix-A.3.2 */
.key = "\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
.klen = 32,
.iv = "\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x58"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x54\x68\x65\x20\x64\x68\x6f\x6c"
"\x65\x20\x28\x70\x72\x6f\x6e\x6f"
"\x75\x6e\x63\x65\x64\x20\x22\x64"
"\x6f\x6c\x65\x22\x29\x20\x69\x73"
"\x20\x61\x6c\x73\x6f\x20\x6b\x6e"
"\x6f\x77\x6e\x20\x61\x73\x20\x74"
"\x68\x65\x20\x41\x73\x69\x61\x74"
"\x69\x63\x20\x77\x69\x6c\x64\x20"
"\x64\x6f\x67\x2c\x20\x72\x65\x64"
"\x20\x64\x6f\x67\x2c\x20\x61\x6e"
"\x64\x20\x77\x68\x69\x73\x74\x6c"
"\x69\x6e\x67\x20\x64\x6f\x67\x2e"
"\x20\x49\x74\x20\x69\x73\x20\x61"
"\x62\x6f\x75\x74\x20\x74\x68\x65"
"\x20\x73\x69\x7a\x65\x20\x6f\x66"
"\x20\x61\x20\x47\x65\x72\x6d\x61"
"\x6e\x20\x73\x68\x65\x70\x68\x65"
"\x72\x64\x20\x62\x75\x74\x20\x6c"
"\x6f\x6f\x6b\x73\x20\x6d\x6f\x72"
"\x65\x20\x6c\x69\x6b\x65\x20\x61"
"\x20\x6c\x6f\x6e\x67\x2d\x6c\x65"
"\x67\x67\x65\x64\x20\x66\x6f\x78"
"\x2e\x20\x54\x68\x69\x73\x20\x68"
"\x69\x67\x68\x6c\x79\x20\x65\x6c"
"\x75\x73\x69\x76\x65\x20\x61\x6e"
"\x64\x20\x73\x6b\x69\x6c\x6c\x65"
"\x64\x20\x6a\x75\x6d\x70\x65\x72"
"\x20\x69\x73\x20\x63\x6c\x61\x73"
"\x73\x69\x66\x69\x65\x64\x20\x77"
"\x69\x74\x68\x20\x77\x6f\x6c\x76"
"\x65\x73\x2c\x20\x63\x6f\x79\x6f"
"\x74\x65\x73\x2c\x20\x6a\x61\x63"
"\x6b\x61\x6c\x73\x2c\x20\x61\x6e"
"\x64\x20\x66\x6f\x78\x65\x73\x20"
"\x69\x6e\x20\x74\x68\x65\x20\x74"
"\x61\x78\x6f\x6e\x6f\x6d\x69\x63"
"\x20\x66\x61\x6d\x69\x6c\x79\x20"
"\x43\x61\x6e\x69\x64\x61\x65\x2e",
.ctext = "\x45\x59\xab\xba\x4e\x48\xc1\x61"
"\x02\xe8\xbb\x2c\x05\xe6\x94\x7f"
"\x50\xa7\x86\xde\x16\x2f\x9b\x0b"
"\x7e\x59\x2a\x9b\x53\xd0\xd4\xe9"
"\x8d\x8d\x64\x10\xd5\x40\xa1\xa6"
"\x37\x5b\x26\xd8\x0d\xac\xe4\xfa"
"\xb5\x23\x84\xc7\x31\xac\xbf\x16"
"\xa5\x92\x3c\x0c\x48\xd3\x57\x5d"
"\x4d\x0d\x2c\x67\x3b\x66\x6f\xaa"
"\x73\x10\x61\x27\x77\x01\x09\x3a"
"\x6b\xf7\xa1\x58\xa8\x86\x42\x92"
"\xa4\x1c\x48\xe3\xa9\xb4\xc0\xda"
"\xec\xe0\xf8\xd9\x8d\x0d\x7e\x05"
"\xb3\x7a\x30\x7b\xbb\x66\x33\x31"
"\x64\xec\x9e\x1b\x24\xea\x0d\x6c"
"\x3f\xfd\xdc\xec\x4f\x68\xe7\x44"
"\x30\x56\x19\x3a\x03\xc8\x10\xe1"
"\x13\x44\xca\x06\xd8\xed\x8a\x2b"
"\xfb\x1e\x8d\x48\xcf\xa6\xbc\x0e"
"\xb4\xe2\x46\x4b\x74\x81\x42\x40"
"\x7c\x9f\x43\x1a\xee\x76\x99\x60"
"\xe1\x5b\xa8\xb9\x68\x90\x46\x6e"
"\xf2\x45\x75\x99\x85\x23\x85\xc6"
"\x61\xf7\x52\xce\x20\xf9\xda\x0c"
"\x09\xab\x6b\x19\xdf\x74\xe7\x6a"
"\x95\x96\x74\x46\xf8\xd0\xfd\x41"
"\x5e\x7b\xee\x2a\x12\xa1\x14\xc2"
"\x0e\xb5\x29\x2a\xe7\xa3\x49\xae"
"\x57\x78\x20\xd5\x52\x0a\x1f\x3f"
"\xb6\x2a\x17\xce\x6a\x7e\x68\xfa"
"\x7c\x79\x11\x1d\x88\x60\x92\x0b"
"\xc0\x48\xef\x43\xfe\x84\x48\x6c"
"\xcb\x87\xc2\x5f\x0a\xe0\x45\xf0"
"\xcc\xe1\xe7\x98\x9a\x9a\xa2\x20"
"\xa2\x8b\xdd\x48\x27\xe7\x51\xa2"
"\x4a\x6d\x5c\x62\xd7\x90\xa6\x63"
"\x93\xb9\x31\x11\xc1\xa5\x5d\xd7"
"\x42\x1a\x10\x18\x49\x74\xc7\xc5",
.len = 304,
}
FROMGIT: crypto: chacha20-generic - add XChaCha20 support Add support for the XChaCha20 stream cipher. XChaCha20 is the application of the XSalsa20 construction (https://cr.yp.to/snuffle/xsalsa-20081128.pdf) to ChaCha20 rather than to Salsa20. XChaCha20 extends ChaCha20's nonce length from 64 bits (or 96 bits, depending on convention) to 192 bits, while provably retaining ChaCha20's security. XChaCha20 uses the ChaCha20 permutation to map the key and first 128 nonce bits to a 256-bit subkey. Then, it does the ChaCha20 stream cipher with the subkey and remaining 64 bits of nonce. We need XChaCha support in order to add support for the Adiantum encryption mode. Note that to meet our performance requirements, we actually plan to primarily use the variant XChaCha12. But we believe it's wise to first add XChaCha20 as a baseline with a higher security margin, in case there are any situations where it can be used. Supporting both variants is straightforward. Since XChaCha20's subkey differs for each request, XChaCha20 can't be a template that wraps ChaCha20; that would require re-keying the underlying ChaCha20 for every request, which wouldn't be thread-safe. Instead, we make XChaCha20 its own top-level algorithm which calls the ChaCha20 streaming implementation internally. Similar to the existing ChaCha20 implementation, we define the IV to be the nonce and stream position concatenated together. This allows users to seek to any position in the stream. I considered splitting the code into separate chacha20-common, chacha20, and xchacha20 modules, so that chacha20 and xchacha20 could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity of separate modules. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit de61d7ae5d3789dcba3749a418f76613fbee8414 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I5c878e1d6577abda11d7b737cbb650baf16b6886 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:20 -07:00
};
FROMGIT: crypto: chacha - add XChaCha12 support Now that the generic implementation of ChaCha20 has been refactored to allow varying the number of rounds, add support for XChaCha12, which is the XSalsa construction applied to ChaCha12. ChaCha12 is one of the three ciphers specified by the original ChaCha paper (https://cr.yp.to/chacha/chacha-20080128.pdf: "ChaCha, a variant of Salsa20"), alongside ChaCha8 and ChaCha20. ChaCha12 is faster than ChaCha20 but has a lower, but still large, security margin. We need XChaCha12 support so that it can be used in the Adiantum encryption mode, which enables disk/file encryption on low-end mobile devices where AES-XTS is too slow as the CPUs lack AES instructions. We'd prefer XChaCha20 (the more popular variant), but it's too slow on some of our target devices, so at least in some cases we do need the XChaCha12-based version. In more detail, the problem is that Adiantum is still much slower than we're happy with, and encryption still has a quite noticeable effect on the feel of low-end devices. Users and vendors push back hard against encryption that degrades the user experience, which always risks encryption being disabled entirely. So we need to choose the fastest option that gives us a solid margin of security, and here that's XChaCha12. The best known attack on ChaCha breaks only 7 rounds and has 2^235 time complexity, so ChaCha12's security margin is still better than AES-256's. Much has been learned about cryptanalysis of ARX ciphers since Salsa20 was originally designed in 2005, and it now seems we can be comfortable with a smaller number of rounds. The eSTREAM project also suggests the 12-round version of Salsa20 as providing the best balance among the different variants: combining very good performance with a "comfortable margin of security". Note that it would be trivial to add vanilla ChaCha12 in addition to XChaCha12. However, it's unneeded for now and therefore is omitted. As discussed in the patch that introduced XChaCha20 support, I considered splitting the code into separate chacha-common, chacha20, xchacha20, and xchacha12 modules, so that these algorithms could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit aa7624093cb7fbf4fea95e612580d8d29a819f67 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I876a5be92e9f583effcd35a4b66a36608ac581f0 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:22 -07:00
/*
* Same as XChaCha20 test vectors above, but recomputed the ciphertext with
* XChaCha12, using a modified libsodium.
*/
static const struct cipher_testvec xchacha12_tv_template[] = {
{
.key = "\x79\xc9\x97\x98\xac\x67\x30\x0b"
"\xbb\x27\x04\xc9\x5c\x34\x1e\x32"
"\x45\xf3\xdc\xb2\x17\x61\xb9\x8e"
"\x52\xff\x45\xb2\x4f\x30\x4f\xc4",
.klen = 32,
.iv = "\xb3\x3f\xfd\x30\x96\x47\x9b\xcf"
"\xbc\x9a\xee\x49\x41\x76\x88\xa0"
"\xa2\x55\x4f\x8d\x95\x38\x94\x19"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00",
.ctext = "\x1b\x78\x7f\xd7\xa1\x41\x68\xab"
"\x3d\x3f\xd1\x7b\x69\x56\xb2\xd5"
"\x43\xce\xeb\xaf\x36\xf0\x29\x9d"
"\x3a\xfb\x18\xae\x1b",
.len = 29,
}, {
.key = "\x9d\x23\xbd\x41\x49\xcb\x97\x9c"
"\xcf\x3c\x5c\x94\xdd\x21\x7e\x98"
"\x08\xcb\x0e\x50\xcd\x0f\x67\x81"
"\x22\x35\xea\xaf\x60\x1d\x62\x32",
.klen = 32,
.iv = "\xc0\x47\x54\x82\x66\xb7\xc3\x70"
"\xd3\x35\x66\xa2\x42\x5c\xbf\x30"
"\xd8\x2d\x1e\xaf\x52\x94\x10\x9e"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00",
.ctext = "\xfb\x32\x09\x1d\x83\x05\xae\x4c"
"\x13\x1f\x12\x71\xf2\xca\xb2\xeb"
"\x5b\x83\x14\x7d\x83\xf6\x57\x77"
"\x2e\x40\x1f\x92\x2c\xf9\xec\x35"
"\x34\x1f\x93\xdf\xfb\x30\xd7\x35"
"\x03\x05\x78\xc1\x20\x3b\x7a\xe3"
"\x62\xa3\x89\xdc\x11\x11\x45\xa8"
"\x82\x89\xa0\xf1\x4e\xc7\x0f\x11"
"\x69\xdd\x0c\x84\x2b\x89\x5c\xdc"
"\xf0\xde\x01\xef\xc5\x65\x79\x23"
"\x87\x67\xd6\x50\xd9\x8d\xd9\x92"
"\x54\x5b\x0e",
.len = 91,
}, {
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x67\xc6\x69\x73"
"\x51\xff\x4a\xec\x29\xcd\xba\xab"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ctext = "\xdf\x2d\xc6\x21\x2a\x9d\xa1\xbb"
"\xc2\x77\x66\x0c\x5c\x46\xef\xa7"
"\x79\x1b\xb9\xdf\x55\xe2\xf9\x61"
"\x4c\x7b\xa4\x52\x24\xaf\xa2\xda"
"\xd1\x8f\x8f\xa2\x9e\x53\x4d\xc4"
"\xb8\x55\x98\x08\x7c\x08\xd4\x18"
"\x67\x8f\xef\x50\xb1\x5f\xa5\x77"
"\x4c\x25\xe7\x86\x26\x42\xca\x44",
.len = 64,
}, {
.key = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x00\x00\x00\x00\x01",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\xf2\xfb\xe3\x46"
"\x7c\xc2\x54\xf8\x1b\xe8\xe7\x8d"
"\x01\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x41\x6e\x79\x20\x73\x75\x62\x6d"
"\x69\x73\x73\x69\x6f\x6e\x20\x74"
"\x6f\x20\x74\x68\x65\x20\x49\x45"
"\x54\x46\x20\x69\x6e\x74\x65\x6e"
"\x64\x65\x64\x20\x62\x79\x20\x74"
"\x68\x65\x20\x43\x6f\x6e\x74\x72"
"\x69\x62\x75\x74\x6f\x72\x20\x66"
"\x6f\x72\x20\x70\x75\x62\x6c\x69"
"\x63\x61\x74\x69\x6f\x6e\x20\x61"
"\x73\x20\x61\x6c\x6c\x20\x6f\x72"
"\x20\x70\x61\x72\x74\x20\x6f\x66"
"\x20\x61\x6e\x20\x49\x45\x54\x46"
"\x20\x49\x6e\x74\x65\x72\x6e\x65"
"\x74\x2d\x44\x72\x61\x66\x74\x20"
"\x6f\x72\x20\x52\x46\x43\x20\x61"
"\x6e\x64\x20\x61\x6e\x79\x20\x73"
"\x74\x61\x74\x65\x6d\x65\x6e\x74"
"\x20\x6d\x61\x64\x65\x20\x77\x69"
"\x74\x68\x69\x6e\x20\x74\x68\x65"
"\x20\x63\x6f\x6e\x74\x65\x78\x74"
"\x20\x6f\x66\x20\x61\x6e\x20\x49"
"\x45\x54\x46\x20\x61\x63\x74\x69"
"\x76\x69\x74\x79\x20\x69\x73\x20"
"\x63\x6f\x6e\x73\x69\x64\x65\x72"
"\x65\x64\x20\x61\x6e\x20\x22\x49"
"\x45\x54\x46\x20\x43\x6f\x6e\x74"
"\x72\x69\x62\x75\x74\x69\x6f\x6e"
"\x22\x2e\x20\x53\x75\x63\x68\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x63\x6c\x75"
"\x64\x65\x20\x6f\x72\x61\x6c\x20"
"\x73\x74\x61\x74\x65\x6d\x65\x6e"
"\x74\x73\x20\x69\x6e\x20\x49\x45"
"\x54\x46\x20\x73\x65\x73\x73\x69"
"\x6f\x6e\x73\x2c\x20\x61\x73\x20"
"\x77\x65\x6c\x6c\x20\x61\x73\x20"
"\x77\x72\x69\x74\x74\x65\x6e\x20"
"\x61\x6e\x64\x20\x65\x6c\x65\x63"
"\x74\x72\x6f\x6e\x69\x63\x20\x63"
"\x6f\x6d\x6d\x75\x6e\x69\x63\x61"
"\x74\x69\x6f\x6e\x73\x20\x6d\x61"
"\x64\x65\x20\x61\x74\x20\x61\x6e"
"\x79\x20\x74\x69\x6d\x65\x20\x6f"
"\x72\x20\x70\x6c\x61\x63\x65\x2c"
"\x20\x77\x68\x69\x63\x68\x20\x61"
"\x72\x65\x20\x61\x64\x64\x72\x65"
"\x73\x73\x65\x64\x20\x74\x6f",
.ctext = "\xe4\xa6\xc8\x30\xc4\x23\x13\xd6"
"\x08\x4d\xc9\xb7\xa5\x64\x7c\xb9"
"\x71\xe2\xab\x3e\xa8\x30\x8a\x1c"
"\x4a\x94\x6d\x9b\xe0\xb3\x6f\xf1"
"\xdc\xe3\x1b\xb3\xa9\x6d\x0d\xd6"
"\xd0\xca\x12\xef\xe7\x5f\xd8\x61"
"\x3c\x82\xd3\x99\x86\x3c\x6f\x66"
"\x02\x06\xdc\x55\xf9\xed\xdf\x38"
"\xb4\xa6\x17\x00\x7f\xef\xbf\x4f"
"\xf8\x36\xf1\x60\x7e\x47\xaf\xdb"
"\x55\x9b\x12\xcb\x56\x44\xa7\x1f"
"\xd3\x1a\x07\x3b\x00\xec\xe6\x4c"
"\xa2\x43\x27\xdf\x86\x19\x4f\x16"
"\xed\xf9\x4a\xf3\x63\x6f\xfa\x7f"
"\x78\x11\xf6\x7d\x97\x6f\xec\x6f"
"\x85\x0f\x5c\x36\x13\x8d\x87\xe0"
"\x80\xb1\x69\x0b\x98\x89\x9c\x4e"
"\xf8\xdd\xee\x5c\x0a\x85\xce\xd4"
"\xea\x1b\x48\xbe\x08\xf8\xe2\xa8"
"\xa5\xb0\x3c\x79\xb1\x15\xb4\xb9"
"\x75\x10\x95\x35\x81\x7e\x26\xe6"
"\x78\xa4\x88\xcf\xdb\x91\x34\x18"
"\xad\xd7\x8e\x07\x7d\xab\x39\xf9"
"\xa3\x9e\xa5\x1d\xbb\xed\x61\xfd"
"\xdc\xb7\x5a\x27\xfc\xb5\xc9\x10"
"\xa8\xcc\x52\x7f\x14\x76\x90\xe7"
"\x1b\x29\x60\x74\xc0\x98\x77\xbb"
"\xe0\x54\xbb\x27\x49\x59\x1e\x62"
"\x3d\xaf\x74\x06\xa4\x42\x6f\xc6"
"\x52\x97\xc4\x1d\xc4\x9f\xe2\xe5"
"\x38\x57\x91\xd1\xa2\x28\xcc\x40"
"\xcc\x70\x59\x37\xfc\x9f\x4b\xda"
"\xa0\xeb\x97\x9a\x7d\xed\x14\x5c"
"\x9c\xb7\x93\x26\x41\xa8\x66\xdd"
"\x87\x6a\xc0\xd3\xc2\xa9\x3e\xae"
"\xe9\x72\xfe\xd1\xb3\xac\x38\xea"
"\x4d\x15\xa9\xd5\x36\x61\xe9\x96"
"\x6c\x23\xf8\x43\xe4\x92\x29\xd9"
"\x8b\x78\xf7\x0a\x52\xe0\x19\x5b"
"\x59\x69\x5b\x5d\xa1\x53\xc4\x68"
"\xe1\xbb\xac\x89\x14\xe2\xe2\x85"
"\x41\x18\xf5\xb3\xd1\xfa\x68\x19"
"\x44\x78\xdc\xcf\xe7\x88\x2d\x52"
"\x5f\x40\xb5\x7e\xf8\x88\xa2\xae"
"\x4a\xb2\x07\x35\x9d\x9b\x07\x88"
"\xb7\x00\xd0\x0c\xb6\xa0\x47\x59"
"\xda\x4e\xc9\xab\x9b\x8a\x7b",
.len = 375,
.also_non_np = 1,
.np = 3,
.tap = { 375 - 20, 4, 16 },
}, {
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x02\x76\x5a\x2e\x63"
"\x33\x9f\xc9\x9a\x66\x32\x0d\xb7"
"\x2a\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x27\x54\x77\x61\x73\x20\x62\x72"
"\x69\x6c\x6c\x69\x67\x2c\x20\x61"
"\x6e\x64\x20\x74\x68\x65\x20\x73"
"\x6c\x69\x74\x68\x79\x20\x74\x6f"
"\x76\x65\x73\x0a\x44\x69\x64\x20"
"\x67\x79\x72\x65\x20\x61\x6e\x64"
"\x20\x67\x69\x6d\x62\x6c\x65\x20"
"\x69\x6e\x20\x74\x68\x65\x20\x77"
"\x61\x62\x65\x3a\x0a\x41\x6c\x6c"
"\x20\x6d\x69\x6d\x73\x79\x20\x77"
"\x65\x72\x65\x20\x74\x68\x65\x20"
"\x62\x6f\x72\x6f\x67\x6f\x76\x65"
"\x73\x2c\x0a\x41\x6e\x64\x20\x74"
"\x68\x65\x20\x6d\x6f\x6d\x65\x20"
"\x72\x61\x74\x68\x73\x20\x6f\x75"
"\x74\x67\x72\x61\x62\x65\x2e",
.ctext = "\xb9\x68\xbc\x6a\x24\xbc\xcc\xd8"
"\x9b\x2a\x8d\x5b\x96\xaf\x56\xe3"
"\x11\x61\xe7\xa7\x9b\xce\x4e\x7d"
"\x60\x02\x48\xac\xeb\xd5\x3a\x26"
"\x9d\x77\x3b\xb5\x32\x13\x86\x8e"
"\x20\x82\x26\x72\xae\x64\x1b\x7e"
"\x2e\x01\x68\xb4\x87\x45\xa1\x24"
"\xe4\x48\x40\xf0\xaa\xac\xee\xa9"
"\xfc\x31\xad\x9d\x89\xa3\xbb\xd2"
"\xe4\x25\x13\xad\x0f\x5e\xdf\x3c"
"\x27\xab\xb8\x62\x46\x22\x30\x48"
"\x55\x2c\x4e\x84\x78\x1d\x0d\x34"
"\x8d\x3c\x91\x0a\x7f\x5b\x19\x9f"
"\x97\x05\x4c\xa7\x62\x47\x8b\xc5"
"\x44\x2e\x20\x33\xdd\xa0\x82\xa9"
"\x25\x76\x37\xe6\x3c\x67\x5b",
.len = 127,
}, {
.key = "\x1c\x92\x40\xa5\xeb\x55\xd3\x8a"
"\xf3\x33\x88\x86\x04\xf6\xb5\xf0"
"\x47\x39\x17\xc1\x40\x2b\x80\x09"
"\x9d\xca\x5c\xbc\x20\x70\x75\xc0",
.klen = 32,
.iv = "\x00\x00\x00\x00\x00\x00\x00\x00"
"\x00\x00\x00\x01\x31\x58\xa3\x5a"
"\x25\x5d\x05\x17\x58\xe9\x5e\xd4"
"\x1c\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x49\xee\xe0\xdc\x24\x90\x40\xcd"
"\xc5\x40\x8f\x47\x05\xbc\xdd\x81"
"\x47\xc6\x8d\xe6\xb1\x8f\xd7\xcb"
"\x09\x0e\x6e\x22\x48\x1f\xbf\xb8"
"\x5c\xf7\x1e\x8a\xc1\x23\xf2\xd4"
"\x19\x4b\x01\x0f\x4e\xa4\x43\xce"
"\x01\xc6\x67\xda\x03\x91\x18\x90"
"\xa5\xa4\x8e\x45\x03\xb3\x2d\xac"
"\x74\x92\xd3\x53\x47\xc8\xdd\x25"
"\x53\x6c\x02\x03\x87\x0d\x11\x0c"
"\x58\xe3\x12\x18\xfd\x2a\x5b\x40"
"\x0c\x30\xf0\xb8\x3f\x43\xce\xae"
"\x65\x3a\x7d\x7c\xf4\x54\xaa\xcc"
"\x33\x97\xc3\x77\xba\xc5\x70\xde"
"\xd7\xd5\x13\xa5\x65\xc4\x5f\x0f"
"\x46\x1a\x0d\x97\xb5\xf3\xbb\x3c"
"\x84\x0f\x2b\xc5\xaa\xea\xf2\x6c"
"\xc9\xb5\x0c\xee\x15\xf3\x7d\xbe"
"\x9f\x7b\x5a\xa6\xae\x4f\x83\xb6"
"\x79\x49\x41\xf4\x58\x18\xcb\x86"
"\x7f\x30\x0e\xf8\x7d\x44\x36\xea"
"\x75\xeb\x88\x84\x40\x3c\xad\x4f"
"\x6f\x31\x6b\xaa\x5d\xe5\xa5\xc5"
"\x21\x66\xe9\xa7\xe3\xb2\x15\x88"
"\x78\xf6\x79\xa1\x59\x47\x12\x4e"
"\x9f\x9f\x64\x1a\xa0\x22\x5b\x08"
"\xbe\x7c\x36\xc2\x2b\x66\x33\x1b"
"\xdd\x60\x71\xf7\x47\x8c\x61\xc3"
"\xda\x8a\x78\x1e\x16\xfa\x1e\x86"
"\x81\xa6\x17\x2a\xa7\xb5\xc2\xe7"
"\xa4\xc7\x42\xf1\xcf\x6a\xca\xb4"
"\x45\xcf\xf3\x93\xf0\xe7\xea\xf6"
"\xf4\xe6\x33\x43\x84\x93\xa5\x67"
"\x9b\x16\x58\x58\x80\x0f\x2b\x5c"
"\x24\x74\x75\x7f\x95\x81\xb7\x30"
"\x7a\x33\xa7\xf7\x94\x87\x32\x27"
"\x10\x5d\x14\x4c\x43\x29\xdd\x26"
"\xbd\x3e\x3c\x0e\xfe\x0e\xa5\x10"
"\xea\x6b\x64\xfd\x73\xc6\xed\xec"
"\xa8\xc9\xbf\xb3\xba\x0b\x4d\x07"
"\x70\xfc\x16\xfd\x79\x1e\xd7\xc5"
"\x49\x4e\x1c\x8b\x8d\x79\x1b\xb1"
"\xec\xca\x60\x09\x4c\x6a\xd5\x09"
"\x49\x46\x00\x88\x22\x8d\xce\xea"
"\xb1\x17\x11\xde\x42\xd2\x23\xc1"
"\x72\x11\xf5\x50\x73\x04\x40\x47"
"\xf9\x5d\xe7\xa7\x26\xb1\x7e\xb0"
"\x3f\x58\xc1\x52\xab\x12\x67\x9d"
"\x3f\x43\x4b\x68\xd4\x9c\x68\x38"
"\x07\x8a\x2d\x3e\xf3\xaf\x6a\x4b"
"\xf9\xe5\x31\x69\x22\xf9\xa6\x69"
"\xc6\x9c\x96\x9a\x12\x35\x95\x1d"
"\x95\xd5\xdd\xbe\xbf\x93\x53\x24"
"\xfd\xeb\xc2\x0a\x64\xb0\x77\x00"
"\x6f\x88\xc4\x37\x18\x69\x7c\xd7"
"\x41\x92\x55\x4c\x03\xa1\x9a\x4b"
"\x15\xe5\xdf\x7f\x37\x33\x72\xc1"
"\x8b\x10\x67\xa3\x01\x57\x94\x25"
"\x7b\x38\x71\x7e\xdd\x1e\xcc\x73"
"\x55\xd2\x8e\xeb\x07\xdd\xf1\xda"
"\x58\xb1\x47\x90\xfe\x42\x21\x72"
"\xa3\x54\x7a\xa0\x40\xec\x9f\xdd"
"\xc6\x84\x6e\xca\xae\xe3\x68\xb4"
"\x9d\xe4\x78\xff\x57\xf2\xf8\x1b"
"\x03\xa1\x31\xd9\xde\x8d\xf5\x22"
"\x9c\xdd\x20\xa4\x1e\x27\xb1\x76"
"\x4f\x44\x55\xe2\x9b\xa1\x9c\xfe"
"\x54\xf7\x27\x1b\xf4\xde\x02\xf5"
"\x1b\x55\x48\x5c\xdc\x21\x4b\x9e"
"\x4b\x6e\xed\x46\x23\xdc\x65\xb2"
"\xcf\x79\x5f\x28\xe0\x9e\x8b\xe7"
"\x4c\x9d\x8a\xff\xc1\xa6\x28\xb8"
"\x65\x69\x8a\x45\x29\xef\x74\x85"
"\xde\x79\xc7\x08\xae\x30\xb0\xf4"
"\xa3\x1d\x51\x41\xab\xce\xcb\xf6"
"\xb5\xd8\x6d\xe0\x85\xe1\x98\xb3"
"\x43\xbb\x86\x83\x0a\xa0\xf5\xb7"
"\x04\x0b\xfa\x71\x1f\xb0\xf6\xd9"
"\x13\x00\x15\xf0\xc7\xeb\x0d\x5a"
"\x9f\xd7\xb9\x6c\x65\x14\x22\x45"
"\x6e\x45\x32\x3e\x7e\x60\x1a\x12"
"\x97\x82\x14\xfb\xaa\x04\x22\xfa"
"\xa0\xe5\x7e\x8c\x78\x02\x48\x5d"
"\x78\x33\x5a\x7c\xad\xdb\x29\xce"
"\xbb\x8b\x61\xa4\xb7\x42\xe2\xac"
"\x8b\x1a\xd9\x2f\x0b\x8b\x62\x21"
"\x83\x35\x7e\xad\x73\xc2\xb5\x6c"
"\x10\x26\x38\x07\xe5\xc7\x36\x80"
"\xe2\x23\x12\x61\xf5\x48\x4b\x2b"
"\xc5\xdf\x15\xd9\x87\x01\xaa\xac"
"\x1e\x7c\xad\x73\x78\x18\x63\xe0"
"\x8b\x9f\x81\xd8\x12\x6a\x28\x10"
"\xbe\x04\x68\x8a\x09\x7c\x1b\x1c"
"\x83\x66\x80\x47\x80\xe8\xfd\x35"
"\x1c\x97\x6f\xae\x49\x10\x66\xcc"
"\xc6\xd8\xcc\x3a\x84\x91\x20\x77"
"\x72\xe4\x24\xd2\x37\x9f\xc5\xc9"
"\x25\x94\x10\x5f\x40\x00\x64\x99"
"\xdc\xae\xd7\x21\x09\x78\x50\x15"
"\xac\x5f\xc6\x2c\xa2\x0b\xa9\x39"
"\x87\x6e\x6d\xab\xde\x08\x51\x16"
"\xc7\x13\xe9\xea\xed\x06\x8e\x2c"
"\xf8\x37\x8c\xf0\xa6\x96\x8d\x43"
"\xb6\x98\x37\xb2\x43\xed\xde\xdf"
"\x89\x1a\xe7\xeb\x9d\xa1\x7b\x0b"
"\x77\xb0\xe2\x75\xc0\xf1\x98\xd9"
"\x80\x55\xc9\x34\x91\xd1\x59\xe8"
"\x4b\x0f\xc1\xa9\x4b\x7a\x84\x06"
"\x20\xa8\x5d\xfa\xd1\xde\x70\x56"
"\x2f\x9e\x91\x9c\x20\xb3\x24\xd8"
"\x84\x3d\xe1\x8c\x7e\x62\x52\xe5"
"\x44\x4b\x9f\xc2\x93\x03\xea\x2b"
"\x59\xc5\xfa\x3f\x91\x2b\xbb\x23"
"\xf5\xb2\x7b\xf5\x38\xaf\xb3\xee"
"\x63\xdc\x7b\xd1\xff\xaa\x8b\xab"
"\x82\x6b\x37\x04\xeb\x74\xbe\x79"
"\xb9\x83\x90\xef\x20\x59\x46\xff"
"\xe9\x97\x3e\x2f\xee\xb6\x64\x18"
"\x38\x4c\x7a\x4a\xf9\x61\xe8\x9a"
"\xa1\xb5\x01\xa6\x47\xd3\x11\xd4"
"\xce\xd3\x91\x49\x88\xc7\xb8\x4d"
"\xb1\xb9\x07\x6d\x16\x72\xae\x46"
"\x5e\x03\xa1\x4b\xb6\x02\x30\xa8"
"\x3d\xa9\x07\x2a\x7c\x19\xe7\x62"
"\x87\xe3\x82\x2f\x6f\xe1\x09\xd9"
"\x94\x97\xea\xdd\x58\x9e\xae\x76"
"\x7e\x35\xe5\xb4\xda\x7e\xf4\xde"
"\xf7\x32\x87\xcd\x93\xbf\x11\x56"
"\x11\xbe\x08\x74\xe1\x69\xad\xe2"
"\xd7\xf8\x86\x75\x8a\x3c\xa4\xbe"
"\x70\xa7\x1b\xfc\x0b\x44\x2a\x76"
"\x35\xea\x5d\x85\x81\xaf\x85\xeb"
"\xa0\x1c\x61\xc2\xf7\x4f\xa5\xdc"
"\x02\x7f\xf6\x95\x40\x6e\x8a\x9a"
"\xf3\x5d\x25\x6e\x14\x3a\x22\xc9"
"\x37\x1c\xeb\x46\x54\x3f\xa5\x91"
"\xc2\xb5\x8c\xfe\x53\x08\x97\x32"
"\x1b\xb2\x30\x27\xfe\x25\x5d\xdc"
"\x08\x87\xd0\xe5\x94\x1a\xd4\xf1"
"\xfe\xd6\xb4\xa3\xe6\x74\x81\x3c"
"\x1b\xb7\x31\xa7\x22\xfd\xd4\xdd"
"\x20\x4e\x7c\x51\xb0\x60\x73\xb8"
"\x9c\xac\x91\x90\x7e\x01\xb0\xe1"
"\x8a\x2f\x75\x1c\x53\x2a\x98\x2a"
"\x06\x52\x95\x52\xb2\xe9\x25\x2e"
"\x4c\xe2\x5a\x00\xb2\x13\x81\x03"
"\x77\x66\x0d\xa5\x99\xda\x4e\x8c"
"\xac\xf3\x13\x53\x27\x45\xaf\x64"
"\x46\xdc\xea\x23\xda\x97\xd1\xab"
"\x7d\x6c\x30\x96\x1f\xbc\x06\x34"
"\x18\x0b\x5e\x21\x35\x11\x8d\x4c"
"\xe0\x2d\xe9\x50\x16\x74\x81\xa8"
"\xb4\x34\xb9\x72\x42\xa6\xcc\xbc"
"\xca\x34\x83\x27\x10\x5b\x68\x45"
"\x8f\x52\x22\x0c\x55\x3d\x29\x7c"
"\xe3\xc0\x66\x05\x42\x91\x5f\x58"
"\xfe\x4a\x62\xd9\x8c\xa9\x04\x19"
"\x04\xa9\x08\x4b\x57\xfc\x67\x53"
"\x08\x7c\xbc\x66\x8a\xb0\xb6\x9f"
"\x92\xd6\x41\x7c\x5b\x2a\x00\x79"
"\x72",
.ctext = "\xe1\xb6\x8b\x5c\x80\xb8\xcc\x08"
"\x1b\x84\xb2\xd1\xad\xa4\x70\xac"
"\x67\xa9\x39\x27\xac\xb4\x5b\xb7"
"\x4c\x26\x77\x23\x1d\xce\x0a\xbe"
"\x18\x9e\x42\x8b\xbd\x7f\xd6\xf1"
"\xf1\x6b\xe2\x6d\x7f\x92\x0e\xcb"
"\xb8\x79\xba\xb4\xac\x7e\x2d\xc0"
"\x9e\x83\x81\x91\xd5\xea\xc3\x12"
"\x8d\xa4\x26\x70\xa4\xf9\x71\x0b"
"\xbd\x2e\xe1\xb3\x80\x42\x25\xb3"
"\x0b\x31\x99\xe1\x0d\xde\xa6\x90"
"\xf2\xa3\x10\xf7\xe5\xf3\x83\x1e"
"\x2c\xfb\x4d\xf0\x45\x3d\x28\x3c"
"\xb8\xf1\xcb\xbf\x67\xd8\x43\x5a"
"\x9d\x7b\x73\x29\x88\x0f\x13\x06"
"\x37\x50\x0d\x7c\xe6\x9b\x07\xdd"
"\x7e\x01\x1f\x81\x90\x10\x69\xdb"
"\xa4\xad\x8a\x5e\xac\x30\x72\xf2"
"\x36\xcd\xe3\x23\x49\x02\x93\xfa"
"\x3d\xbb\xe2\x98\x83\xeb\xe9\x8d"
"\xb3\x8f\x11\xaa\x53\xdb\xaf\x2e"
"\x95\x13\x99\x3d\x71\xbd\x32\x92"
"\xdd\xfc\x9d\x5e\x6f\x63\x2c\xee"
"\x91\x1f\x4c\x64\x3d\x87\x55\x0f"
"\xcc\x3d\x89\x61\x53\x02\x57\x8f"
"\xe4\x77\x29\x32\xaf\xa6\x2f\x0a"
"\xae\x3c\x3f\x3f\xf4\xfb\x65\x52"
"\xc5\xc1\x78\x78\x53\x28\xad\xed"
"\xd1\x67\x37\xc7\x59\x70\xcd\x0a"
"\xb8\x0f\x80\x51\x9f\xc0\x12\x5e"
"\x06\x0a\x7e\xec\x24\x5f\x73\x00"
"\xb1\x0b\x31\x47\x4f\x73\x8d\xb4"
"\xce\xf3\x55\x45\x6c\x84\x27\xba"
"\xb9\x6f\x03\x4a\xeb\x98\x88\x6e"
"\x53\xed\x25\x19\x0d\x8f\xfe\xca"
"\x60\xe5\x00\x93\x6e\x3c\xff\x19"
"\xae\x08\x3b\x8a\xa6\x84\x05\xfe"
"\x9b\x59\xa0\x8c\xc8\x05\x45\xf5"
"\x05\x37\xdc\x45\x6f\x8b\x95\x8c"
"\x4e\x11\x45\x7a\xce\x21\xa5\xf7"
"\x71\x67\xb9\xce\xd7\xf9\xe9\x5e"
"\x60\xf5\x53\x7a\xa8\x85\x14\x03"
"\xa0\x92\xec\xf3\x51\x80\x84\xc4"
"\xdc\x11\x9e\x57\xce\x4b\x45\xcf"
"\x90\x95\x85\x0b\x96\xe9\xee\x35"
"\x10\xb8\x9b\xf2\x59\x4a\xc6\x7e"
"\x85\xe5\x6f\x38\x51\x93\x40\x0c"
"\x99\xd7\x7f\x32\xa8\x06\x27\xd1"
"\x2b\xd5\xb5\x3a\x1a\xe1\x5e\xda"
"\xcd\x5a\x50\x30\x3c\xc7\xe7\x65"
"\xa6\x07\x0b\x98\x91\xc6\x20\x27"
"\x2a\x03\x63\x1b\x1e\x3d\xaf\xc8"
"\x71\x48\x46\x6a\x64\x28\xf9\x3d"
"\xd1\x1d\xab\xc8\x40\x76\xc2\x39"
"\x4e\x00\x75\xd2\x0e\x82\x58\x8c"
"\xd3\x73\x5a\xea\x46\x89\xbe\xfd"
"\x4e\x2c\x0d\x94\xaa\x9b\x68\xac"
"\x86\x87\x30\x7e\xa9\x16\xcd\x59"
"\xd2\xa6\xbe\x0a\xd8\xf5\xfd\x2d"
"\x49\x69\xd2\x1a\x90\xd2\x1b\xed"
"\xff\x71\x04\x87\x87\x21\xc4\xb8"
"\x1f\x5b\x51\x33\xd0\xd6\x59\x9a"
"\x03\x0e\xd3\x8b\xfb\x57\x73\xfd"
"\x5a\x52\x63\x82\xc8\x85\x2f\xcb"
"\x74\x6d\x4e\xd9\x68\x37\x85\x6a"
"\xd4\xfb\x94\xed\x8d\xd1\x1a\xaf"
"\x76\xa7\xb7\x88\xd0\x2b\x4e\xda"
"\xec\x99\x94\x27\x6f\x87\x8c\xdf"
"\x4b\x5e\xa6\x66\xdd\xcb\x33\x7b"
"\x64\x94\x31\xa8\x37\xa6\x1d\xdb"
"\x0d\x5c\x93\xa4\x40\xf9\x30\x53"
"\x4b\x74\x8d\xdd\xf6\xde\x3c\xac"
"\x5c\x80\x01\x3a\xef\xb1\x9a\x02"
"\x0c\x22\x8e\xe7\x44\x09\x74\x4c"
"\xf2\x9a\x27\x69\x7f\x12\x32\x36"
"\xde\x92\xdf\xde\x8f\x5b\x31\xab"
"\x4a\x01\x26\xe0\xb1\xda\xe8\x37"
"\x21\x64\xe8\xff\x69\xfc\x9e\x41"
"\xd2\x96\x2d\x18\x64\x98\x33\x78"
"\x24\x61\x73\x9b\x47\x29\xf1\xa7"
"\xcb\x27\x0f\xf0\x85\x6d\x8c\x9d"
"\x2c\x95\x9e\xe5\xb2\x8e\x30\x29"
"\x78\x8a\x9d\x65\xb4\x8e\xde\x7b"
"\xd9\x00\x50\xf5\x7f\x81\xc3\x1b"
"\x25\x85\xeb\xc2\x8c\x33\x22\x1e"
"\x68\x38\x22\x30\xd8\x2e\x00\x98"
"\x85\x16\x06\x56\xb4\x81\x74\x20"
"\x95\xdb\x1c\x05\x19\xe8\x23\x4d"
"\x65\x5d\xcc\xd8\x7f\xc4\x2d\x0f"
"\x57\x26\x71\x07\xad\xaa\x71\x9f"
"\x19\x76\x2f\x25\x51\x88\xe4\xc0"
"\x82\x6e\x08\x05\x37\x04\xee\x25"
"\x23\x90\xe9\x4e\xce\x9b\x16\xc1"
"\x31\xe7\x6e\x2c\x1b\xe1\x85\x9a"
"\x0c\x8c\xbb\x12\x1e\x68\x7b\x93"
"\xa9\x3c\x39\x56\x23\x3e\x6e\xc7"
"\x77\x84\xd3\xe0\x86\x59\xaa\xb9"
"\xd5\x53\x58\xc9\x0a\x83\x5f\x85"
"\xd8\x47\x14\x67\x8a\x3c\x17\xe0"
"\xab\x02\x51\xea\xf1\xf0\x4f\x30"
"\x7d\xe0\x92\xc2\x5f\xfb\x19\x5a"
"\x3f\xbd\xf4\x39\xa4\x31\x0c\x39"
"\xd1\xae\x4e\xf7\x65\x7f\x1f\xce"
"\xc2\x39\xd1\x84\xd4\xe5\x02\xe0"
"\x58\xaa\xf1\x5e\x81\xaf\x7f\x72"
"\x0f\x08\x99\x43\xb9\xd8\xac\x41"
"\x35\x55\xf2\xb2\xd4\x98\xb8\x3b"
"\x2b\x3c\x3e\x16\x06\x31\xfc\x79"
"\x47\x38\x63\x51\xc5\xd0\x26\xd7"
"\x43\xb4\x2b\xd9\xc5\x05\xf2\x9d"
"\x18\xc9\x26\x82\x56\xd2\x11\x05"
"\xb6\x89\xb4\x43\x9c\xb5\x9d\x11"
"\x6c\x83\x37\x71\x27\x1c\xae\xbf"
"\xcd\x57\xd2\xee\x0d\x5a\x15\x26"
"\x67\x88\x80\x80\x1b\xdc\xc1\x62"
"\xdd\x4c\xff\x92\x5c\x6c\xe1\xa0"
"\xe3\x79\xa9\x65\x8c\x8c\x14\x42"
"\xe5\x11\xd2\x1a\xad\xa9\x56\x6f"
"\x98\xfc\x8a\x7b\x56\x1f\xc6\xc1"
"\x52\x12\x92\x9b\x41\x0f\x4b\xae"
"\x1b\x4a\xbc\xfe\x23\xb6\x94\x70"
"\x04\x30\x9e\x69\x47\xbe\xb8\x8f"
"\xca\x45\xd7\x8a\xf4\x78\x3e\xaa"
"\x71\x17\xd8\x1e\xb8\x11\x8f\xbc"
"\xc8\x1a\x65\x7b\x41\x89\x72\xc7"
"\x5f\xbe\xc5\x2a\xdb\x5c\x54\xf9"
"\x25\xa3\x7a\x80\x56\x9c\x8c\xab"
"\x26\x19\x10\x36\xa6\xf3\x14\x79"
"\x40\x98\x70\x68\xb7\x35\xd9\xb9"
"\x27\xd4\xe7\x74\x5b\x3d\x97\xb4"
"\xd9\xaa\xd9\xf2\xb5\x14\x84\x1f"
"\xa9\xde\x12\x44\x5b\x00\xc0\xbc"
"\xc8\x11\x25\x1b\x67\x7a\x15\x72"
"\xa6\x31\x6f\xf4\x68\x7a\x86\x9d"
"\x43\x1c\x5f\x16\xd3\xad\x2e\x52"
"\xf3\xb4\xc3\xfa\x27\x2e\x68\x6c"
"\x06\xe7\x4c\x4f\xa2\xe0\xe4\x21"
"\x5d\x9e\x33\x58\x8d\xbf\xd5\x70"
"\xf8\x80\xa5\xdd\xe7\x18\x79\xfa"
"\x7b\xfd\x09\x69\x2c\x37\x32\xa8"
"\x65\xfa\x8d\x8b\x5c\xcc\xe8\xf3"
"\x37\xf6\xa6\xc6\x5c\xa2\x66\x79"
"\xfa\x8a\xa7\xd1\x0b\x2e\x1b\x5e"
"\x95\x35\x00\x76\xae\x42\xf7\x50"
"\x51\x78\xfb\xb4\x28\x24\xde\x1a"
"\x70\x8b\xed\xca\x3c\x5e\xe4\xbd"
"\x28\xb5\xf3\x76\x4f\x67\x5d\x81"
"\xb2\x60\x87\xd9\x7b\x19\x1a\xa7"
"\x79\xa2\xfa\x3f\x9e\xa9\xd7\x25"
"\x61\xe1\x74\x31\xa2\x77\xa0\x1b"
"\xf6\xf7\xcb\xc5\xaa\x9e\xce\xf9"
"\x9b\x96\xef\x51\xc3\x1a\x44\x96"
"\xae\x17\x50\xab\x29\x08\xda\xcc"
"\x1a\xb3\x12\xd0\x24\xe4\xe2\xe0"
"\xc6\xe3\xcc\x82\xd0\xba\x47\x4c"
"\x3f\x49\xd7\xe8\xb6\x61\xaa\x65"
"\x25\x18\x40\x2d\x62\x25\x02\x71"
"\x61\xa2\xc1\xb2\x13\xd2\x71\x3f"
"\x43\x1a\xc9\x09\x92\xff\xd5\x57"
"\xf0\xfc\x5e\x1c\xf1\xf5\xf9\xf3"
"\x5b",
.len = 1281,
.also_non_np = 1,
.np = 3,
.tap = { 1200, 1, 80 },
}, {
.key = "\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f",
.klen = 32,
.iv = "\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x58"
"\x00\x00\x00\x00\x00\x00\x00\x00",
.ptext = "\x54\x68\x65\x20\x64\x68\x6f\x6c"
"\x65\x20\x28\x70\x72\x6f\x6e\x6f"
"\x75\x6e\x63\x65\x64\x20\x22\x64"
"\x6f\x6c\x65\x22\x29\x20\x69\x73"
"\x20\x61\x6c\x73\x6f\x20\x6b\x6e"
"\x6f\x77\x6e\x20\x61\x73\x20\x74"
"\x68\x65\x20\x41\x73\x69\x61\x74"
"\x69\x63\x20\x77\x69\x6c\x64\x20"
"\x64\x6f\x67\x2c\x20\x72\x65\x64"
"\x20\x64\x6f\x67\x2c\x20\x61\x6e"
"\x64\x20\x77\x68\x69\x73\x74\x6c"
"\x69\x6e\x67\x20\x64\x6f\x67\x2e"
"\x20\x49\x74\x20\x69\x73\x20\x61"
"\x62\x6f\x75\x74\x20\x74\x68\x65"
"\x20\x73\x69\x7a\x65\x20\x6f\x66"
"\x20\x61\x20\x47\x65\x72\x6d\x61"
"\x6e\x20\x73\x68\x65\x70\x68\x65"
"\x72\x64\x20\x62\x75\x74\x20\x6c"
"\x6f\x6f\x6b\x73\x20\x6d\x6f\x72"
"\x65\x20\x6c\x69\x6b\x65\x20\x61"
"\x20\x6c\x6f\x6e\x67\x2d\x6c\x65"
"\x67\x67\x65\x64\x20\x66\x6f\x78"
"\x2e\x20\x54\x68\x69\x73\x20\x68"
"\x69\x67\x68\x6c\x79\x20\x65\x6c"
"\x75\x73\x69\x76\x65\x20\x61\x6e"
"\x64\x20\x73\x6b\x69\x6c\x6c\x65"
"\x64\x20\x6a\x75\x6d\x70\x65\x72"
"\x20\x69\x73\x20\x63\x6c\x61\x73"
"\x73\x69\x66\x69\x65\x64\x20\x77"
"\x69\x74\x68\x20\x77\x6f\x6c\x76"
"\x65\x73\x2c\x20\x63\x6f\x79\x6f"
"\x74\x65\x73\x2c\x20\x6a\x61\x63"
"\x6b\x61\x6c\x73\x2c\x20\x61\x6e"
"\x64\x20\x66\x6f\x78\x65\x73\x20"
"\x69\x6e\x20\x74\x68\x65\x20\x74"
"\x61\x78\x6f\x6e\x6f\x6d\x69\x63"
"\x20\x66\x61\x6d\x69\x6c\x79\x20"
"\x43\x61\x6e\x69\x64\x61\x65\x2e",
.ctext = "\x9f\x1a\xab\x8a\x95\xf4\x7e\xcd"
"\xee\x34\xc0\x39\xd6\x23\x43\x94"
"\xf6\x01\xc1\x7f\x60\x91\xa5\x23"
"\x4a\x8a\xe6\xb1\x14\x8b\xd7\x58"
"\xee\x02\xad\xab\xce\x1e\x7d\xdf"
"\xf9\x49\x27\x69\xd0\x8d\x0c\x20"
"\x6e\x17\xc4\xae\x87\x7a\xc6\x61"
"\x91\xe2\x8e\x0a\x1d\x61\xcc\x38"
"\x02\x64\x43\x49\xc6\xb2\x59\x59"
"\x42\xe7\x9d\x83\x00\x60\x90\xd2"
"\xb9\xcd\x97\x6e\xc7\x95\x71\xbc"
"\x23\x31\x58\x07\xb3\xb4\xac\x0b"
"\x87\x64\x56\xe5\xe3\xec\x63\xa1"
"\x71\x8c\x08\x48\x33\x20\x29\x81"
"\xea\x01\x25\x20\xc3\xda\xe6\xee"
"\x6a\x03\xf6\x68\x4d\x26\xa0\x91"
"\x9e\x44\xb8\xc1\xc0\x8f\x5a\x6a"
"\xc0\xcd\xbf\x24\x5e\x40\x66\xd2"
"\x42\x24\xb5\xbf\xc1\xeb\x12\x60"
"\x56\xbe\xb1\xa6\xc4\x0f\xfc\x49"
"\x69\x9f\xcc\x06\x5c\xe3\x26\xd7"
"\x52\xc0\x42\xe8\xb4\x76\xc3\xee"
"\xb2\x97\xe3\x37\x61\x29\x5a\xb5"
"\x8e\xe8\x8c\xc5\x38\xcc\xcb\xec"
"\x64\x1a\xa9\x12\x5f\xf7\x79\xdf"
"\x64\xca\x77\x4e\xbd\xf9\x83\xa0"
"\x13\x27\x3f\x31\x03\x63\x30\x26"
"\x27\x0b\x3e\xb3\x23\x13\x61\x0b"
"\x70\x1d\xd4\xad\x85\x1e\xbf\xdf"
"\xc6\x8e\x4d\x08\xcc\x7e\x77\xbd"
"\x1e\x18\x77\x38\x3a\xfe\xc0\x5d"
"\x16\xfc\xf0\xa9\x2f\xe9\x17\xc7"
"\xd3\x23\x17\x18\xa3\xe6\x54\x77"
"\x6f\x1b\xbe\x8a\x6e\x7e\xca\x97"
"\x08\x05\x36\x76\xaf\x12\x7a\x42"
"\xf7\x7a\xc2\x35\xc3\xb4\x93\x40"
"\x54\x14\x90\xa0\x4d\x65\x1c\x37"
"\x50\x70\x44\x29\x6d\x6e\x62\x68",
.len = 304,
}
FROMGIT: crypto: chacha - add XChaCha12 support Now that the generic implementation of ChaCha20 has been refactored to allow varying the number of rounds, add support for XChaCha12, which is the XSalsa construction applied to ChaCha12. ChaCha12 is one of the three ciphers specified by the original ChaCha paper (https://cr.yp.to/chacha/chacha-20080128.pdf: "ChaCha, a variant of Salsa20"), alongside ChaCha8 and ChaCha20. ChaCha12 is faster than ChaCha20 but has a lower, but still large, security margin. We need XChaCha12 support so that it can be used in the Adiantum encryption mode, which enables disk/file encryption on low-end mobile devices where AES-XTS is too slow as the CPUs lack AES instructions. We'd prefer XChaCha20 (the more popular variant), but it's too slow on some of our target devices, so at least in some cases we do need the XChaCha12-based version. In more detail, the problem is that Adiantum is still much slower than we're happy with, and encryption still has a quite noticeable effect on the feel of low-end devices. Users and vendors push back hard against encryption that degrades the user experience, which always risks encryption being disabled entirely. So we need to choose the fastest option that gives us a solid margin of security, and here that's XChaCha12. The best known attack on ChaCha breaks only 7 rounds and has 2^235 time complexity, so ChaCha12's security margin is still better than AES-256's. Much has been learned about cryptanalysis of ARX ciphers since Salsa20 was originally designed in 2005, and it now seems we can be comfortable with a smaller number of rounds. The eSTREAM project also suggests the 12-round version of Salsa20 as providing the best balance among the different variants: combining very good performance with a "comfortable margin of security". Note that it would be trivial to add vanilla ChaCha12 in addition to XChaCha12. However, it's unneeded for now and therefore is omitted. As discussed in the patch that introduced XChaCha20 support, I considered splitting the code into separate chacha-common, chacha20, xchacha20, and xchacha12 modules, so that these algorithms could be enabled/disabled independently. However, since nearly all the code is shared anyway, I ultimately decided there would have been little benefit to the added complexity. Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Acked-by: Martin Willi <martin@strongswan.org> Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit aa7624093cb7fbf4fea95e612580d8d29a819f67 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Bug: 112008522 Test: As series, see Ic61c13b53facfd2173065be715a7ee5f3af8760b Change-Id: I876a5be92e9f583effcd35a4b66a36608ac581f0 Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:22 -07:00
};
BACKPORT, FROMGIT: crypto: adiantum - add Adiantum support Add support for the Adiantum encryption mode. Adiantum was designed by Paul Crowley and is specified by our paper: Adiantum: length-preserving encryption for entry-level processors (https://eprint.iacr.org/2018/720.pdf) See our paper for full details; this patch only provides an overview. Adiantum is a tweakable, length-preserving encryption mode designed for fast and secure disk encryption, especially on CPUs without dedicated crypto instructions. Adiantum encrypts each sector using the XChaCha12 stream cipher, two passes of an ε-almost-∆-universal (εA∆U) hash function, and an invocation of the AES-256 block cipher on a single 16-byte block. On CPUs without AES instructions, Adiantum is much faster than AES-XTS; for example, on ARM Cortex-A7, on 4096-byte sectors Adiantum encryption is about 4 times faster than AES-256-XTS encryption, and decryption about 5 times faster. Adiantum is a specialization of the more general HBSH construction. Our earlier proposal, HPolyC, was also a HBSH specialization, but it used a different εA∆U hash function, one based on Poly1305 only. Adiantum's εA∆U hash function, which is based primarily on the "NH" hash function like that used in UMAC (RFC4418), is about twice as fast as HPolyC's; consequently, Adiantum is about 20% faster than HPolyC. This speed comes with no loss of security: Adiantum is provably just as secure as HPolyC, in fact slightly *more* secure. Like HPolyC, Adiantum's security is reducible to that of XChaCha12 and AES-256, subject to a security bound. XChaCha12 itself has a security reduction to ChaCha12. Therefore, one need not "trust" Adiantum; one need only trust ChaCha12 and AES-256. Note that the εA∆U hash function is only used for its proven combinatorical properties so cannot be "broken". Adiantum is also a true wide-block encryption mode, so flipping any plaintext bit in the sector scrambles the entire ciphertext, and vice versa. No other such mode is available in the kernel currently; doing the same with XTS scrambles only 16 bytes. Adiantum also supports arbitrary-length tweaks and naturally supports any length input >= 16 bytes without needing "ciphertext stealing". For the stream cipher, Adiantum uses XChaCha12 rather than XChaCha20 in order to make encryption feasible on the widest range of devices. Although the 20-round variant is quite popular, the best known attacks on ChaCha are on only 7 rounds, so ChaCha12 still has a substantial security margin; in fact, larger than AES-256's. 12-round Salsa20 is also the eSTREAM recommendation. For the block cipher, Adiantum uses AES-256, despite it having a lower security margin than XChaCha12 and needing table lookups, due to AES's extensive adoption and analysis making it the obvious first choice. Nevertheless, for flexibility this patch also permits the "adiantum" template to be instantiated with XChaCha20 and/or with an alternate block cipher. We need Adiantum support in the kernel for use in dm-crypt and fscrypt, where currently the only other suitable options are block cipher modes such as AES-XTS. A big problem with this is that many low-end mobile devices (e.g. Android Go phones sold primarily in developing countries, as well as some smartwatches) still have CPUs that lack AES instructions, e.g. ARM Cortex-A7. Sadly, AES-XTS encryption is much too slow to be viable on these devices. We did find that some "lightweight" block ciphers are fast enough, but these suffer from problems such as not having much cryptanalysis or being too controversial. The ChaCha stream cipher has excellent performance but is insecure to use directly for disk encryption, since each sector's IV is reused each time it is overwritten. Even restricting the threat model to offline attacks only isn't enough, since modern flash storage devices don't guarantee that "overwrites" are really overwrites, due to wear-leveling. Adiantum avoids this problem by constructing a "tweakable super-pseudorandom permutation"; this is the strongest possible security model for length-preserving encryption. Of course, storing random nonces along with the ciphertext would be the ideal solution. But doing that with existing hardware and filesystems runs into major practical problems; in most cases it would require data journaling (like dm-integrity) which severely degrades performance. Thus, for now length-preserving encryption is still needed. Signed-off-by: Eric Biggers <ebiggers@google.com> Reviewed-by: Ard Biesheuvel <ard.biesheuvel@linaro.org> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au> (cherry picked from commit 059c2a4d8e164dccc3078e49e7f286023b019a98 https://git.kernel.org/pub/scm/linux/kernel/git/herbert/cryptodev-2.6.git master) Conflicts: crypto/tcrypt.c Bug: 112008522 Test: Among other things, I ran the relevant crypto self-tests: 1.) Build kernel with CONFIG_CRYPTO_MANAGER_DISABLE_TESTS *unset*, and all relevant crypto algorithms built-in, including: CONFIG_CRYPTO_ADIANTUM=y CONFIG_CRYPTO_CHACHA20=y CONFIG_CRYPTO_CHACHA20_NEON=y CONFIG_CRYPTO_NHPOLY1305=y CONFIG_CRYPTO_NHPOLY1305_NEON=y CONFIG_CRYPTO_POLY1305=y CONFIG_CRYPTO_AES=y CONFIG_CRYPTO_AES_ARM=y 2.) Boot and check dmesg for test failures. 3.) Instantiate "adiantum(xchacha12,aes)" and "adiantum(xchacha20,aes)" to trigger them to be tested. There are many ways to do this, but one way is to create a dm-crypt target that uses them, e.g. key=$(hexdump -n 32 -e '16/4 "%08X" 1 "\n"' /dev/urandom) dmsetup create crypt --table "0 $((1<<17)) crypt xchacha12,aes-adiantum-plain64 $key 0 /dev/vdc 0" dmsetup remove crypt dmsetup create crypt --table "0 $((1<<17)) crypt xchacha20,aes-adiantum-plain64 $key 0 /dev/vdc 0" dmsetup remove crypt 4.) Check dmesg for test failures again. 5.) Do 1-4 on both x86_64 (for basic testing) and on arm32 (for testing the ARM32-specific implementations). I did the arm32 kernel testing on Raspberry Pi 2, which is a BCM2836-based device that can run the upstream and Android common kernels. The same ARM32 assembly files for ChaCha, NHPoly1305, and AES are also included in the userspace Adiantum benchmark suite at https://github.com/google/adiantum, where they have undergone additional correctness testing. Change-Id: Ic61c13b53facfd2173065be715a7ee5f3af8760b Signed-off-by: Eric Biggers <ebiggers@google.com>
2018-11-16 18:26:31 -07:00
/* Adiantum test vectors from https://github.com/google/adiantum */
static const struct cipher_testvec adiantum_xchacha12_aes_tv_template[] = {
{
.key = "\x9e\xeb\xb2\x49\x3c\x1c\xf5\xf4"
"\x6a\x99\xc2\xc4\xdf\xb1\xf4\xdd"
"\x75\x20\x57\xea\x2c\x4f\xcd\xb2"
"\xa5\x3d\x7b\x49\x1e\xab\xfd\x0f",
.klen = 32,
.iv = "\xdf\x63\xd4\xab\xd2\x49\xf3\xd8"
"\x33\x81\x37\x60\x7d\xfa\x73\x08"
"\xd8\x49\x6d\x80\xe8\x2f\x62\x54"
"\xeb\x0e\xa9\x39\x5b\x45\x7f\x8a",
.ptext = "\x67\xc9\xf2\x30\x84\x41\x8e\x43"
"\xfb\xf3\xb3\x3e\x79\x36\x7f\xe8",
.ctext = "\x6d\x32\x86\x18\x67\x86\x0f\x3f"
"\x96\x7c\x9d\x28\x0d\x53\xec\x9f",
.len = 16,
.also_non_np = 1,
.np = 2,
.tap = { 14, 2 },
}, {
.key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99"
"\x5f\x1a\x5a\x44\x1d\x92\x0f\x27"
"\xcc\x16\xd7\x2b\x85\x63\x99\xd3"
"\xba\x96\xa1\xdb\xd2\x60\x68\xda",
.klen = 32,
.iv = "\xef\x58\x69\xb1\x2c\x5e\x9a\x47"
"\x24\xc1\xb1\x69\xe1\x12\x93\x8f"
"\x43\x3d\x6d\x00\xdb\x5e\xd8\xd9"
"\x12\x9a\xfe\xd9\xff\x2d\xaa\xc4",
.ptext = "\x5e\xa8\x68\x19\x85\x98\x12\x23"
"\x26\x0a\xcc\xdb\x0a\x04\xb9\xdf"
"\x4d\xb3\x48\x7b\xb0\xe3\xc8\x19"
"\x43\x5a\x46\x06\x94\x2d\xf2",
.ctext = "\xc7\xc6\xf1\x73\x8f\xc4\xff\x4a"
"\x39\xbe\x78\xbe\x8d\x28\xc8\x89"
"\x46\x63\xe7\x0c\x7d\x87\xe8\x4e"
"\xc9\x18\x7b\xbe\x18\x60\x50",
.len = 31,
}, {
.key = "\xa5\x28\x24\x34\x1a\x3c\xd8\xf7"
"\x05\x91\x8f\xee\x85\x1f\x35\x7f"
"\x80\x3d\xfc\x9b\x94\xf6\xfc\x9e"
"\x19\x09\x00\xa9\x04\x31\x4f\x11",
.klen = 32,
.iv = "\xa1\xba\x49\x95\xff\x34\x6d\xb8"
"\xcd\x87\x5d\x5e\xfd\xea\x85\xdb"
"\x8a\x7b\x5e\xb2\x5d\x57\xdd\x62"
"\xac\xa9\x8c\x41\x42\x94\x75\xb7",
.ptext = "\x69\xb4\xe8\x8c\x37\xe8\x67\x82"
"\xf1\xec\x5d\x04\xe5\x14\x91\x13"
"\xdf\xf2\x87\x1b\x69\x81\x1d\x71"
"\x70\x9e\x9c\x3b\xde\x49\x70\x11"
"\xa0\xa3\xdb\x0d\x54\x4f\x66\x69"
"\xd7\xdb\x80\xa7\x70\x92\x68\xce"
"\x81\x04\x2c\xc6\xab\xae\xe5\x60"
"\x15\xe9\x6f\xef\xaa\x8f\xa7\xa7"
"\x63\x8f\xf2\xf0\x77\xf1\xa8\xea"
"\xe1\xb7\x1f\x9e\xab\x9e\x4b\x3f"
"\x07\x87\x5b\x6f\xcd\xa8\xaf\xb9"
"\xfa\x70\x0b\x52\xb8\xa8\xa7\x9e"
"\x07\x5f\xa6\x0e\xb3\x9b\x79\x13"
"\x79\xc3\x3e\x8d\x1c\x2c\x68\xc8"
"\x51\x1d\x3c\x7b\x7d\x79\x77\x2a"
"\x56\x65\xc5\x54\x23\x28\xb0\x03",
.ctext = "\x9e\x16\xab\xed\x4b\xa7\x42\x5a"
"\xc6\xfb\x4e\x76\xff\xbe\x03\xa0"
"\x0f\xe3\xad\xba\xe4\x98\x2b\x0e"
"\x21\x48\xa0\xb8\x65\x48\x27\x48"
"\x84\x54\x54\xb2\x9a\x94\x7b\xe6"
"\x4b\x29\xe9\xcf\x05\x91\x80\x1a"
"\x3a\xf3\x41\x96\x85\x1d\x9f\x74"
"\x51\x56\x63\xfa\x7c\x28\x85\x49"
"\xf7\x2f\xf9\xf2\x18\x46\xf5\x33"
"\x80\xa3\x3c\xce\xb2\x57\x93\xf5"
"\xae\xbd\xa9\xf5\x7b\x30\xc4\x93"
"\x66\xe0\x30\x77\x16\xe4\xa0\x31"
"\xba\x70\xbc\x68\x13\xf5\xb0\x9a"
"\xc1\xfc\x7e\xfe\x55\x80\x5c\x48"
"\x74\xa6\xaa\xa3\xac\xdc\xc2\xf5"
"\x8d\xde\x34\x86\x78\x60\x75\x8d",
.len = 128,
.also_non_np = 1,
.np = 4,
.tap = { 104, 16, 4, 4 },
}, {
.key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a"
"\x25\x74\x29\x0d\x51\x8a\x0e\x13"
"\xc1\x53\x5d\x30\x8d\xee\x75\x0d"
"\x14\xd6\x69\xc9\x15\xa9\x0c\x60",
.klen = 32,
.iv = "\x65\x9b\xd4\xa8\x7d\x29\x1d\xf4"
"\xc4\xd6\x9b\x6a\x28\xab\x64\xe2"
"\x62\x81\x97\xc5\x81\xaa\xf9\x44"
"\xc1\x72\x59\x82\xaf\x16\xc8\x2c",
.ptext = "\xc7\x6b\x52\x6a\x10\xf0\xcc\x09"
"\xc1\x12\x1d\x6d\x21\xa6\x78\xf5"
"\x05\xa3\x69\x60\x91\x36\x98\x57"
"\xba\x0c\x14\xcc\xf3\x2d\x73\x03"
"\xc6\xb2\x5f\xc8\x16\x27\x37\x5d"
"\xd0\x0b\x87\xb2\x50\x94\x7b\x58"
"\x04\xf4\xe0\x7f\x6e\x57\x8e\xc9"
"\x41\x84\xc1\xb1\x7e\x4b\x91\x12"
"\x3a\x8b\x5d\x50\x82\x7b\xcb\xd9"
"\x9a\xd9\x4e\x18\x06\x23\x9e\xd4"
"\xa5\x20\x98\xef\xb5\xda\xe5\xc0"
"\x8a\x6a\x83\x77\x15\x84\x1e\xae"
"\x78\x94\x9d\xdf\xb7\xd1\xea\x67"
"\xaa\xb0\x14\x15\xfa\x67\x21\x84"
"\xd3\x41\x2a\xce\xba\x4b\x4a\xe8"
"\x95\x62\xa9\x55\xf0\x80\xad\xbd"
"\xab\xaf\xdd\x4f\xa5\x7c\x13\x36"
"\xed\x5e\x4f\x72\xad\x4b\xf1\xd0"
"\x88\x4e\xec\x2c\x88\x10\x5e\xea"
"\x12\xc0\x16\x01\x29\xa3\xa0\x55"
"\xaa\x68\xf3\xe9\x9d\x3b\x0d\x3b"
"\x6d\xec\xf8\xa0\x2d\xf0\x90\x8d"
"\x1c\xe2\x88\xd4\x24\x71\xf9\xb3"
"\xc1\x9f\xc5\xd6\x76\x70\xc5\x2e"
"\x9c\xac\xdb\x90\xbd\x83\x72\xba"
"\x6e\xb5\xa5\x53\x83\xa9\xa5\xbf"
"\x7d\x06\x0e\x3c\x2a\xd2\x04\xb5"
"\x1e\x19\x38\x09\x16\xd2\x82\x1f"
"\x75\x18\x56\xb8\x96\x0b\xa6\xf9"
"\xcf\x62\xd9\x32\x5d\xa9\xd7\x1d"
"\xec\xe4\xdf\x1b\xbe\xf1\x36\xee"
"\xe3\x7b\xb5\x2f\xee\xf8\x53\x3d"
"\x6a\xb7\x70\xa9\xfc\x9c\x57\x25"
"\xf2\x89\x10\xd3\xb8\xa8\x8c\x30"
"\xae\x23\x4f\x0e\x13\x66\x4f\xe1"
"\xb6\xc0\xe4\xf8\xef\x93\xbd\x6e"
"\x15\x85\x6b\xe3\x60\x81\x1d\x68"
"\xd7\x31\x87\x89\x09\xab\xd5\x96"
"\x1d\xf3\x6d\x67\x80\xca\x07\x31"
"\x5d\xa7\xe4\xfb\x3e\xf2\x9b\x33"
"\x52\x18\xc8\x30\xfe\x2d\xca\x1e"
"\x79\x92\x7a\x60\x5c\xb6\x58\x87"
"\xa4\x36\xa2\x67\x92\x8b\xa4\xb7"
"\xf1\x86\xdf\xdc\xc0\x7e\x8f\x63"
"\xd2\xa2\xdc\x78\xeb\x4f\xd8\x96"
"\x47\xca\xb8\x91\xf9\xf7\x94\x21"
"\x5f\x9a\x9f\x5b\xb8\x40\x41\x4b"
"\x66\x69\x6a\x72\xd0\xcb\x70\xb7"
"\x93\xb5\x37\x96\x05\x37\x4f\xe5"
"\x8c\xa7\x5a\x4e\x8b\xb7\x84\xea"
"\xc7\xfc\x19\x6e\x1f\x5a\xa1\xac"
"\x18\x7d\x52\x3b\xb3\x34\x62\x99"
"\xe4\x9e\x31\x04\x3f\xc0\x8d\x84"
"\x17\x7c\x25\x48\x52\x67\x11\x27"
"\x67\xbb\x5a\x85\xca\x56\xb2\x5c"
"\xe6\xec\xd5\x96\x3d\x15\xfc\xfb"
"\x22\x25\xf4\x13\xe5\x93\x4b\x9a"
"\x77\xf1\x52\x18\xfa\x16\x5e\x49"
"\x03\x45\xa8\x08\xfa\xb3\x41\x92"
"\x79\x50\x33\xca\xd0\xd7\x42\x55"
"\xc3\x9a\x0c\x4e\xd9\xa4\x3c\x86"
"\x80\x9f\x53\xd1\xa4\x2e\xd1\xbc"
"\xf1\x54\x6e\x93\xa4\x65\x99\x8e"
"\xdf\x29\xc0\x64\x63\x07\xbb\xea",
.ctext = "\x15\x97\xd0\x86\x18\x03\x9c\x51"
"\xc5\x11\x36\x62\x13\x92\xe6\x73"
"\x29\x79\xde\xa1\x00\x3e\x08\x64"
"\x17\x1a\xbc\xd5\xfe\x33\x0e\x0c"
"\x7c\x94\xa7\xc6\x3c\xbe\xac\xa2"
"\x89\xe6\xbc\xdf\x0c\x33\x27\x42"
"\x46\x73\x2f\xba\x4e\xa6\x46\x8f"
"\xe4\xee\x39\x63\x42\x65\xa3\x88"
"\x7a\xad\x33\x23\xa9\xa7\x20\x7f"
"\x0b\xe6\x6a\xc3\x60\xda\x9e\xb4"
"\xd6\x07\x8a\x77\x26\xd1\xab\x44"
"\x99\x55\x03\x5e\xed\x8d\x7b\xbd"
"\xc8\x21\xb7\x21\x30\x3f\xc0\xb5"
"\xc8\xec\x6c\x23\xa6\xa3\x6d\xf1"
"\x30\x0a\xd0\xa6\xa9\x28\x69\xae"
"\x2a\xe6\x54\xac\x82\x9d\x6a\x95"
"\x6f\x06\x44\xc5\x5a\x77\x6e\xec"
"\xf8\xf8\x63\xb2\xe6\xaa\xbd\x8e"
"\x0e\x8a\x62\x00\x03\xc8\x84\xdd"
"\x47\x4a\xc3\x55\xba\xb7\xe7\xdf"
"\x08\xbf\x62\xf5\xe8\xbc\xb6\x11"
"\xe4\xcb\xd0\x66\x74\x32\xcf\xd4"
"\xf8\x51\x80\x39\x14\x05\x12\xdb"
"\x87\x93\xe2\x26\x30\x9c\x3a\x21"
"\xe5\xd0\x38\x57\x80\x15\xe4\x08"
"\x58\x05\x49\x7d\xe6\x92\x77\x70"
"\xfb\x1e\x2d\x6a\x84\x00\xc8\x68"
"\xf7\x1a\xdd\xf0\x7b\x38\x1e\xd8"
"\x2c\x78\x78\x61\xcf\xe3\xde\x69"
"\x1f\xd5\x03\xd5\x1a\xb4\xcf\x03"
"\xc8\x7a\x70\x68\x35\xb4\xf6\xbe"
"\x90\x62\xb2\x28\x99\x86\xf5\x44"
"\x99\xeb\x31\xcf\xca\xdf\xd0\x21"
"\xd6\x60\xf7\x0f\x40\xb4\x80\xb7"
"\xab\xe1\x9b\x45\xba\x66\xda\xee"
"\xdd\x04\x12\x40\x98\xe1\x69\xe5"
"\x2b\x9c\x59\x80\xe7\x7b\xcc\x63"
"\xa6\xc0\x3a\xa9\xfe\x8a\xf9\x62"
"\x11\x34\x61\x94\x35\xfe\xf2\x99"
"\xfd\xee\x19\xea\x95\xb6\x12\xbf"
"\x1b\xdf\x02\x1a\xcc\x3e\x7e\x65"
"\x78\x74\x10\x50\x29\x63\x28\xea"
"\x6b\xab\xd4\x06\x4d\x15\x24\x31"
"\xc7\x0a\xc9\x16\xb6\x48\xf0\xbf"
"\x49\xdb\x68\x71\x31\x8f\x87\xe2"
"\x13\x05\x64\xd6\x22\x0c\xf8\x36"
"\x84\x24\x3e\x69\x5e\xb8\x9e\x16"
"\x73\x6c\x83\x1e\xe0\x9f\x9e\xba"
"\xe5\x59\x21\x33\x1b\xa9\x26\xc2"
"\xc7\xd9\x30\x73\xb6\xa6\x73\x82"
"\x19\xfa\x44\x4d\x40\x8b\x69\x04"
"\x94\x74\xea\x6e\xb3\x09\x47\x01"
"\x2a\xb9\x78\x34\x43\x11\xed\xd6"
"\x8c\x95\x65\x1b\x85\x67\xa5\x40"
"\xac\x9c\x05\x4b\x57\x4a\xa9\x96"
"\x0f\xdd\x4f\xa1\xe0\xcf\x6e\xc7"
"\x1b\xed\xa2\xb4\x56\x8c\x09\x6e"
"\xa6\x65\xd7\x55\x81\xb7\xed\x11"
"\x9b\x40\x75\xa8\x6b\x56\xaf\x16"
"\x8b\x3d\xf4\xcb\xfe\xd5\x1d\x3d"
"\x85\xc2\xc0\xde\x43\x39\x4a\x96"
"\xba\x88\x97\xc0\xd6\x00\x0e\x27"
"\x21\xb0\x21\x52\xba\xa7\x37\xaa"
"\xcc\xbf\x95\xa8\xf4\xd0\x91\xf6",
.len = 512,
.also_non_np = 1,
.np = 2,
.tap = { 144, 368 },
}
};
/* Adiantum with XChaCha20 instead of XChaCha12 */
/* Test vectors from https://github.com/google/adiantum */
static const struct cipher_testvec adiantum_xchacha20_aes_tv_template[] = {
{
.key = "\x9e\xeb\xb2\x49\x3c\x1c\xf5\xf4"
"\x6a\x99\xc2\xc4\xdf\xb1\xf4\xdd"
"\x75\x20\x57\xea\x2c\x4f\xcd\xb2"
"\xa5\x3d\x7b\x49\x1e\xab\xfd\x0f",
.klen = 32,
.iv = "\xdf\x63\xd4\xab\xd2\x49\xf3\xd8"
"\x33\x81\x37\x60\x7d\xfa\x73\x08"
"\xd8\x49\x6d\x80\xe8\x2f\x62\x54"
"\xeb\x0e\xa9\x39\x5b\x45\x7f\x8a",
.ptext = "\x67\xc9\xf2\x30\x84\x41\x8e\x43"
"\xfb\xf3\xb3\x3e\x79\x36\x7f\xe8",
.ctext = "\xf6\x78\x97\xd6\xaa\x94\x01\x27"
"\x2e\x4d\x83\xe0\x6e\x64\x9a\xdf",
.len = 16,
.also_non_np = 1,
.np = 3,
.tap = { 5, 2, 9 },
}, {
.key = "\x36\x2b\x57\x97\xf8\x5d\xcd\x99"
"\x5f\x1a\x5a\x44\x1d\x92\x0f\x27"
"\xcc\x16\xd7\x2b\x85\x63\x99\xd3"
"\xba\x96\xa1\xdb\xd2\x60\x68\xda",
.klen = 32,
.iv = "\xef\x58\x69\xb1\x2c\x5e\x9a\x47"
"\x24\xc1\xb1\x69\xe1\x12\x93\x8f"
"\x43\x3d\x6d\x00\xdb\x5e\xd8\xd9"
"\x12\x9a\xfe\xd9\xff\x2d\xaa\xc4",
.ptext = "\x5e\xa8\x68\x19\x85\x98\x12\x23"
"\x26\x0a\xcc\xdb\x0a\x04\xb9\xdf"
"\x4d\xb3\x48\x7b\xb0\xe3\xc8\x19"
"\x43\x5a\x46\x06\x94\x2d\xf2",
.ctext = "\x4b\xb8\x90\x10\xdf\x7f\x64\x08"
"\x0e\x14\x42\x5f\x00\x74\x09\x36"
"\x57\x72\xb5\xfd\xb5\x5d\xb8\x28"
"\x0c\x04\x91\x14\x91\xe9\x37",
.len = 31,
.also_non_np = 1,
.np = 2,
.tap = { 16, 15 },
}, {
.key = "\xa5\x28\x24\x34\x1a\x3c\xd8\xf7"
"\x05\x91\x8f\xee\x85\x1f\x35\x7f"
"\x80\x3d\xfc\x9b\x94\xf6\xfc\x9e"
"\x19\x09\x00\xa9\x04\x31\x4f\x11",
.klen = 32,
.iv = "\xa1\xba\x49\x95\xff\x34\x6d\xb8"
"\xcd\x87\x5d\x5e\xfd\xea\x85\xdb"
"\x8a\x7b\x5e\xb2\x5d\x57\xdd\x62"
"\xac\xa9\x8c\x41\x42\x94\x75\xb7",
.ptext = "\x69\xb4\xe8\x8c\x37\xe8\x67\x82"
"\xf1\xec\x5d\x04\xe5\x14\x91\x13"
"\xdf\xf2\x87\x1b\x69\x81\x1d\x71"
"\x70\x9e\x9c\x3b\xde\x49\x70\x11"
"\xa0\xa3\xdb\x0d\x54\x4f\x66\x69"
"\xd7\xdb\x80\xa7\x70\x92\x68\xce"
"\x81\x04\x2c\xc6\xab\xae\xe5\x60"
"\x15\xe9\x6f\xef\xaa\x8f\xa7\xa7"
"\x63\x8f\xf2\xf0\x77\xf1\xa8\xea"
"\xe1\xb7\x1f\x9e\xab\x9e\x4b\x3f"
"\x07\x87\x5b\x6f\xcd\xa8\xaf\xb9"
"\xfa\x70\x0b\x52\xb8\xa8\xa7\x9e"
"\x07\x5f\xa6\x0e\xb3\x9b\x79\x13"
"\x79\xc3\x3e\x8d\x1c\x2c\x68\xc8"
"\x51\x1d\x3c\x7b\x7d\x79\x77\x2a"
"\x56\x65\xc5\x54\x23\x28\xb0\x03",
.ctext = "\xb1\x8b\xa0\x05\x77\xa8\x4d\x59"
"\x1b\x8e\x21\xfc\x3a\x49\xfa\xd4"
"\xeb\x36\xf3\xc4\xdf\xdc\xae\x67"
"\x07\x3f\x70\x0e\xe9\x66\xf5\x0c"
"\x30\x4d\x66\xc9\xa4\x2f\x73\x9c"
"\x13\xc8\x49\x44\xcc\x0a\x90\x9d"
"\x7c\xdd\x19\x3f\xea\x72\x8d\x58"
"\xab\xe7\x09\x2c\xec\xb5\x44\xd2"
"\xca\xa6\x2d\x7a\x5c\x9c\x2b\x15"
"\xec\x2a\xa6\x69\x91\xf9\xf3\x13"
"\xf7\x72\xc1\xc1\x40\xd5\xe1\x94"
"\xf4\x29\xa1\x3e\x25\x02\xa8\x3e"
"\x94\xc1\x91\x14\xa1\x14\xcb\xbe"
"\x67\x4c\xb9\x38\xfe\xa7\xaa\x32"
"\x29\x62\x0d\xb2\xf6\x3c\x58\x57"
"\xc1\xd5\x5a\xbb\xd6\xa6\x2a\xe5",
.len = 128,
.also_non_np = 1,
.np = 4,
.tap = { 112, 7, 8, 1 },
}, {
.key = "\xd3\x81\x72\x18\x23\xff\x6f\x4a"
"\x25\x74\x29\x0d\x51\x8a\x0e\x13"
"\xc1\x53\x5d\x30\x8d\xee\x75\x0d"
"\x14\xd6\x69\xc9\x15\xa9\x0c\x60",
.klen = 32,
.iv = "\x65\x9b\xd4\xa8\x7d\x29\x1d\xf4"
"\xc4\xd6\x9b\x6a\x28\xab\x64\xe2"
"\x62\x81\x97\xc5\x81\xaa\xf9\x44"
"\xc1\x72\x59\x82\xaf\x16\xc8\x2c",
.ptext = "\xc7\x6b\x52\x6a\x10\xf0\xcc\x09"
"\xc1\x12\x1d\x6d\x21\xa6\x78\xf5"
"\x05\xa3\x69\x60\x91\x36\x98\x57"
"\xba\x0c\x14\xcc\xf3\x2d\x73\x03"
"\xc6\xb2\x5f\xc8\x16\x27\x37\x5d"
"\xd0\x0b\x87\xb2\x50\x94\x7b\x58"
"\x04\xf4\xe0\x7f\x6e\x57\x8e\xc9"
"\x41\x84\xc1\xb1\x7e\x4b\x91\x12"
"\x3a\x8b\x5d\x50\x82\x7b\xcb\xd9"
"\x9a\xd9\x4e\x18\x06\x23\x9e\xd4"
"\xa5\x20\x98\xef\xb5\xda\xe5\xc0"
"\x8a\x6a\x83\x77\x15\x84\x1e\xae"
"\x78\x94\x9d\xdf\xb7\xd1\xea\x67"
"\xaa\xb0\x14\x15\xfa\x67\x21\x84"
"\xd3\x41\x2a\xce\xba\x4b\x4a\xe8"
"\x95\x62\xa9\x55\xf0\x80\xad\xbd"
"\xab\xaf\xdd\x4f\xa5\x7c\x13\x36"
"\xed\x5e\x4f\x72\xad\x4b\xf1\xd0"
"\x88\x4e\xec\x2c\x88\x10\x5e\xea"
"\x12\xc0\x16\x01\x29\xa3\xa0\x55"
"\xaa\x68\xf3\xe9\x9d\x3b\x0d\x3b"
"\x6d\xec\xf8\xa0\x2d\xf0\x90\x8d"
"\x1c\xe2\x88\xd4\x24\x71\xf9\xb3"
"\xc1\x9f\xc5\xd6\x76\x70\xc5\x2e"
"\x9c\xac\xdb\x90\xbd\x83\x72\xba"
"\x6e\xb5\xa5\x53\x83\xa9\xa5\xbf"
"\x7d\x06\x0e\x3c\x2a\xd2\x04\xb5"
"\x1e\x19\x38\x09\x16\xd2\x82\x1f"
"\x75\x18\x56\xb8\x96\x0b\xa6\xf9"
"\xcf\x62\xd9\x32\x5d\xa9\xd7\x1d"
"\xec\xe4\xdf\x1b\xbe\xf1\x36\xee"
"\xe3\x7b\xb5\x2f\xee\xf8\x53\x3d"
"\x6a\xb7\x70\xa9\xfc\x9c\x57\x25"
"\xf2\x89\x10\xd3\xb8\xa8\x8c\x30"
"\xae\x23\x4f\x0e\x13\x66\x4f\xe1"
"\xb6\xc0\xe4\xf8\xef\x93\xbd\x6e"
"\x15\x85\x6b\xe3\x60\x81\x1d\x68"
"\xd7\x31\x87\x89\x09\xab\xd5\x96"
"\x1d\xf3\x6d\x67\x80\xca\x07\x31"
"\x5d\xa7\xe4\xfb\x3e\xf2\x9b\x33"
"\x52\x18\xc8\x30\xfe\x2d\xca\x1e"
"\x79\x92\x7a\x60\x5c\xb6\x58\x87"
"\xa4\x36\xa2\x67\x92\x8b\xa4\xb7"
"\xf1\x86\xdf\xdc\xc0\x7e\x8f\x63"
"\xd2\xa2\xdc\x78\xeb\x4f\xd8\x96"
"\x47\xca\xb8\x91\xf9\xf7\x94\x21"
"\x5f\x9a\x9f\x5b\xb8\x40\x41\x4b"
"\x66\x69\x6a\x72\xd0\xcb\x70\xb7"
"\x93\xb5\x37\x96\x05\x37\x4f\xe5"
"\x8c\xa7\x5a\x4e\x8b\xb7\x84\xea"
"\xc7\xfc\x19\x6e\x1f\x5a\xa1\xac"
"\x18\x7d\x52\x3b\xb3\x34\x62\x99"
"\xe4\x9e\x31\x04\x3f\xc0\x8d\x84"
"\x17\x7c\x25\x48\x52\x67\x11\x27"
"\x67\xbb\x5a\x85\xca\x56\xb2\x5c"
"\xe6\xec\xd5\x96\x3d\x15\xfc\xfb"
"\x22\x25\xf4\x13\xe5\x93\x4b\x9a"
"\x77\xf1\x52\x18\xfa\x16\x5e\x49"
"\x03\x45\xa8\x08\xfa\xb3\x41\x92"
"\x79\x50\x33\xca\xd0\xd7\x42\x55"
"\xc3\x9a\x0c\x4e\xd9\xa4\x3c\x86"
"\x80\x9f\x53\xd1\xa4\x2e\xd1\xbc"
"\xf1\x54\x6e\x93\xa4\x65\x99\x8e"
"\xdf\x29\xc0\x64\x63\x07\xbb\xea",
.ctext = "\xe0\x33\xf6\xe0\xb4\xa5\xdd\x2b"
"\xdd\xce\xfc\x12\x1e\xfc\x2d\xf2"
"\x8b\xc7\xeb\xc1\xc4\x2a\xe8\x44"
"\x0f\x3d\x97\x19\x2e\x6d\xa2\x38"
"\x9d\xa6\xaa\xe1\x96\xb9\x08\xe8"
"\x0b\x70\x48\x5c\xed\xb5\x9b\xcb"
"\x8b\x40\x88\x7e\x69\x73\xf7\x16"
"\x71\xbb\x5b\xfc\xa3\x47\x5d\xa6"
"\xae\x3a\x64\xc4\xe7\xb8\xa8\xe7"
"\xb1\x32\x19\xdb\xe3\x01\xb8\xf0"
"\xa4\x86\xb4\x4c\xc2\xde\x5c\xd2"
"\x6c\x77\xd2\xe8\x18\xb7\x0a\xc9"
"\x3d\x53\xb5\xc4\x5c\xf0\x8c\x06"
"\xdc\x90\xe0\x74\x47\x1b\x0b\xf6"
"\xd2\x71\x6b\xc4\xf1\x97\x00\x2d"
"\x63\x57\x44\x1f\x8c\xf4\xe6\x9b"
"\xe0\x7a\xdd\xec\x32\x73\x42\x32"
"\x7f\x35\x67\x60\x0d\xcf\x10\x52"
"\x61\x22\x53\x8d\x8e\xbb\x33\x76"
"\x59\xd9\x10\xce\xdf\xef\xc0\x41"
"\xd5\x33\x29\x6a\xda\x46\xa4\x51"
"\xf0\x99\x3d\x96\x31\xdd\xb5\xcb"
"\x3e\x2a\x1f\xc7\x5c\x79\xd3\xc5"
"\x20\xa1\xb1\x39\x1b\xc6\x0a\x70"
"\x26\x39\x95\x07\xad\x7a\xc9\x69"
"\xfe\x81\xc7\x88\x08\x38\xaf\xad"
"\x9e\x8d\xfb\xe8\x24\x0d\x22\xb8"
"\x0e\xed\xbe\x37\x53\x7c\xa6\xc6"
"\x78\x62\xec\xa3\x59\xd9\xc6\x9d"
"\xb8\x0e\x69\x77\x84\x2d\x6a\x4c"
"\xc5\xd9\xb2\xa0\x2b\xa8\x80\xcc"
"\xe9\x1e\x9c\x5a\xc4\xa1\xb2\x37"
"\x06\x9b\x30\x32\x67\xf7\xe7\xd2"
"\x42\xc7\xdf\x4e\xd4\xcb\xa0\x12"
"\x94\xa1\x34\x85\x93\x50\x4b\x0a"
"\x3c\x7d\x49\x25\x01\x41\x6b\x96"
"\xa9\x12\xbb\x0b\xc0\xd7\xd0\x93"
"\x1f\x70\x38\xb8\x21\xee\xf6\xa7"
"\xee\xeb\xe7\x81\xa4\x13\xb4\x87"
"\xfa\xc1\xb0\xb5\x37\x8b\x74\xa2"
"\x4e\xc7\xc2\xad\x3d\x62\x3f\xf8"
"\x34\x42\xe5\xae\x45\x13\x63\xfe"
"\xfc\x2a\x17\x46\x61\xa9\xd3\x1c"
"\x4c\xaf\xf0\x09\x62\x26\x66\x1e"
"\x74\xcf\xd6\x68\x3d\x7d\xd8\xb7"
"\xe7\xe6\xf8\xf0\x08\x20\xf7\x47"
"\x1c\x52\xaa\x0f\x3e\x21\xa3\xf2"
"\xbf\x2f\x95\x16\xa8\xc8\xc8\x8c"
"\x99\x0f\x5d\xfb\xfa\x2b\x58\x8a"
"\x7e\xd6\x74\x02\x60\xf0\xd0\x5b"
"\x65\xa8\xac\xea\x8d\x68\x46\x34"
"\x26\x9d\x4f\xb1\x9a\x8e\xc0\x1a"
"\xf1\xed\xc6\x7a\x83\xfd\x8a\x57"
"\xf2\xe6\xe4\xba\xfc\xc6\x3c\xad"
"\x5b\x19\x50\x2f\x3a\xcc\x06\x46"
"\x04\x51\x3f\x91\x97\xf0\xd2\x07"
"\xe7\x93\x89\x7e\xb5\x32\x0f\x03"
"\xe5\x58\x9e\x74\x72\xeb\xc2\x38"
"\x00\x0c\x91\x72\x69\xed\x7d\x6d"
"\xc8\x71\xf0\xec\xff\x80\xd9\x1c"
"\x9e\xd2\xfa\x15\xfc\x6c\x4e\xbc"
"\xb1\xa6\xbd\xbd\x70\x40\xca\x20"
"\xb8\x78\xd2\xa3\xc6\xf3\x79\x9c"
"\xc7\x27\xe1\x6a\x29\xad\xa4\x03",
.len = 512,
}
};
/*
* CTS (Cipher Text Stealing) mode tests
*/
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
static const struct cipher_testvec cts_mode_tv_template[] = {
{ /* from rfc3962 */
.klen = 16,
.key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
"\x74\x65\x72\x69\x79\x61\x6b\x69",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
"\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 17,
.ctext = "\xc6\x35\x35\x68\xf2\xbf\x8c\xb4"
"\xd8\xa5\x80\x36\x2d\xa7\xff\x7f"
"\x97",
}, {
.klen = 16,
.key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
"\x74\x65\x72\x69\x79\x61\x6b\x69",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
"\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c"
"\x20\x47\x61\x75\x27\x73\x20",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 31,
.ctext = "\xfc\x00\x78\x3e\x0e\xfd\xb2\xc1"
"\xd4\x45\xd4\xc8\xef\xf7\xed\x22"
"\x97\x68\x72\x68\xd6\xec\xcc\xc0"
"\xc0\x7b\x25\xe2\x5e\xcf\xe5",
}, {
.klen = 16,
.key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
"\x74\x65\x72\x69\x79\x61\x6b\x69",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
"\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c"
"\x20\x47\x61\x75\x27\x73\x20\x43",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 32,
.ctext = "\x39\x31\x25\x23\xa7\x86\x62\xd5"
"\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
"\x97\x68\x72\x68\xd6\xec\xcc\xc0"
"\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84",
}, {
.klen = 16,
.key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
"\x74\x65\x72\x69\x79\x61\x6b\x69",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
"\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c"
"\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20"
"\x70\x6c\x65\x61\x73\x65\x2c",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 47,
.ctext = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
"\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\xb3\xff\xfd\x94\x0c\x16\xa1\x8c"
"\x1b\x55\x49\xd2\xf8\x38\x02\x9e"
"\x39\x31\x25\x23\xa7\x86\x62\xd5"
"\xbe\x7f\xcb\xcc\x98\xeb\xf5",
}, {
.klen = 16,
.key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
"\x74\x65\x72\x69\x79\x61\x6b\x69",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
"\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c"
"\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20"
"\x70\x6c\x65\x61\x73\x65\x2c\x20",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 48,
.ctext = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
"\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0"
"\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8"
"\x39\x31\x25\x23\xa7\x86\x62\xd5"
"\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8",
}, {
.klen = 16,
.key = "\x63\x68\x69\x63\x6b\x65\x6e\x20"
"\x74\x65\x72\x69\x79\x61\x6b\x69",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.ptext = "\x49\x20\x77\x6f\x75\x6c\x64\x20"
"\x6c\x69\x6b\x65\x20\x74\x68\x65"
"\x20\x47\x65\x6e\x65\x72\x61\x6c"
"\x20\x47\x61\x75\x27\x73\x20\x43"
"\x68\x69\x63\x6b\x65\x6e\x2c\x20"
"\x70\x6c\x65\x61\x73\x65\x2c\x20"
"\x61\x6e\x64\x20\x77\x6f\x6e\x74"
"\x6f\x6e\x20\x73\x6f\x75\x70\x2e",
crypto: testmgr - eliminate redundant decryption test vectors Currently testmgr has separate encryption and decryption test vectors for symmetric ciphers. That's massively redundant, since with few exceptions (mostly mistakes, apparently), all decryption tests are identical to the encryption tests, just with the input/result flipped. Therefore, eliminate the redundancy by removing the decryption test vectors and updating testmgr to test both encryption and decryption using what used to be the encryption test vectors. Naming is adjusted accordingly: each cipher_testvec now has a 'ptext' (plaintext), 'ctext' (ciphertext), and 'len' instead of an 'input', 'result', 'ilen', and 'rlen'. Note that it was always the case that 'ilen == rlen'. AES keywrap ("kw(aes)") is special because its IV is generated by the encryption. Previously this was handled by specifying 'iv_out' for encryption and 'iv' for decryption. To make it work cleanly with only one set of test vectors, put the IV in 'iv', remove 'iv_out', and add a boolean that indicates that the IV is generated by the encryption. In total, this removes over 10000 lines from testmgr.h, with no reduction in test coverage since prior patches already copied the few unique decryption test vectors into the encryption test vectors. This covers all algorithms that used 'struct cipher_testvec', e.g. any block cipher in the ECB, CBC, CTR, XTS, LRW, CTS-CBC, PCBC, OFB, or keywrap modes, and Salsa20 and ChaCha20. No change is made to AEAD tests, though we probably can eliminate a similar redundancy there too. The testmgr.h portion of this patch was automatically generated using the following awk script, with some slight manual fixups on top (updated 'struct cipher_testvec' definition, updated a few comments, and fixed up the AES keywrap test vectors): BEGIN { OTHER = 0; ENCVEC = 1; DECVEC = 2; DECVEC_TAIL = 3; mode = OTHER } /^static const struct cipher_testvec.*_enc_/ { sub("_enc", ""); mode = ENCVEC } /^static const struct cipher_testvec.*_dec_/ { mode = DECVEC } mode == ENCVEC && !/\.ilen[[:space:]]*=/ { sub(/\.input[[:space:]]*=$/, ".ptext =") sub(/\.input[[:space:]]*=/, ".ptext\t=") sub(/\.result[[:space:]]*=$/, ".ctext =") sub(/\.result[[:space:]]*=/, ".ctext\t=") sub(/\.rlen[[:space:]]*=/, ".len\t=") print } mode == DECVEC_TAIL && /[^[:space:]]/ { mode = OTHER } mode == OTHER { print } mode == ENCVEC && /^};/ { mode = OTHER } mode == DECVEC && /^};/ { mode = DECVEC_TAIL } Note that git's default diff algorithm gets confused by the testmgr.h portion of this patch, and reports too many lines added and removed. It's better viewed with 'git diff --minimal' (or 'git show --minimal'), which reports "2 files changed, 919 insertions(+), 11723 deletions(-)". Signed-off-by: Eric Biggers <ebiggers@google.com> Signed-off-by: Herbert Xu <herbert@gondor.apana.org.au>
2018-05-20 23:50:29 -06:00
.len = 64,
.ctext = "\x97\x68\x72\x68\xd6\xec\xcc\xc0"
"\xc0\x7b\x25\xe2\x5e\xcf\xe5\x84"
"\x39\x31\x25\x23\xa7\x86\x62\xd5"
"\xbe\x7f\xcb\xcc\x98\xeb\xf5\xa8"
"\x48\x07\xef\xe8\x36\xee\x89\xa5"
"\x26\x73\x0d\xbc\x2f\x7b\xc8\x40"
"\x9d\xad\x8b\xbb\x96\xc4\xcd\xc0"
"\x3b\xc1\x03\xe1\xa1\x94\xbb\xd8",
}
};
/*
* Compression stuff.
*/
#define COMP_BUF_SIZE 512
struct comp_testvec {
int inlen, outlen;
char input[COMP_BUF_SIZE];
char output[COMP_BUF_SIZE];
};
/*
* Deflate test vectors (null-terminated strings).
* Params: winbits=-11, Z_DEFAULT_COMPRESSION, MAX_MEM_LEVEL.
*/
static const struct comp_testvec deflate_comp_tv_template[] = {
{
.inlen = 70,
.outlen = 38,
.input = "Join us now and share the software "
"Join us now and share the software ",
.output = "\xf3\xca\xcf\xcc\x53\x28\x2d\x56"
"\xc8\xcb\x2f\x57\x48\xcc\x4b\x51"
"\x28\xce\x48\x2c\x4a\x55\x28\xc9"
"\x48\x55\x28\xce\x4f\x2b\x29\x07"
"\x71\xbc\x08\x2b\x01\x00",
}, {
.inlen = 191,
.outlen = 122,
.input = "This document describes a compression method based on the DEFLATE"
"compression algorithm. This document defines the application of "
"the DEFLATE algorithm to the IP Payload Compression Protocol.",
.output = "\x5d\x8d\x31\x0e\xc2\x30\x10\x04"
"\xbf\xb2\x2f\xc8\x1f\x10\x04\x09"
"\x89\xc2\x85\x3f\x70\xb1\x2f\xf8"
"\x24\xdb\x67\xd9\x47\xc1\xef\x49"
"\x68\x12\x51\xae\x76\x67\xd6\x27"
"\x19\x88\x1a\xde\x85\xab\x21\xf2"
"\x08\x5d\x16\x1e\x20\x04\x2d\xad"
"\xf3\x18\xa2\x15\x85\x2d\x69\xc4"
"\x42\x83\x23\xb6\x6c\x89\x71\x9b"
"\xef\xcf\x8b\x9f\xcf\x33\xca\x2f"
"\xed\x62\xa9\x4c\x80\xff\x13\xaf"
"\x52\x37\xed\x0e\x52\x6b\x59\x02"
"\xd9\x4e\xe8\x7a\x76\x1d\x02\x98"
"\xfe\x8a\x87\x83\xa3\x4f\x56\x8a"
"\xb8\x9e\x8e\x5c\x57\xd3\xa0\x79"
"\xfa\x02",
},
};
static const struct comp_testvec deflate_decomp_tv_template[] = {
{
.inlen = 122,
.outlen = 191,
.input = "\x5d\x8d\x31\x0e\xc2\x30\x10\x04"
"\xbf\xb2\x2f\xc8\x1f\x10\x04\x09"
"\x89\xc2\x85\x3f\x70\xb1\x2f\xf8"
"\x24\xdb\x67\xd9\x47\xc1\xef\x49"
"\x68\x12\x51\xae\x76\x67\xd6\x27"
"\x19\x88\x1a\xde\x85\xab\x21\xf2"
"\x08\x5d\x16\x1e\x20\x04\x2d\xad"
"\xf3\x18\xa2\x15\x85\x2d\x69\xc4"
"\x42\x83\x23\xb6\x6c\x89\x71\x9b"
"\xef\xcf\x8b\x9f\xcf\x33\xca\x2f"
"\xed\x62\xa9\x4c\x80\xff\x13\xaf"
"\x52\x37\xed\x0e\x52\x6b\x59\x02"
"\xd9\x4e\xe8\x7a\x76\x1d\x02\x98"
"\xfe\x8a\x87\x83\xa3\x4f\x56\x8a"
"\xb8\x9e\x8e\x5c\x57\xd3\xa0\x79"
"\xfa\x02",
.output = "This document describes a compression method based on the DEFLATE"
"compression algorithm. This document defines the application of "
"the DEFLATE algorithm to the IP Payload Compression Protocol.",
}, {
.inlen = 38,
.outlen = 70,
.input = "\xf3\xca\xcf\xcc\x53\x28\x2d\x56"
"\xc8\xcb\x2f\x57\x48\xcc\x4b\x51"
"\x28\xce\x48\x2c\x4a\x55\x28\xc9"
"\x48\x55\x28\xce\x4f\x2b\x29\x07"
"\x71\xbc\x08\x2b\x01\x00",
.output = "Join us now and share the software "
"Join us now and share the software ",
},
};
static const struct comp_testvec zlib_deflate_comp_tv_template[] = {
{
.inlen = 70,
.outlen = 44,
.input = "Join us now and share the software "
"Join us now and share the software ",
.output = "\x78\x5e\xf3\xca\xcf\xcc\x53\x28"
"\x2d\x56\xc8\xcb\x2f\x57\x48\xcc"
"\x4b\x51\x28\xce\x48\x2c\x4a\x55"
"\x28\xc9\x48\x55\x28\xce\x4f\x2b"
"\x29\x07\x71\xbc\x08\x2b\x01\x00"
"\x7c\x65\x19\x3d",
}, {
.inlen = 191,
.outlen = 129,
.input = "This document describes a compression method based on the DEFLATE"
"compression algorithm. This document defines the application of "
"the DEFLATE algorithm to the IP Payload Compression Protocol.",
.output = "\x78\x5e\x5d\xce\x41\x0a\xc3\x30"
"\x0c\x04\xc0\xaf\xec\x0b\xf2\x87"
"\xd2\xa6\x50\xe8\xc1\x07\x7f\x40"
"\xb1\x95\x5a\x60\x5b\xc6\x56\x0f"
"\xfd\x7d\x93\x1e\x42\xe8\x51\xec"
"\xee\x20\x9f\x64\x20\x6a\x78\x17"
"\xae\x86\xc8\x23\x74\x59\x78\x80"
"\x10\xb4\xb4\xce\x63\x88\x56\x14"
"\xb6\xa4\x11\x0b\x0d\x8e\xd8\x6e"
"\x4b\x8c\xdb\x7c\x7f\x5e\xfc\x7c"
"\xae\x51\x7e\x69\x17\x4b\x65\x02"
"\xfc\x1f\xbc\x4a\xdd\xd8\x7d\x48"
"\xad\x65\x09\x64\x3b\xac\xeb\xd9"
"\xc2\x01\xc0\xf4\x17\x3c\x1c\x1c"
"\x7d\xb2\x52\xc4\xf5\xf4\x8f\xeb"
"\x6a\x1a\x34\x4f\x5f\x2e\x32\x45"
"\x4e",
},
};
static const struct comp_testvec zlib_deflate_decomp_tv_template[] = {
{
.inlen = 128,
.outlen = 191,
.input = "\x78\x9c\x5d\x8d\x31\x0e\xc2\x30"
"\x10\x04\xbf\xb2\x2f\xc8\x1f\x10"
"\x04\x09\x89\xc2\x85\x3f\x70\xb1"
"\x2f\xf8\x24\xdb\x67\xd9\x47\xc1"
"\xef\x49\x68\x12\x51\xae\x76\x67"
"\xd6\x27\x19\x88\x1a\xde\x85\xab"
"\x21\xf2\x08\x5d\x16\x1e\x20\x04"
"\x2d\xad\xf3\x18\xa2\x15\x85\x2d"
"\x69\xc4\x42\x83\x23\xb6\x6c\x89"
"\x71\x9b\xef\xcf\x8b\x9f\xcf\x33"
"\xca\x2f\xed\x62\xa9\x4c\x80\xff"
"\x13\xaf\x52\x37\xed\x0e\x52\x6b"
"\x59\x02\xd9\x4e\xe8\x7a\x76\x1d"
"\x02\x98\xfe\x8a\x87\x83\xa3\x4f"
"\x56\x8a\xb8\x9e\x8e\x5c\x57\xd3"
"\xa0\x79\xfa\x02\x2e\x32\x45\x4e",
.output = "This document describes a compression method based on the DEFLATE"
"compression algorithm. This document defines the application of "
"the DEFLATE algorithm to the IP Payload Compression Protocol.",
}, {
.inlen = 44,
.outlen = 70,
.input = "\x78\x9c\xf3\xca\xcf\xcc\x53\x28"
"\x2d\x56\xc8\xcb\x2f\x57\x48\xcc"
"\x4b\x51\x28\xce\x48\x2c\x4a\x55"
"\x28\xc9\x48\x55\x28\xce\x4f\x2b"
"\x29\x07\x71\xbc\x08\x2b\x01\x00"
"\x7c\x65\x19\x3d",
.output = "Join us now and share the software "
"Join us now and share the software ",
},
};
/*
* LZO test vectors (null-terminated strings).
*/
static const struct comp_testvec lzo_comp_tv_template[] = {
{
.inlen = 70,
.outlen = 57,
.input = "Join us now and share the software "
"Join us now and share the software ",
.output = "\x00\x0d\x4a\x6f\x69\x6e\x20\x75"
"\x73\x20\x6e\x6f\x77\x20\x61\x6e"
"\x64\x20\x73\x68\x61\x72\x65\x20"
"\x74\x68\x65\x20\x73\x6f\x66\x74"
"\x77\x70\x01\x32\x88\x00\x0c\x65"
"\x20\x74\x68\x65\x20\x73\x6f\x66"
"\x74\x77\x61\x72\x65\x20\x11\x00"
"\x00",
}, {
.inlen = 159,
.outlen = 131,
.input = "This document describes a compression method based on the LZO "
"compression algorithm. This document defines the application of "
"the LZO algorithm used in UBIFS.",
.output = "\x00\x2c\x54\x68\x69\x73\x20\x64"
"\x6f\x63\x75\x6d\x65\x6e\x74\x20"
"\x64\x65\x73\x63\x72\x69\x62\x65"
"\x73\x20\x61\x20\x63\x6f\x6d\x70"
"\x72\x65\x73\x73\x69\x6f\x6e\x20"
"\x6d\x65\x74\x68\x6f\x64\x20\x62"
"\x61\x73\x65\x64\x20\x6f\x6e\x20"
"\x74\x68\x65\x20\x4c\x5a\x4f\x20"
"\x2a\x8c\x00\x09\x61\x6c\x67\x6f"
"\x72\x69\x74\x68\x6d\x2e\x20\x20"
"\x2e\x54\x01\x03\x66\x69\x6e\x65"
"\x73\x20\x74\x06\x05\x61\x70\x70"
"\x6c\x69\x63\x61\x74\x76\x0a\x6f"
"\x66\x88\x02\x60\x09\x27\xf0\x00"
"\x0c\x20\x75\x73\x65\x64\x20\x69"
"\x6e\x20\x55\x42\x49\x46\x53\x2e"
"\x11\x00\x00",
},
};
static const struct comp_testvec lzo_decomp_tv_template[] = {
{
.inlen = 133,
.outlen = 159,
.input = "\x00\x2b\x54\x68\x69\x73\x20\x64"
"\x6f\x63\x75\x6d\x65\x6e\x74\x20"
"\x64\x65\x73\x63\x72\x69\x62\x65"
"\x73\x20\x61\x20\x63\x6f\x6d\x70"
"\x72\x65\x73\x73\x69\x6f\x6e\x20"
"\x6d\x65\x74\x68\x6f\x64\x20\x62"
"\x61\x73\x65\x64\x20\x6f\x6e\x20"
"\x74\x68\x65\x20\x4c\x5a\x4f\x2b"
"\x8c\x00\x0d\x61\x6c\x67\x6f\x72"
"\x69\x74\x68\x6d\x2e\x20\x20\x54"
"\x68\x69\x73\x2a\x54\x01\x02\x66"
"\x69\x6e\x65\x73\x94\x06\x05\x61"
"\x70\x70\x6c\x69\x63\x61\x74\x76"
"\x0a\x6f\x66\x88\x02\x60\x09\x27"
"\xf0\x00\x0c\x20\x75\x73\x65\x64"
"\x20\x69\x6e\x20\x55\x42\x49\x46"
"\x53\x2e\x11\x00\x00",
.output = "This document describes a compression method based on the LZO "
"compression algorithm. This document defines the application of "
"the LZO algorithm used in UBIFS.",
}, {
.inlen = 46,
.outlen = 70,
.input = "\x00\x0d\x4a\x6f\x69\x6e\x20\x75"
"\x73\x20\x6e\x6f\x77\x20\x61\x6e"
"\x64\x20\x73\x68\x61\x72\x65\x20"
"\x74\x68\x65\x20\x73\x6f\x66\x74"
"\x77\x70\x01\x01\x4a\x6f\x69\x6e"
"\x3d\x88\x00\x11\x00\x00",
.output = "Join us now and share the software "
"Join us now and share the software ",
},
};
/*
* Michael MIC test vectors from IEEE 802.11i
*/
#define MICHAEL_MIC_TEST_VECTORS 6
static const struct hash_testvec michael_mic_tv_template[] = {
{
.key = "\x00\x00\x00\x00\x00\x00\x00\x00",
.ksize = 8,
.plaintext = zeroed_string,
.psize = 0,
.digest = "\x82\x92\x5c\x1c\xa1\xd1\x30\xb8",
},
{
.key = "\x82\x92\x5c\x1c\xa1\xd1\x30\xb8",
.ksize = 8,
.plaintext = "M",
.psize = 1,
.digest = "\x43\x47\x21\xca\x40\x63\x9b\x3f",
},
{
.key = "\x43\x47\x21\xca\x40\x63\x9b\x3f",
.ksize = 8,
.plaintext = "Mi",
.psize = 2,
.digest = "\xe8\xf9\xbe\xca\xe9\x7e\x5d\x29",
},
{
.key = "\xe8\xf9\xbe\xca\xe9\x7e\x5d\x29",
.ksize = 8,
.plaintext = "Mic",
.psize = 3,
.digest = "\x90\x03\x8f\xc6\xcf\x13\xc1\xdb",
},
{
.key = "\x90\x03\x8f\xc6\xcf\x13\xc1\xdb",
.ksize = 8,
.plaintext = "Mich",
.psize = 4,
.digest = "\xd5\x5e\x10\x05\x10\x12\x89\x86",
},
{
.key = "\xd5\x5e\x10\x05\x10\x12\x89\x86",
.ksize = 8,
.plaintext = "Michael",
.psize = 7,
.digest = "\x0a\x94\x2b\x12\x4e\xca\xa5\x46",
}
};
/*
* CRC32 test vectors
*/
static const struct hash_testvec crc32_tv_template[] = {
{
.psize = 0,
.digest = "\x00\x00\x00\x00",
},
{
.plaintext = "abcdefg",
.psize = 7,
.digest = "\xd8\xb5\x46\xac",
},
{
.key = "\x87\xa9\xcb\xed",
.ksize = 4,
.psize = 0,
.digest = "\x87\xa9\xcb\xed",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28",
.psize = 40,
.digest = "\x3a\xdf\x4b\xb0",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38"
"\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48"
"\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50",
.psize = 40,
.digest = "\xa9\x7a\x7f\x7b",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x51\x52\x53\x54\x55\x56\x57\x58"
"\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78",
.psize = 40,
.digest = "\xba\xd3\xf8\x1c",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88"
"\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0",
.psize = 40,
.digest = "\xa8\xa9\xc2\x02",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8"
"\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8"
"\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8",
.psize = 40,
.digest = "\x27\xf0\x57\xe2",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8"
"\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8"
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 40,
.digest = "\x49\x78\x10\x08",
},
{
.key = "\x80\xea\xd3\xf1",
.ksize = 4,
.plaintext = "\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38"
"\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48"
"\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50",
.psize = 40,
.digest = "\x9a\xb1\xdc\xf0",
},
{
.key = "\xf3\x4a\x1d\x5d",
.ksize = 4,
.plaintext = "\x51\x52\x53\x54\x55\x56\x57\x58"
"\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78",
.psize = 40,
.digest = "\xb4\x97\xcc\xd4",
},
{
.key = "\x2e\x80\x04\x59",
.ksize = 4,
.plaintext = "\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88"
"\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0",
.psize = 40,
.digest = "\x67\x9b\xfa\x79",
},
{
.key = "\xa6\xcc\x19\x85",
.ksize = 4,
.plaintext = "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8"
"\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8"
"\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8",
.psize = 40,
.digest = "\x24\xb5\x16\xef",
},
{
.key = "\x41\xfc\xfe\x2d",
.ksize = 4,
.plaintext = "\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8"
"\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8"
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 40,
.digest = "\x15\x94\x80\x39",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28"
"\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38"
"\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48"
"\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
"\x51\x52\x53\x54\x55\x56\x57\x58"
"\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78"
"\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88"
"\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0"
"\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8"
"\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8"
"\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8"
"\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8"
"\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8"
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 240,
.digest = "\x6c\xc6\x56\xde",
.np = 2,
.tap = { 31, 209 }
}, {
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x6e\x05\x79\x10\xa7\x1b\xb2\x49"
"\xe0\x54\xeb\x82\x19\x8d\x24\xbb"
"\x2f\xc6\x5d\xf4\x68\xff\x96\x0a"
"\xa1\x38\xcf\x43\xda\x71\x08\x7c"
"\x13\xaa\x1e\xb5\x4c\xe3\x57\xee"
"\x85\x1c\x90\x27\xbe\x32\xc9\x60"
"\xf7\x6b\x02\x99\x0d\xa4\x3b\xd2"
"\x46\xdd\x74\x0b\x7f\x16\xad\x21"
"\xb8\x4f\xe6\x5a\xf1\x88\x1f\x93"
"\x2a\xc1\x35\xcc\x63\xfa\x6e\x05"
"\x9c\x10\xa7\x3e\xd5\x49\xe0\x77"
"\x0e\x82\x19\xb0\x24\xbb\x52\xe9"
"\x5d\xf4\x8b\x22\x96\x2d\xc4\x38"
"\xcf\x66\xfd\x71\x08\x9f\x13\xaa"
"\x41\xd8\x4c\xe3\x7a\x11\x85\x1c"
"\xb3\x27\xbe\x55\xec\x60\xf7\x8e"
"\x02\x99\x30\xc7\x3b\xd2\x69\x00"
"\x74\x0b\xa2\x16\xad\x44\xdb\x4f"
"\xe6\x7d\x14\x88\x1f\xb6\x2a\xc1"
"\x58\xef\x63\xfa\x91\x05\x9c\x33"
"\xca\x3e\xd5\x6c\x03\x77\x0e\xa5"
"\x19\xb0\x47\xde\x52\xe9\x80\x17"
"\x8b\x22\xb9\x2d\xc4\x5b\xf2\x66"
"\xfd\x94\x08\x9f\x36\xcd\x41\xd8"
"\x6f\x06\x7a\x11\xa8\x1c\xb3\x4a"
"\xe1\x55\xec\x83\x1a\x8e\x25\xbc"
"\x30\xc7\x5e\xf5\x69\x00\x97\x0b"
"\xa2\x39\xd0\x44\xdb\x72\x09\x7d"
"\x14\xab\x1f\xb6\x4d\xe4\x58\xef"
"\x86\x1d\x91\x28\xbf\x33\xca\x61"
"\xf8\x6c\x03\x9a\x0e\xa5\x3c\xd3"
"\x47\xde\x75\x0c\x80\x17\xae\x22"
"\xb9\x50\xe7\x5b\xf2\x89\x20\x94"
"\x2b\xc2\x36\xcd\x64\xfb\x6f\x06"
"\x9d\x11\xa8\x3f\xd6\x4a\xe1\x78"
"\x0f\x83\x1a\xb1\x25\xbc\x53\xea"
"\x5e\xf5\x8c\x00\x97\x2e\xc5\x39"
"\xd0\x67\xfe\x72\x09\xa0\x14\xab"
"\x42\xd9\x4d\xe4\x7b\x12\x86\x1d"
"\xb4\x28\xbf\x56\xed\x61\xf8\x8f"
"\x03\x9a\x31\xc8\x3c\xd3\x6a\x01"
"\x75\x0c\xa3\x17\xae\x45\xdc\x50"
"\xe7\x7e\x15\x89\x20\xb7\x2b\xc2"
"\x59\xf0\x64\xfb\x92\x06\x9d\x34"
"\xcb\x3f\xd6\x6d\x04\x78\x0f\xa6"
"\x1a\xb1\x48\xdf\x53\xea\x81\x18"
"\x8c\x23\xba\x2e\xc5\x5c\xf3\x67"
"\xfe\x95\x09\xa0\x37\xce\x42\xd9"
"\x70\x07\x7b\x12\xa9\x1d\xb4\x4b"
"\xe2\x56\xed\x84\x1b\x8f\x26\xbd"
"\x31\xc8\x5f\xf6\x6a\x01\x98\x0c"
"\xa3\x3a\xd1\x45\xdc\x73\x0a\x7e"
"\x15\xac\x20\xb7\x4e\xe5\x59\xf0"
"\x87\x1e\x92\x29\xc0\x34\xcb\x62"
"\xf9\x6d\x04\x9b\x0f\xa6\x3d\xd4"
"\x48\xdf\x76\x0d\x81\x18\xaf\x23"
"\xba\x51\xe8\x5c\xf3\x8a\x21\x95"
"\x2c\xc3\x37\xce\x65\xfc\x70\x07"
"\x9e\x12\xa9\x40\xd7\x4b\xe2\x79"
"\x10\x84\x1b\xb2\x26\xbd\x54\xeb"
"\x5f\xf6\x8d\x01\x98\x2f\xc6\x3a"
"\xd1\x68\xff\x73\x0a\xa1\x15\xac"
"\x43\xda\x4e\xe5\x7c\x13\x87\x1e"
"\xb5\x29\xc0\x57\xee\x62\xf9\x90"
"\x04\x9b\x32\xc9\x3d\xd4\x6b\x02"
"\x76\x0d\xa4\x18\xaf\x46\xdd\x51"
"\xe8\x7f\x16\x8a\x21\xb8\x2c\xc3"
"\x5a\xf1\x65\xfc\x93\x07\x9e\x35"
"\xcc\x40\xd7\x6e\x05\x79\x10\xa7"
"\x1b\xb2\x49\xe0\x54\xeb\x82\x19"
"\x8d\x24\xbb\x2f\xc6\x5d\xf4\x68"
"\xff\x96\x0a\xa1\x38\xcf\x43\xda"
"\x71\x08\x7c\x13\xaa\x1e\xb5\x4c"
"\xe3\x57\xee\x85\x1c\x90\x27\xbe"
"\x32\xc9\x60\xf7\x6b\x02\x99\x0d"
"\xa4\x3b\xd2\x46\xdd\x74\x0b\x7f"
"\x16\xad\x21\xb8\x4f\xe6\x5a\xf1"
"\x88\x1f\x93\x2a\xc1\x35\xcc\x63"
"\xfa\x6e\x05\x9c\x10\xa7\x3e\xd5"
"\x49\xe0\x77\x0e\x82\x19\xb0\x24"
"\xbb\x52\xe9\x5d\xf4\x8b\x22\x96"
"\x2d\xc4\x38\xcf\x66\xfd\x71\x08"
"\x9f\x13\xaa\x41\xd8\x4c\xe3\x7a"
"\x11\x85\x1c\xb3\x27\xbe\x55\xec"
"\x60\xf7\x8e\x02\x99\x30\xc7\x3b"
"\xd2\x69\x00\x74\x0b\xa2\x16\xad"
"\x44\xdb\x4f\xe6\x7d\x14\x88\x1f"
"\xb6\x2a\xc1\x58\xef\x63\xfa\x91"
"\x05\x9c\x33\xca\x3e\xd5\x6c\x03"
"\x77\x0e\xa5\x19\xb0\x47\xde\x52"
"\xe9\x80\x17\x8b\x22\xb9\x2d\xc4"
"\x5b\xf2\x66\xfd\x94\x08\x9f\x36"
"\xcd\x41\xd8\x6f\x06\x7a\x11\xa8"
"\x1c\xb3\x4a\xe1\x55\xec\x83\x1a"
"\x8e\x25\xbc\x30\xc7\x5e\xf5\x69"
"\x00\x97\x0b\xa2\x39\xd0\x44\xdb"
"\x72\x09\x7d\x14\xab\x1f\xb6\x4d"
"\xe4\x58\xef\x86\x1d\x91\x28\xbf"
"\x33\xca\x61\xf8\x6c\x03\x9a\x0e"
"\xa5\x3c\xd3\x47\xde\x75\x0c\x80"
"\x17\xae\x22\xb9\x50\xe7\x5b\xf2"
"\x89\x20\x94\x2b\xc2\x36\xcd\x64"
"\xfb\x6f\x06\x9d\x11\xa8\x3f\xd6"
"\x4a\xe1\x78\x0f\x83\x1a\xb1\x25"
"\xbc\x53\xea\x5e\xf5\x8c\x00\x97"
"\x2e\xc5\x39\xd0\x67\xfe\x72\x09"
"\xa0\x14\xab\x42\xd9\x4d\xe4\x7b"
"\x12\x86\x1d\xb4\x28\xbf\x56\xed"
"\x61\xf8\x8f\x03\x9a\x31\xc8\x3c"
"\xd3\x6a\x01\x75\x0c\xa3\x17\xae"
"\x45\xdc\x50\xe7\x7e\x15\x89\x20"
"\xb7\x2b\xc2\x59\xf0\x64\xfb\x92"
"\x06\x9d\x34\xcb\x3f\xd6\x6d\x04"
"\x78\x0f\xa6\x1a\xb1\x48\xdf\x53"
"\xea\x81\x18\x8c\x23\xba\x2e\xc5"
"\x5c\xf3\x67\xfe\x95\x09\xa0\x37"
"\xce\x42\xd9\x70\x07\x7b\x12\xa9"
"\x1d\xb4\x4b\xe2\x56\xed\x84\x1b"
"\x8f\x26\xbd\x31\xc8\x5f\xf6\x6a"
"\x01\x98\x0c\xa3\x3a\xd1\x45\xdc"
"\x73\x0a\x7e\x15\xac\x20\xb7\x4e"
"\xe5\x59\xf0\x87\x1e\x92\x29\xc0"
"\x34\xcb\x62\xf9\x6d\x04\x9b\x0f"
"\xa6\x3d\xd4\x48\xdf\x76\x0d\x81"
"\x18\xaf\x23\xba\x51\xe8\x5c\xf3"
"\x8a\x21\x95\x2c\xc3\x37\xce\x65"
"\xfc\x70\x07\x9e\x12\xa9\x40\xd7"
"\x4b\xe2\x79\x10\x84\x1b\xb2\x26"
"\xbd\x54\xeb\x5f\xf6\x8d\x01\x98"
"\x2f\xc6\x3a\xd1\x68\xff\x73\x0a"
"\xa1\x15\xac\x43\xda\x4e\xe5\x7c"
"\x13\x87\x1e\xb5\x29\xc0\x57\xee"
"\x62\xf9\x90\x04\x9b\x32\xc9\x3d"
"\xd4\x6b\x02\x76\x0d\xa4\x18\xaf"
"\x46\xdd\x51\xe8\x7f\x16\x8a\x21"
"\xb8\x2c\xc3\x5a\xf1\x65\xfc\x93"
"\x07\x9e\x35\xcc\x40\xd7\x6e\x05"
"\x79\x10\xa7\x1b\xb2\x49\xe0\x54"
"\xeb\x82\x19\x8d\x24\xbb\x2f\xc6"
"\x5d\xf4\x68\xff\x96\x0a\xa1\x38"
"\xcf\x43\xda\x71\x08\x7c\x13\xaa"
"\x1e\xb5\x4c\xe3\x57\xee\x85\x1c"
"\x90\x27\xbe\x32\xc9\x60\xf7\x6b"
"\x02\x99\x0d\xa4\x3b\xd2\x46\xdd"
"\x74\x0b\x7f\x16\xad\x21\xb8\x4f"
"\xe6\x5a\xf1\x88\x1f\x93\x2a\xc1"
"\x35\xcc\x63\xfa\x6e\x05\x9c\x10"
"\xa7\x3e\xd5\x49\xe0\x77\x0e\x82"
"\x19\xb0\x24\xbb\x52\xe9\x5d\xf4"
"\x8b\x22\x96\x2d\xc4\x38\xcf\x66"
"\xfd\x71\x08\x9f\x13\xaa\x41\xd8"
"\x4c\xe3\x7a\x11\x85\x1c\xb3\x27"
"\xbe\x55\xec\x60\xf7\x8e\x02\x99"
"\x30\xc7\x3b\xd2\x69\x00\x74\x0b"
"\xa2\x16\xad\x44\xdb\x4f\xe6\x7d"
"\x14\x88\x1f\xb6\x2a\xc1\x58\xef"
"\x63\xfa\x91\x05\x9c\x33\xca\x3e"
"\xd5\x6c\x03\x77\x0e\xa5\x19\xb0"
"\x47\xde\x52\xe9\x80\x17\x8b\x22"
"\xb9\x2d\xc4\x5b\xf2\x66\xfd\x94"
"\x08\x9f\x36\xcd\x41\xd8\x6f\x06"
"\x7a\x11\xa8\x1c\xb3\x4a\xe1\x55"
"\xec\x83\x1a\x8e\x25\xbc\x30\xc7"
"\x5e\xf5\x69\x00\x97\x0b\xa2\x39"
"\xd0\x44\xdb\x72\x09\x7d\x14\xab"
"\x1f\xb6\x4d\xe4\x58\xef\x86\x1d"
"\x91\x28\xbf\x33\xca\x61\xf8\x6c"
"\x03\x9a\x0e\xa5\x3c\xd3\x47\xde"
"\x75\x0c\x80\x17\xae\x22\xb9\x50"
"\xe7\x5b\xf2\x89\x20\x94\x2b\xc2"
"\x36\xcd\x64\xfb\x6f\x06\x9d\x11"
"\xa8\x3f\xd6\x4a\xe1\x78\x0f\x83"
"\x1a\xb1\x25\xbc\x53\xea\x5e\xf5"
"\x8c\x00\x97\x2e\xc5\x39\xd0\x67"
"\xfe\x72\x09\xa0\x14\xab\x42\xd9"
"\x4d\xe4\x7b\x12\x86\x1d\xb4\x28"
"\xbf\x56\xed\x61\xf8\x8f\x03\x9a"
"\x31\xc8\x3c\xd3\x6a\x01\x75\x0c"
"\xa3\x17\xae\x45\xdc\x50\xe7\x7e"
"\x15\x89\x20\xb7\x2b\xc2\x59\xf0"
"\x64\xfb\x92\x06\x9d\x34\xcb\x3f"
"\xd6\x6d\x04\x78\x0f\xa6\x1a\xb1"
"\x48\xdf\x53\xea\x81\x18\x8c\x23"
"\xba\x2e\xc5\x5c\xf3\x67\xfe\x95"
"\x09\xa0\x37\xce\x42\xd9\x70\x07"
"\x7b\x12\xa9\x1d\xb4\x4b\xe2\x56"
"\xed\x84\x1b\x8f\x26\xbd\x31\xc8"
"\x5f\xf6\x6a\x01\x98\x0c\xa3\x3a"
"\xd1\x45\xdc\x73\x0a\x7e\x15\xac"
"\x20\xb7\x4e\xe5\x59\xf0\x87\x1e"
"\x92\x29\xc0\x34\xcb\x62\xf9\x6d"
"\x04\x9b\x0f\xa6\x3d\xd4\x48\xdf"
"\x76\x0d\x81\x18\xaf\x23\xba\x51"
"\xe8\x5c\xf3\x8a\x21\x95\x2c\xc3"
"\x37\xce\x65\xfc\x70\x07\x9e\x12"
"\xa9\x40\xd7\x4b\xe2\x79\x10\x84"
"\x1b\xb2\x26\xbd\x54\xeb\x5f\xf6"
"\x8d\x01\x98\x2f\xc6\x3a\xd1\x68"
"\xff\x73\x0a\xa1\x15\xac\x43\xda"
"\x4e\xe5\x7c\x13\x87\x1e\xb5\x29"
"\xc0\x57\xee\x62\xf9\x90\x04\x9b"
"\x32\xc9\x3d\xd4\x6b\x02\x76\x0d"
"\xa4\x18\xaf\x46\xdd\x51\xe8\x7f"
"\x16\x8a\x21\xb8\x2c\xc3\x5a\xf1"
"\x65\xfc\x93\x07\x9e\x35\xcc\x40"
"\xd7\x6e\x05\x79\x10\xa7\x1b\xb2"
"\x49\xe0\x54\xeb\x82\x19\x8d\x24"
"\xbb\x2f\xc6\x5d\xf4\x68\xff\x96"
"\x0a\xa1\x38\xcf\x43\xda\x71\x08"
"\x7c\x13\xaa\x1e\xb5\x4c\xe3\x57"
"\xee\x85\x1c\x90\x27\xbe\x32\xc9"
"\x60\xf7\x6b\x02\x99\x0d\xa4\x3b"
"\xd2\x46\xdd\x74\x0b\x7f\x16\xad"
"\x21\xb8\x4f\xe6\x5a\xf1\x88\x1f"
"\x93\x2a\xc1\x35\xcc\x63\xfa\x6e"
"\x05\x9c\x10\xa7\x3e\xd5\x49\xe0"
"\x77\x0e\x82\x19\xb0\x24\xbb\x52"
"\xe9\x5d\xf4\x8b\x22\x96\x2d\xc4"
"\x38\xcf\x66\xfd\x71\x08\x9f\x13"
"\xaa\x41\xd8\x4c\xe3\x7a\x11\x85"
"\x1c\xb3\x27\xbe\x55\xec\x60\xf7"
"\x8e\x02\x99\x30\xc7\x3b\xd2\x69"
"\x00\x74\x0b\xa2\x16\xad\x44\xdb"
"\x4f\xe6\x7d\x14\x88\x1f\xb6\x2a"
"\xc1\x58\xef\x63\xfa\x91\x05\x9c"
"\x33\xca\x3e\xd5\x6c\x03\x77\x0e"
"\xa5\x19\xb0\x47\xde\x52\xe9\x80"
"\x17\x8b\x22\xb9\x2d\xc4\x5b\xf2"
"\x66\xfd\x94\x08\x9f\x36\xcd\x41"
"\xd8\x6f\x06\x7a\x11\xa8\x1c\xb3"
"\x4a\xe1\x55\xec\x83\x1a\x8e\x25"
"\xbc\x30\xc7\x5e\xf5\x69\x00\x97"
"\x0b\xa2\x39\xd0\x44\xdb\x72\x09"
"\x7d\x14\xab\x1f\xb6\x4d\xe4\x58"
"\xef\x86\x1d\x91\x28\xbf\x33\xca"
"\x61\xf8\x6c\x03\x9a\x0e\xa5\x3c"
"\xd3\x47\xde\x75\x0c\x80\x17\xae"
"\x22\xb9\x50\xe7\x5b\xf2\x89\x20"
"\x94\x2b\xc2\x36\xcd\x64\xfb\x6f"
"\x06\x9d\x11\xa8\x3f\xd6\x4a\xe1"
"\x78\x0f\x83\x1a\xb1\x25\xbc\x53"
"\xea\x5e\xf5\x8c\x00\x97\x2e\xc5"
"\x39\xd0\x67\xfe\x72\x09\xa0\x14"
"\xab\x42\xd9\x4d\xe4\x7b\x12\x86"
"\x1d\xb4\x28\xbf\x56\xed\x61\xf8"
"\x8f\x03\x9a\x31\xc8\x3c\xd3\x6a"
"\x01\x75\x0c\xa3\x17\xae\x45\xdc"
"\x50\xe7\x7e\x15\x89\x20\xb7\x2b"
"\xc2\x59\xf0\x64\xfb\x92\x06\x9d"
"\x34\xcb\x3f\xd6\x6d\x04\x78\x0f"
"\xa6\x1a\xb1\x48\xdf\x53\xea\x81"
"\x18\x8c\x23\xba\x2e\xc5\x5c\xf3"
"\x67\xfe\x95\x09\xa0\x37\xce\x42"
"\xd9\x70\x07\x7b\x12\xa9\x1d\xb4"
"\x4b\xe2\x56\xed\x84\x1b\x8f\x26"
"\xbd\x31\xc8\x5f\xf6\x6a\x01\x98",
.psize = 2048,
.digest = "\xfb\x3a\x7a\xda",
}
};
/*
* CRC32C test vectors
*/
static const struct hash_testvec crc32c_tv_template[] = {
{
.psize = 0,
.digest = "\x00\x00\x00\x00",
},
{
.plaintext = "abcdefg",
.psize = 7,
.digest = "\x41\xf4\x27\xe6",
},
{
.key = "\x87\xa9\xcb\xed",
.ksize = 4,
.psize = 0,
.digest = "\x78\x56\x34\x12",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28",
.psize = 40,
.digest = "\x7f\x15\x2c\x0e",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38"
"\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48"
"\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50",
.psize = 40,
.digest = "\xf6\xeb\x80\xe9",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x51\x52\x53\x54\x55\x56\x57\x58"
"\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78",
.psize = 40,
.digest = "\xed\xbd\x74\xde",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88"
"\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0",
.psize = 40,
.digest = "\x62\xc8\x79\xd5",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8"
"\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8"
"\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8",
.psize = 40,
.digest = "\xd0\x9a\x97\xba",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8"
"\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8"
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 40,
.digest = "\x13\xd9\x29\x2b",
},
{
.key = "\x80\xea\xd3\xf1",
.ksize = 4,
.plaintext = "\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38"
"\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48"
"\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50",
.psize = 40,
.digest = "\x0c\xb5\xe2\xa2",
},
{
.key = "\xf3\x4a\x1d\x5d",
.ksize = 4,
.plaintext = "\x51\x52\x53\x54\x55\x56\x57\x58"
"\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78",
.psize = 40,
.digest = "\xd1\x7f\xfb\xa6",
},
{
.key = "\x2e\x80\x04\x59",
.ksize = 4,
.plaintext = "\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88"
"\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0",
.psize = 40,
.digest = "\x59\x33\xe6\x7a",
},
{
.key = "\xa6\xcc\x19\x85",
.ksize = 4,
.plaintext = "\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8"
"\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8"
"\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8",
.psize = 40,
.digest = "\xbe\x03\x01\xd2",
},
{
.key = "\x41\xfc\xfe\x2d",
.ksize = 4,
.plaintext = "\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8"
"\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8"
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 40,
.digest = "\x75\xd3\xc5\x24",
},
{
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x01\x02\x03\x04\x05\x06\x07\x08"
"\x09\x0a\x0b\x0c\x0d\x0e\x0f\x10"
"\x11\x12\x13\x14\x15\x16\x17\x18"
"\x19\x1a\x1b\x1c\x1d\x1e\x1f\x20"
"\x21\x22\x23\x24\x25\x26\x27\x28"
"\x29\x2a\x2b\x2c\x2d\x2e\x2f\x30"
"\x31\x32\x33\x34\x35\x36\x37\x38"
"\x39\x3a\x3b\x3c\x3d\x3e\x3f\x40"
"\x41\x42\x43\x44\x45\x46\x47\x48"
"\x49\x4a\x4b\x4c\x4d\x4e\x4f\x50"
"\x51\x52\x53\x54\x55\x56\x57\x58"
"\x59\x5a\x5b\x5c\x5d\x5e\x5f\x60"
"\x61\x62\x63\x64\x65\x66\x67\x68"
"\x69\x6a\x6b\x6c\x6d\x6e\x6f\x70"
"\x71\x72\x73\x74\x75\x76\x77\x78"
"\x79\x7a\x7b\x7c\x7d\x7e\x7f\x80"
"\x81\x82\x83\x84\x85\x86\x87\x88"
"\x89\x8a\x8b\x8c\x8d\x8e\x8f\x90"
"\x91\x92\x93\x94\x95\x96\x97\x98"
"\x99\x9a\x9b\x9c\x9d\x9e\x9f\xa0"
"\xa1\xa2\xa3\xa4\xa5\xa6\xa7\xa8"
"\xa9\xaa\xab\xac\xad\xae\xaf\xb0"
"\xb1\xb2\xb3\xb4\xb5\xb6\xb7\xb8"
"\xb9\xba\xbb\xbc\xbd\xbe\xbf\xc0"
"\xc1\xc2\xc3\xc4\xc5\xc6\xc7\xc8"
"\xc9\xca\xcb\xcc\xcd\xce\xcf\xd0"
"\xd1\xd2\xd3\xd4\xd5\xd6\xd7\xd8"
"\xd9\xda\xdb\xdc\xdd\xde\xdf\xe0"
"\xe1\xe2\xe3\xe4\xe5\xe6\xe7\xe8"
"\xe9\xea\xeb\xec\xed\xee\xef\xf0",
.psize = 240,
.digest = "\x75\xd3\xc5\x24",
.np = 2,
.tap = { 31, 209 }
}, {
.key = "\xff\xff\xff\xff",
.ksize = 4,
.plaintext = "\x6e\x05\x79\x10\xa7\x1b\xb2\x49"
"\xe0\x54\xeb\x82\x19\x8d\x24\xbb"
"\x2f\xc6\x5d\xf4\x68\xff\x96\x0a"
"\xa1\x38\xcf\x43\xda\x71\x08\x7c"
"\x13\xaa\x1e\xb5\x4c\xe3\x57\xee"
"\x85\x1c\x90\x27\xbe\x32\xc9\x60"
"\xf7\x6b\x02\x99\x0d\xa4\x3b\xd2"
"\x46\xdd\x74\x0b\x7f\x16\xad\x21"
"\xb8\x4f\xe6\x5a\xf1\x88\x1f\x93"
"\x2a\xc1\x35\xcc\x63\xfa\x6e\x05"
"\x9c\x10\xa7\x3e\xd5\x49\xe0\x77"
"\x0e\x82\x19\xb0\x24\xbb\x52\xe9"
"\x5d\xf4\x8b\x22\x96\x2d\xc4\x38"
"\xcf\x66\xfd\x71\x08\x9f\x13\xaa"
"\x41\xd8\x4c\xe3\x7a\x11\x85\x1c"
"\xb3\x27\xbe\x55\xec\x60\xf7\x8e"
"\x02\x99\x30\xc7\x3b\xd2\x69\x00"
"\x74\x0b\xa2\x16\xad\x44\xdb\x4f"
"\xe6\x7d\x14\x88\x1f\xb6\x2a\xc1"
"\x58\xef\x63\xfa\x91\x05\x9c\x33"
"\xca\x3e\xd5\x6c\x03\x77\x0e\xa5"
"\x19\xb0\x47\xde\x52\xe9\x80\x17"
"\x8b\x22\xb9\x2d\xc4\x5b\xf2\x66"
"\xfd\x94\x08\x9f\x36\xcd\x41\xd8"
"\x6f\x06\x7a\x11\xa8\x1c\xb3\x4a"
"\xe1\x55\xec\x83\x1a\x8e\x25\xbc"
"\x30\xc7\x5e\xf5\x69\x00\x97\x0b"
"\xa2\x39\xd0\x44\xdb\x72\x09\x7d"
"\x14\xab\x1f\xb6\x4d\xe4\x58\xef"
"\x86\x1d\x91\x28\xbf\x33\xca\x61"
"\xf8\x6c\x03\x9a\x0e\xa5\x3c\xd3"
"\x47\xde\x75\x0c\x80\x17\xae\x22"
"\xb9\x50\xe7\x5b\xf2\x89\x20\x94"
"\x2b\xc2\x36\xcd\x64\xfb\x6f\x06"
"\x9d\x11\xa8\x3f\xd6\x4a\xe1\x78"
"\x0f\x83\x1a\xb1\x25\xbc\x53\xea"
"\x5e\xf5\x8c\x00\x97\x2e\xc5\x39"
"\xd0\x67\xfe\x72\x09\xa0\x14\xab"
"\x42\xd9\x4d\xe4\x7b\x12\x86\x1d"
"\xb4\x28\xbf\x56\xed\x61\xf8\x8f"
"\x03\x9a\x31\xc8\x3c\xd3\x6a\x01"
"\x75\x0c\xa3\x17\xae\x45\xdc\x50"
"\xe7\x7e\x15\x89\x20\xb7\x2b\xc2"
"\x59\xf0\x64\xfb\x92\x06\x9d\x34"
"\xcb\x3f\xd6\x6d\x04\x78\x0f\xa6"
"\x1a\xb1\x48\xdf\x53\xea\x81\x18"
"\x8c\x23\xba\x2e\xc5\x5c\xf3\x67"
"\xfe\x95\x09\xa0\x37\xce\x42\xd9"
"\x70\x07\x7b\x12\xa9\x1d\xb4\x4b"
"\xe2\x56\xed\x84\x1b\x8f\x26\xbd"
"\x31\xc8\x5f\xf6\x6a\x01\x98\x0c"
"\xa3\x3a\xd1\x45\xdc\x73\x0a\x7e"
"\x15\xac\x20\xb7\x4e\xe5\x59\xf0"
"\x87\x1e\x92\x29\xc0\x34\xcb\x62"
"\xf9\x6d\x04\x9b\x0f\xa6\x3d\xd4"
"\x48\xdf\x76\x0d\x81\x18\xaf\x23"
"\xba\x51\xe8\x5c\xf3\x8a\x21\x95"
"\x2c\xc3\x37\xce\x65\xfc\x70\x07"
"\x9e\x12\xa9\x40\xd7\x4b\xe2\x79"
"\x10\x84\x1b\xb2\x26\xbd\x54\xeb"
"\x5f\xf6\x8d\x01\x98\x2f\xc6\x3a"
"\xd1\x68\xff\x73\x0a\xa1\x15\xac"
"\x43\xda\x4e\xe5\x7c\x13\x87\x1e"
"\xb5\x29\xc0\x57\xee\x62\xf9\x90"
"\x04\x9b\x32\xc9\x3d\xd4\x6b\x02"
"\x76\x0d\xa4\x18\xaf\x46\xdd\x51"
"\xe8\x7f\x16\x8a\x21\xb8\x2c\xc3"
"\x5a\xf1\x65\xfc\x93\x07\x9e\x35"
"\xcc\x40\xd7\x6e\x05\x79\x10\xa7"
"\x1b\xb2\x49\xe0\x54\xeb\x82\x19"
"\x8d\x24\xbb\x2f\xc6\x5d\xf4\x68"
"\xff\x96\x0a\xa1\x38\xcf\x43\xda"
"\x71\x08\x7c\x13\xaa\x1e\xb5\x4c"
"\xe3\x57\xee\x85\x1c\x90\x27\xbe"
"\x32\xc9\x60\xf7\x6b\x02\x99\x0d"
"\xa4\x3b\xd2\x46\xdd\x74\x0b\x7f"
"\x16\xad\x21\xb8\x4f\xe6\x5a\xf1"
"\x88\x1f\x93\x2a\xc1\x35\xcc\x63"
"\xfa\x6e\x05\x9c\x10\xa7\x3e\xd5"
"\x49\xe0\x77\x0e\x82\x19\xb0\x24"
"\xbb\x52\xe9\x5d\xf4\x8b\x22\x96"
"\x2d\xc4\x38\xcf\x66\xfd\x71\x08"
"\x9f\x13\xaa\x41\xd8\x4c\xe3\x7a"
"\x11\x85\x1c\xb3\x27\xbe\x55\xec"
"\x60\xf7\x8e\x02\x99\x30\xc7\x3b"
"\xd2\x69\x00\x74\x0b\xa2\x16\xad"
"\x44\xdb\x4f\xe6\x7d\x14\x88\x1f"
"\xb6\x2a\xc1\x58\xef\x63\xfa\x91"
"\x05\x9c\x33\xca\x3e\xd5\x6c\x03"
"\x77\x0e\xa5\x19\xb0\x47\xde\x52"
"\xe9\x80\x17\x8b\x22\xb9\x2d\xc4"
"\x5b\xf2\x66\xfd\x94\x08\x9f\x36"
"\xcd\x41\xd8\x6f\x06\x7a\x11\xa8"
"\x1c\xb3\x4a\xe1\x55\xec\x83\x1a"
"\x8e\x25\xbc\x30\xc7\x5e\xf5\x69"
"\x00\x97\x0b\xa2\x39\xd0\x44\xdb"
"\x72\x09\x7d\x14\xab\x1f\xb6\x4d"
"\xe4\x58\xef\x86\x1d\x91\x28\xbf"
"\x33\xca\x61\xf8\x6c\x03\x9a\x0e"
"\xa5\x3c\xd3\x47\xde\x75\x0c\x80"
"\x17\xae\x22\xb9\x50\xe7\x5b\xf2"
"\x89\x20\x94\x2b\xc2\x36\xcd\x64"
"\xfb\x6f\x06\x9d\x11\xa8\x3f\xd6"
"\x4a\xe1\x78\x0f\x83\x1a\xb1\x25"
"\xbc\x53\xea\x5e\xf5\x8c\x00\x97"
"\x2e\xc5\x39\xd0\x67\xfe\x72\x09"
"\xa0\x14\xab\x42\xd9\x4d\xe4\x7b"
"\x12\x86\x1d\xb4\x28\xbf\x56\xed"
"\x61\xf8\x8f\x03\x9a\x31\xc8\x3c"
"\xd3\x6a\x01\x75\x0c\xa3\x17\xae"
"\x45\xdc\x50\xe7\x7e\x15\x89\x20"
"\xb7\x2b\xc2\x59\xf0\x64\xfb\x92"
"\x06\x9d\x34\xcb\x3f\xd6\x6d\x04"
"\x78\x0f\xa6\x1a\xb1\x48\xdf\x53"
"\xea\x81\x18\x8c\x23\xba\x2e\xc5"
"\x5c\xf3\x67\xfe\x95\x09\xa0\x37"
"\xce\x42\xd9\x70\x07\x7b\x12\xa9"
"\x1d\xb4\x4b\xe2\x56\xed\x84\x1b"
"\x8f\x26\xbd\x31\xc8\x5f\xf6\x6a"
"\x01\x98\x0c\xa3\x3a\xd1\x45\xdc"
"\x73\x0a\x7e\x15\xac\x20\xb7\x4e"
"\xe5\x59\xf0\x87\x1e\x92\x29\xc0"
"\x34\xcb\x62\xf9\x6d\x04\x9b\x0f"
"\xa6\x3d\xd4\x48\xdf\x76\x0d\x81"
"\x18\xaf\x23\xba\x51\xe8\x5c\xf3"
"\x8a\x21\x95\x2c\xc3\x37\xce\x65"
"\xfc\x70\x07\x9e\x12\xa9\x40\xd7"
"\x4b\xe2\x79\x10\x84\x1b\xb2\x26"
"\xbd\x54\xeb\x5f\xf6\x8d\x01\x98"
"\x2f\xc6\x3a\xd1\x68\xff\x73\x0a"
"\xa1\x15\xac\x43\xda\x4e\xe5\x7c"
"\x13\x87\x1e\xb5\x29\xc0\x57\xee"
"\x62\xf9\x90\x04\x9b\x32\xc9\x3d"
"\xd4\x6b\x02\x76\x0d\xa4\x18\xaf"
"\x46\xdd\x51\xe8\x7f\x16\x8a\x21"
"\xb8\x2c\xc3\x5a\xf1\x65\xfc\x93"
"\x07\x9e\x35\xcc\x40\xd7\x6e\x05"
"\x79\x10\xa7\x1b\xb2\x49\xe0\x54"
"\xeb\x82\x19\x8d\x24\xbb\x2f\xc6"
"\x5d\xf4\x68\xff\x96\x0a\xa1\x38"
"\xcf\x43\xda\x71\x08\x7c\x13\xaa"
"\x1e\xb5\x4c\xe3\x57\xee\x85\x1c"
"\x90\x27\xbe\x32\xc9\x60\xf7\x6b"
"\x02\x99\x0d\xa4\x3b\xd2\x46\xdd"
"\x74\x0b\x7f\x16\xad\x21\xb8\x4f"
"\xe6\x5a\xf1\x88\x1f\x93\x2a\xc1"
"\x35\xcc\x63\xfa\x6e\x05\x9c\x10"
"\xa7\x3e\xd5\x49\xe0\x77\x0e\x82"
"\x19\xb0\x24\xbb\x52\xe9\x5d\xf4"
"\x8b\x22\x96\x2d\xc4\x38\xcf\x66"
"\xfd\x71\x08\x9f\x13\xaa\x41\xd8"
"\x4c\xe3\x7a\x11\x85\x1c\xb3\x27"
"\xbe\x55\xec\x60\xf7\x8e\x02\x99"
"\x30\xc7\x3b\xd2\x69\x00\x74\x0b"
"\xa2\x16\xad\x44\xdb\x4f\xe6\x7d"
"\x14\x88\x1f\xb6\x2a\xc1\x58\xef"
"\x63\xfa\x91\x05\x9c\x33\xca\x3e"
"\xd5\x6c\x03\x77\x0e\xa5\x19\xb0"
"\x47\xde\x52\xe9\x80\x17\x8b\x22"
"\xb9\x2d\xc4\x5b\xf2\x66\xfd\x94"
"\x08\x9f\x36\xcd\x41\xd8\x6f\x06"
"\x7a\x11\xa8\x1c\xb3\x4a\xe1\x55"
"\xec\x83\x1a\x8e\x25\xbc\x30\xc7"
"\x5e\xf5\x69\x00\x97\x0b\xa2\x39"
"\xd0\x44\xdb\x72\x09\x7d\x14\xab"
"\x1f\xb6\x4d\xe4\x58\xef\x86\x1d"
"\x91\x28\xbf\x33\xca\x61\xf8\x6c"
"\x03\x9a\x0e\xa5\x3c\xd3\x47\xde"
"\x75\x0c\x80\x17\xae\x22\xb9\x50"
"\xe7\x5b\xf2\x89\x20\x94\x2b\xc2"
"\x36\xcd\x64\xfb\x6f\x06\x9d\x11"
"\xa8\x3f\xd6\x4a\xe1\x78\x0f\x83"
"\x1a\xb1\x25\xbc\x53\xea\x5e\xf5"
"\x8c\x00\x97\x2e\xc5\x39\xd0\x67"
"\xfe\x72\x09\xa0\x14\xab\x42\xd9"
"\x4d\xe4\x7b\x12\x86\x1d\xb4\x28"
"\xbf\x56\xed\x61\xf8\x8f\x03\x9a"
"\x31\xc8\x3c\xd3\x6a\x01\x75\x0c"
"\xa3\x17\xae\x45\xdc\x50\xe7\x7e"
"\x15\x89\x20\xb7\x2b\xc2\x59\xf0"
"\x64\xfb\x92\x06\x9d\x34\xcb\x3f"
"\xd6\x6d\x04\x78\x0f\xa6\x1a\xb1"
"\x48\xdf\x53\xea\x81\x18\x8c\x23"
"\xba\x2e\xc5\x5c\xf3\x67\xfe\x95"
"\x09\xa0\x37\xce\x42\xd9\x70\x07"
"\x7b\x12\xa9\x1d\xb4\x4b\xe2\x56"
"\xed\x84\x1b\x8f\x26\xbd\x31\xc8"
"\x5f\xf6\x6a\x01\x98\x0c\xa3\x3a"
"\xd1\x45\xdc\x73\x0a\x7e\x15\xac"
"\x20\xb7\x4e\xe5\x59\xf0\x87\x1e"
"\x92\x29\xc0\x34\xcb\x62\xf9\x6d"
"\x04\x9b\x0f\xa6\x3d\xd4\x48\xdf"
"\x76\x0d\x81\x18\xaf\x23\xba\x51"
"\xe8\x5c\xf3\x8a\x21\x95\x2c\xc3"
"\x37\xce\x65\xfc\x70\x07\x9e\x12"
"\xa9\x40\xd7\x4b\xe2\x79\x10\x84"
"\x1b\xb2\x26\xbd\x54\xeb\x5f\xf6"
"\x8d\x01\x98\x2f\xc6\x3a\xd1\x68"
"\xff\x73\x0a\xa1\x15\xac\x43\xda"
"\x4e\xe5\x7c\x13\x87\x1e\xb5\x29"
"\xc0\x57\xee\x62\xf9\x90\x04\x9b"
"\x32\xc9\x3d\xd4\x6b\x02\x76\x0d"
"\xa4\x18\xaf\x46\xdd\x51\xe8\x7f"
"\x16\x8a\x21\xb8\x2c\xc3\x5a\xf1"
"\x65\xfc\x93\x07\x9e\x35\xcc\x40"
"\xd7\x6e\x05\x79\x10\xa7\x1b\xb2"
"\x49\xe0\x54\xeb\x82\x19\x8d\x24"
"\xbb\x2f\xc6\x5d\xf4\x68\xff\x96"
"\x0a\xa1\x38\xcf\x43\xda\x71\x08"
"\x7c\x13\xaa\x1e\xb5\x4c\xe3\x57"
"\xee\x85\x1c\x90\x27\xbe\x32\xc9"
"\x60\xf7\x6b\x02\x99\x0d\xa4\x3b"
"\xd2\x46\xdd\x74\x0b\x7f\x16\xad"
"\x21\xb8\x4f\xe6\x5a\xf1\x88\x1f"
"\x93\x2a\xc1\x35\xcc\x63\xfa\x6e"
"\x05\x9c\x10\xa7\x3e\xd5\x49\xe0"
"\x77\x0e\x82\x19\xb0\x24\xbb\x52"
"\xe9\x5d\xf4\x8b\x22\x96\x2d\xc4"
"\x38\xcf\x66\xfd\x71\x08\x9f\x13"
"\xaa\x41\xd8\x4c\xe3\x7a\x11\x85"
"\x1c\xb3\x27\xbe\x55\xec\x60\xf7"
"\x8e\x02\x99\x30\xc7\x3b\xd2\x69"
"\x00\x74\x0b\xa2\x16\xad\x44\xdb"
"\x4f\xe6\x7d\x14\x88\x1f\xb6\x2a"
"\xc1\x58\xef\x63\xfa\x91\x05\x9c"
"\x33\xca\x3e\xd5\x6c\x03\x77\x0e"
"\xa5\x19\xb0\x47\xde\x52\xe9\x80"
"\x17\x8b\x22\xb9\x2d\xc4\x5b\xf2"
"\x66\xfd\x94\x08\x9f\x36\xcd\x41"
"\xd8\x6f\x06\x7a\x11\xa8\x1c\xb3"
"\x4a\xe1\x55\xec\x83\x1a\x8e\x25"
"\xbc\x30\xc7\x5e\xf5\x69\x00\x97"
"\x0b\xa2\x39\xd0\x44\xdb\x72\x09"
"\x7d\x14\xab\x1f\xb6\x4d\xe4\x58"
"\xef\x86\x1d\x91\x28\xbf\x33\xca"
"\x61\xf8\x6c\x03\x9a\x0e\xa5\x3c"
"\xd3\x47\xde\x75\x0c\x80\x17\xae"
"\x22\xb9\x50\xe7\x5b\xf2\x89\x20"
"\x94\x2b\xc2\x36\xcd\x64\xfb\x6f"
"\x06\x9d\x11\xa8\x3f\xd6\x4a\xe1"
"\x78\x0f\x83\x1a\xb1\x25\xbc\x53"
"\xea\x5e\xf5\x8c\x00\x97\x2e\xc5"
"\x39\xd0\x67\xfe\x72\x09\xa0\x14"
"\xab\x42\xd9\x4d\xe4\x7b\x12\x86"
"\x1d\xb4\x28\xbf\x56\xed\x61\xf8"
"\x8f\x03\x9a\x31\xc8\x3c\xd3\x6a"
"\x01\x75\x0c\xa3\x17\xae\x45\xdc"
"\x50\xe7\x7e\x15\x89\x20\xb7\x2b"
"\xc2\x59\xf0\x64\xfb\x92\x06\x9d"
"\x34\xcb\x3f\xd6\x6d\x04\x78\x0f"
"\xa6\x1a\xb1\x48\xdf\x53\xea\x81"
"\x18\x8c\x23\xba\x2e\xc5\x5c\xf3"
"\x67\xfe\x95\x09\xa0\x37\xce\x42"
"\xd9\x70\x07\x7b\x12\xa9\x1d\xb4"
"\x4b\xe2\x56\xed\x84\x1b\x8f\x26"
"\xbd\x31\xc8\x5f\xf6\x6a\x01\x98",
.psize = 2048,
.digest = "\xec\x26\x4d\x95",
}
};
static const struct comp_testvec lz4_comp_tv_template[] = {
{
.inlen = 255,
.outlen = 218,
.input = "LZ4 is lossless compression algorithm, providing"
" compression speed at 400 MB/s per core, scalable "
"with multi-cores CPU. It features an extremely fast "
"decoder, with speed in multiple GB/s per core, "
"typically reaching RAM speed limits on multi-core "
"systems.",
.output = "\xf9\x21\x4c\x5a\x34\x20\x69\x73\x20\x6c\x6f\x73\x73"
"\x6c\x65\x73\x73\x20\x63\x6f\x6d\x70\x72\x65\x73\x73"
"\x69\x6f\x6e\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d"
"\x2c\x20\x70\x72\x6f\x76\x69\x64\x69\x6e\x67\x21\x00"
"\xf0\x21\x73\x70\x65\x65\x64\x20\x61\x74\x20\x34\x30"
"\x30\x20\x4d\x42\x2f\x73\x20\x70\x65\x72\x20\x63\x6f"
"\x72\x65\x2c\x20\x73\x63\x61\x6c\x61\x62\x6c\x65\x20"
"\x77\x69\x74\x68\x20\x6d\x75\x6c\x74\x69\x2d\x1a\x00"
"\xf0\x00\x73\x20\x43\x50\x55\x2e\x20\x49\x74\x20\x66"
"\x65\x61\x74\x75\x11\x00\xf2\x0b\x61\x6e\x20\x65\x78"
"\x74\x72\x65\x6d\x65\x6c\x79\x20\x66\x61\x73\x74\x20"
"\x64\x65\x63\x6f\x64\x65\x72\x2c\x3d\x00\x02\x67\x00"
"\x22\x69\x6e\x46\x00\x5a\x70\x6c\x65\x20\x47\x6c\x00"
"\xf0\x00\x74\x79\x70\x69\x63\x61\x6c\x6c\x79\x20\x72"
"\x65\x61\x63\x68\xa7\x00\x33\x52\x41\x4d\x38\x00\x83"
"\x6c\x69\x6d\x69\x74\x73\x20\x6f\x3f\x00\x01\x85\x00"
"\x90\x20\x73\x79\x73\x74\x65\x6d\x73\x2e",
},
};
static const struct comp_testvec lz4_decomp_tv_template[] = {
{
.inlen = 218,
.outlen = 255,
.input = "\xf9\x21\x4c\x5a\x34\x20\x69\x73\x20\x6c\x6f\x73\x73"
"\x6c\x65\x73\x73\x20\x63\x6f\x6d\x70\x72\x65\x73\x73"
"\x69\x6f\x6e\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d"
"\x2c\x20\x70\x72\x6f\x76\x69\x64\x69\x6e\x67\x21\x00"
"\xf0\x21\x73\x70\x65\x65\x64\x20\x61\x74\x20\x34\x30"
"\x30\x20\x4d\x42\x2f\x73\x20\x70\x65\x72\x20\x63\x6f"
"\x72\x65\x2c\x20\x73\x63\x61\x6c\x61\x62\x6c\x65\x20"
"\x77\x69\x74\x68\x20\x6d\x75\x6c\x74\x69\x2d\x1a\x00"
"\xf0\x00\x73\x20\x43\x50\x55\x2e\x20\x49\x74\x20\x66"
"\x65\x61\x74\x75\x11\x00\xf2\x0b\x61\x6e\x20\x65\x78"
"\x74\x72\x65\x6d\x65\x6c\x79\x20\x66\x61\x73\x74\x20"
"\x64\x65\x63\x6f\x64\x65\x72\x2c\x3d\x00\x02\x67\x00"
"\x22\x69\x6e\x46\x00\x5a\x70\x6c\x65\x20\x47\x6c\x00"
"\xf0\x00\x74\x79\x70\x69\x63\x61\x6c\x6c\x79\x20\x72"
"\x65\x61\x63\x68\xa7\x00\x33\x52\x41\x4d\x38\x00\x83"
"\x6c\x69\x6d\x69\x74\x73\x20\x6f\x3f\x00\x01\x85\x00"
"\x90\x20\x73\x79\x73\x74\x65\x6d\x73\x2e",
.output = "LZ4 is lossless compression algorithm, providing"
" compression speed at 400 MB/s per core, scalable "
"with multi-cores CPU. It features an extremely fast "
"decoder, with speed in multiple GB/s per core, "
"typically reaching RAM speed limits on multi-core "
"systems.",
},
};
static const struct comp_testvec lz4hc_comp_tv_template[] = {
{
.inlen = 255,
.outlen = 216,
.input = "LZ4 is lossless compression algorithm, providing"
" compression speed at 400 MB/s per core, scalable "
"with multi-cores CPU. It features an extremely fast "
"decoder, with speed in multiple GB/s per core, "
"typically reaching RAM speed limits on multi-core "
"systems.",
.output = "\xf9\x21\x4c\x5a\x34\x20\x69\x73\x20\x6c\x6f\x73\x73"
"\x6c\x65\x73\x73\x20\x63\x6f\x6d\x70\x72\x65\x73\x73"
"\x69\x6f\x6e\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d"
"\x2c\x20\x70\x72\x6f\x76\x69\x64\x69\x6e\x67\x21\x00"
"\xf0\x21\x73\x70\x65\x65\x64\x20\x61\x74\x20\x34\x30"
"\x30\x20\x4d\x42\x2f\x73\x20\x70\x65\x72\x20\x63\x6f"
"\x72\x65\x2c\x20\x73\x63\x61\x6c\x61\x62\x6c\x65\x20"
"\x77\x69\x74\x68\x20\x6d\x75\x6c\x74\x69\x2d\x1a\x00"
"\xf0\x00\x73\x20\x43\x50\x55\x2e\x20\x49\x74\x20\x66"
"\x65\x61\x74\x75\x11\x00\xf2\x0b\x61\x6e\x20\x65\x78"
"\x74\x72\x65\x6d\x65\x6c\x79\x20\x66\x61\x73\x74\x20"
"\x64\x65\x63\x6f\x64\x65\x72\x2c\x3d\x00\x02\x67\x00"
"\x22\x69\x6e\x46\x00\x5a\x70\x6c\x65\x20\x47\x6c\x00"
"\xf0\x00\x74\x79\x70\x69\x63\x61\x6c\x6c\x79\x20\x72"
"\x65\x61\x63\x68\xa7\x00\x33\x52\x41\x4d\x38\x00\x97"
"\x6c\x69\x6d\x69\x74\x73\x20\x6f\x6e\x85\x00\x90\x20"
"\x73\x79\x73\x74\x65\x6d\x73\x2e",
},
};
static const struct comp_testvec lz4hc_decomp_tv_template[] = {
{
.inlen = 216,
.outlen = 255,
.input = "\xf9\x21\x4c\x5a\x34\x20\x69\x73\x20\x6c\x6f\x73\x73"
"\x6c\x65\x73\x73\x20\x63\x6f\x6d\x70\x72\x65\x73\x73"
"\x69\x6f\x6e\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d"
"\x2c\x20\x70\x72\x6f\x76\x69\x64\x69\x6e\x67\x21\x00"
"\xf0\x21\x73\x70\x65\x65\x64\x20\x61\x74\x20\x34\x30"
"\x30\x20\x4d\x42\x2f\x73\x20\x70\x65\x72\x20\x63\x6f"
"\x72\x65\x2c\x20\x73\x63\x61\x6c\x61\x62\x6c\x65\x20"
"\x77\x69\x74\x68\x20\x6d\x75\x6c\x74\x69\x2d\x1a\x00"
"\xf0\x00\x73\x20\x43\x50\x55\x2e\x20\x49\x74\x20\x66"
"\x65\x61\x74\x75\x11\x00\xf2\x0b\x61\x6e\x20\x65\x78"
"\x74\x72\x65\x6d\x65\x6c\x79\x20\x66\x61\x73\x74\x20"
"\x64\x65\x63\x6f\x64\x65\x72\x2c\x3d\x00\x02\x67\x00"
"\x22\x69\x6e\x46\x00\x5a\x70\x6c\x65\x20\x47\x6c\x00"
"\xf0\x00\x74\x79\x70\x69\x63\x61\x6c\x6c\x79\x20\x72"
"\x65\x61\x63\x68\xa7\x00\x33\x52\x41\x4d\x38\x00\x97"
"\x6c\x69\x6d\x69\x74\x73\x20\x6f\x6e\x85\x00\x90\x20"
"\x73\x79\x73\x74\x65\x6d\x73\x2e",
.output = "LZ4 is lossless compression algorithm, providing"
" compression speed at 400 MB/s per core, scalable "
"with multi-cores CPU. It features an extremely fast "
"decoder, with speed in multiple GB/s per core, "
"typically reaching RAM speed limits on multi-core "
"systems.",
},
};
static const struct comp_testvec zstd_comp_tv_template[] = {
{
.inlen = 68,
.outlen = 39,
.input = "The algorithm is zstd. "
"The algorithm is zstd. "
"The algorithm is zstd.",
.output = "\x28\xb5\x2f\xfd\x00\x50\xf5\x00\x00\xb8\x54\x68\x65"
"\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x20\x69\x73"
"\x20\x7a\x73\x74\x64\x2e\x20\x01\x00\x55\x73\x36\x01"
,
},
{
.inlen = 244,
.outlen = 151,
.input = "zstd, short for Zstandard, is a fast lossless "
"compression algorithm, targeting real-time "
"compression scenarios at zlib-level and better "
"compression ratios. The zstd compression library "
"provides in-memory compression and decompression "
"functions.",
.output = "\x28\xb5\x2f\xfd\x00\x50\x75\x04\x00\x42\x4b\x1e\x17"
"\x90\x81\x31\x00\xf2\x2f\xe4\x36\xc9\xef\x92\x88\x32"
"\xc9\xf2\x24\x94\xd8\x68\x9a\x0f\x00\x0c\xc4\x31\x6f"
"\x0d\x0c\x38\xac\x5c\x48\x03\xcd\x63\x67\xc0\xf3\xad"
"\x4e\x90\xaa\x78\xa0\xa4\xc5\x99\xda\x2f\xb6\x24\x60"
"\xe2\x79\x4b\xaa\xb6\x6b\x85\x0b\xc9\xc6\x04\x66\x86"
"\xe2\xcc\xe2\x25\x3f\x4f\x09\xcd\xb8\x9d\xdb\xc1\x90"
"\xa9\x11\xbc\x35\x44\x69\x2d\x9c\x64\x4f\x13\x31\x64"
"\xcc\xfb\x4d\x95\x93\x86\x7f\x33\x7f\x1a\xef\xe9\x30"
"\xf9\x67\xa1\x94\x0a\x69\x0f\x60\xcd\xc3\xab\x99\xdc"
"\x42\xed\x97\x05\x00\x33\xc3\x15\x95\x3a\x06\xa0\x0e"
"\x20\xa9\x0e\x82\xb9\x43\x45\x01",
},
};
static const struct comp_testvec zstd_decomp_tv_template[] = {
{
.inlen = 43,
.outlen = 68,
.input = "\x28\xb5\x2f\xfd\x04\x50\xf5\x00\x00\xb8\x54\x68\x65"
"\x20\x61\x6c\x67\x6f\x72\x69\x74\x68\x6d\x20\x69\x73"
"\x20\x7a\x73\x74\x64\x2e\x20\x01\x00\x55\x73\x36\x01"
"\x6b\xf4\x13\x35",
.output = "The algorithm is zstd. "
"The algorithm is zstd. "
"The algorithm is zstd.",
},
{
.inlen = 155,
.outlen = 244,
.input = "\x28\xb5\x2f\xfd\x04\x50\x75\x04\x00\x42\x4b\x1e\x17"
"\x90\x81\x31\x00\xf2\x2f\xe4\x36\xc9\xef\x92\x88\x32"
"\xc9\xf2\x24\x94\xd8\x68\x9a\x0f\x00\x0c\xc4\x31\x6f"
"\x0d\x0c\x38\xac\x5c\x48\x03\xcd\x63\x67\xc0\xf3\xad"
"\x4e\x90\xaa\x78\xa0\xa4\xc5\x99\xda\x2f\xb6\x24\x60"
"\xe2\x79\x4b\xaa\xb6\x6b\x85\x0b\xc9\xc6\x04\x66\x86"
"\xe2\xcc\xe2\x25\x3f\x4f\x09\xcd\xb8\x9d\xdb\xc1\x90"
"\xa9\x11\xbc\x35\x44\x69\x2d\x9c\x64\x4f\x13\x31\x64"
"\xcc\xfb\x4d\x95\x93\x86\x7f\x33\x7f\x1a\xef\xe9\x30"
"\xf9\x67\xa1\x94\x0a\x69\x0f\x60\xcd\xc3\xab\x99\xdc"
"\x42\xed\x97\x05\x00\x33\xc3\x15\x95\x3a\x06\xa0\x0e"
"\x20\xa9\x0e\x82\xb9\x43\x45\x01\xaa\x6d\xda\x0d",
.output = "zstd, short for Zstandard, is a fast lossless "
"compression algorithm, targeting real-time "
"compression scenarios at zlib-level and better "
"compression ratios. The zstd compression library "
"provides in-memory compression and decompression "
"functions.",
},
};
static const char blake2_ordered_sequence[] =
"\x00\x01\x02\x03\x04\x05\x06\x07"
"\x08\x09\x0a\x0b\x0c\x0d\x0e\x0f"
"\x10\x11\x12\x13\x14\x15\x16\x17"
"\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f"
"\x20\x21\x22\x23\x24\x25\x26\x27"
"\x28\x29\x2a\x2b\x2c\x2d\x2e\x2f"
"\x30\x31\x32\x33\x34\x35\x36\x37"
"\x38\x39\x3a\x3b\x3c\x3d\x3e\x3f"
"\x40\x41\x42\x43\x44\x45\x46\x47"
"\x48\x49\x4a\x4b\x4c\x4d\x4e\x4f"
"\x50\x51\x52\x53\x54\x55\x56\x57"
"\x58\x59\x5a\x5b\x5c\x5d\x5e\x5f"
"\x60\x61\x62\x63\x64\x65\x66\x67"
"\x68\x69\x6a\x6b\x6c\x6d\x6e\x6f"
"\x70\x71\x72\x73\x74\x75\x76\x77"
"\x78\x79\x7a\x7b\x7c\x7d\x7e\x7f"
"\x80\x81\x82\x83\x84\x85\x86\x87"
"\x88\x89\x8a\x8b\x8c\x8d\x8e\x8f"
"\x90\x91\x92\x93\x94\x95\x96\x97"
"\x98\x99\x9a\x9b\x9c\x9d\x9e\x9f"
"\xa0\xa1\xa2\xa3\xa4\xa5\xa6\xa7"
"\xa8\xa9\xaa\xab\xac\xad\xae\xaf"
"\xb0\xb1\xb2\xb3\xb4\xb5\xb6\xb7"
"\xb8\xb9\xba\xbb\xbc\xbd\xbe\xbf"
"\xc0\xc1\xc2\xc3\xc4\xc5\xc6\xc7"
"\xc8\xc9\xca\xcb\xcc\xcd\xce\xcf"
"\xd0\xd1\xd2\xd3\xd4\xd5\xd6\xd7"
"\xd8\xd9\xda\xdb\xdc\xdd\xde\xdf"
"\xe0\xe1\xe2\xe3\xe4\xe5\xe6\xe7"
"\xe8\xe9\xea\xeb\xec\xed\xee\xef"
"\xf0\xf1\xf2\xf3\xf4\xf5\xf6\xf7"
"\xf8\xf9\xfa\xfb\xfc\xfd\xfe\xff";
static const struct hash_testvec blakes2s_128_tv_template[] = {{
.digest = (u8[]){ 0x64, 0x55, 0x0d, 0x6f, 0xfe, 0x2c, 0x0a, 0x01,
0xa1, 0x4a, 0xba, 0x1e, 0xad, 0xe0, 0x20, 0x0c, },
}, {
.plaintext = blake2_ordered_sequence,
.psize = 64,
.digest = (u8[]){ 0xdc, 0x66, 0xca, 0x8f, 0x03, 0x86, 0x58, 0x01,
0xb0, 0xff, 0xe0, 0x6e, 0xd8, 0xa1, 0xa9, 0x0e, },
}, {
.ksize = 16,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 1,
.digest = (u8[]){ 0x88, 0x1e, 0x42, 0xe7, 0xbb, 0x35, 0x80, 0x82,
0x63, 0x7c, 0x0a, 0x0f, 0xd7, 0xec, 0x6c, 0x2f, },
}, {
.ksize = 32,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 7,
.digest = (u8[]){ 0xcf, 0x9e, 0x07, 0x2a, 0xd5, 0x22, 0xf2, 0xcd,
0xa2, 0xd8, 0x25, 0x21, 0x80, 0x86, 0x73, 0x1c, },
}, {
.ksize = 1,
.key = "B",
.plaintext = blake2_ordered_sequence,
.psize = 15,
.digest = (u8[]){ 0xf6, 0x33, 0x5a, 0x2c, 0x22, 0xa0, 0x64, 0xb2,
0xb6, 0x3f, 0xeb, 0xbc, 0xd1, 0xc3, 0xe5, 0xb2, },
}, {
.ksize = 16,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 247,
.digest = (u8[]){ 0x72, 0x66, 0x49, 0x60, 0xf9, 0x4a, 0xea, 0xbe,
0x1f, 0xf4, 0x60, 0xce, 0xb7, 0x81, 0xcb, 0x09, },
}, {
.ksize = 32,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 256,
.digest = (u8[]){ 0xd5, 0xa4, 0x0e, 0xc3, 0x16, 0xc7, 0x51, 0xa6,
0x3c, 0xd0, 0xd9, 0x11, 0x57, 0xfa, 0x1e, 0xbb, },
}};
static const struct hash_testvec blakes2s_160_tv_template[] = {{
.plaintext = blake2_ordered_sequence,
.psize = 7,
.digest = (u8[]){ 0xb4, 0xf2, 0x03, 0x49, 0x37, 0xed, 0xb1, 0x3e,
0x5b, 0x2a, 0xca, 0x64, 0x82, 0x74, 0xf6, 0x62,
0xe3, 0xf2, 0x84, 0xff, },
}, {
.plaintext = blake2_ordered_sequence,
.psize = 256,
.digest = (u8[]){ 0xaa, 0x56, 0x9b, 0xdc, 0x98, 0x17, 0x75, 0xf2,
0xb3, 0x68, 0x83, 0xb7, 0x9b, 0x8d, 0x48, 0xb1,
0x9b, 0x2d, 0x35, 0x05, },
}, {
.ksize = 1,
.key = "B",
.digest = (u8[]){ 0x50, 0x16, 0xe7, 0x0c, 0x01, 0xd0, 0xd3, 0xc3,
0xf4, 0x3e, 0xb1, 0x6e, 0x97, 0xa9, 0x4e, 0xd1,
0x79, 0x65, 0x32, 0x93, },
}, {
.ksize = 32,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 1,
.digest = (u8[]){ 0x1c, 0x2b, 0xcd, 0x9a, 0x68, 0xca, 0x8c, 0x71,
0x90, 0x29, 0x6c, 0x54, 0xfa, 0x56, 0x4a, 0xef,
0xa2, 0x3a, 0x56, 0x9c, },
}, {
.ksize = 16,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 15,
.digest = (u8[]){ 0x36, 0xc3, 0x5f, 0x9a, 0xdc, 0x7e, 0xbf, 0x19,
0x68, 0xaa, 0xca, 0xd8, 0x81, 0xbf, 0x09, 0x34,
0x83, 0x39, 0x0f, 0x30, },
}, {
.ksize = 1,
.key = "B",
.plaintext = blake2_ordered_sequence,
.psize = 64,
.digest = (u8[]){ 0x86, 0x80, 0x78, 0xa4, 0x14, 0xec, 0x03, 0xe5,
0xb6, 0x9a, 0x52, 0x0e, 0x42, 0xee, 0x39, 0x9d,
0xac, 0xa6, 0x81, 0x63, },
}, {
.ksize = 32,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 247,
.digest = (u8[]){ 0x2d, 0xd8, 0xd2, 0x53, 0x66, 0xfa, 0xa9, 0x01,
0x1c, 0x9c, 0xaf, 0xa3, 0xe2, 0x9d, 0x9b, 0x10,
0x0a, 0xf6, 0x73, 0xe8, },
}};
static const struct hash_testvec blakes2s_224_tv_template[] = {{
.plaintext = blake2_ordered_sequence,
.psize = 1,
.digest = (u8[]){ 0x61, 0xb9, 0x4e, 0xc9, 0x46, 0x22, 0xa3, 0x91,
0xd2, 0xae, 0x42, 0xe6, 0x45, 0x6c, 0x90, 0x12,
0xd5, 0x80, 0x07, 0x97, 0xb8, 0x86, 0x5a, 0xfc,
0x48, 0x21, 0x97, 0xbb, },
}, {
.plaintext = blake2_ordered_sequence,
.psize = 247,
.digest = (u8[]){ 0x9e, 0xda, 0xc7, 0x20, 0x2c, 0xd8, 0x48, 0x2e,
0x31, 0x94, 0xab, 0x46, 0x6d, 0x94, 0xd8, 0xb4,
0x69, 0xcd, 0xae, 0x19, 0x6d, 0x9e, 0x41, 0xcc,
0x2b, 0xa4, 0xd5, 0xf6, },
}, {
.ksize = 16,
.key = blake2_ordered_sequence,
.digest = (u8[]){ 0x32, 0xc0, 0xac, 0xf4, 0x3b, 0xd3, 0x07, 0x9f,
0xbe, 0xfb, 0xfa, 0x4d, 0x6b, 0x4e, 0x56, 0xb3,
0xaa, 0xd3, 0x27, 0xf6, 0x14, 0xbf, 0xb9, 0x32,
0xa7, 0x19, 0xfc, 0xb8, },
}, {
.ksize = 1,
.key = "B",
.plaintext = blake2_ordered_sequence,
.psize = 7,
.digest = (u8[]){ 0x73, 0xad, 0x5e, 0x6d, 0xb9, 0x02, 0x8e, 0x76,
0xf2, 0x66, 0x42, 0x4b, 0x4c, 0xfa, 0x1f, 0xe6,
0x2e, 0x56, 0x40, 0xe5, 0xa2, 0xb0, 0x3c, 0xe8,
0x7b, 0x45, 0xfe, 0x05, },
}, {
.ksize = 32,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 15,
.digest = (u8[]){ 0x16, 0x60, 0xfb, 0x92, 0x54, 0xb3, 0x6e, 0x36,
0x81, 0xf4, 0x16, 0x41, 0xc3, 0x3d, 0xd3, 0x43,
0x84, 0xed, 0x10, 0x6f, 0x65, 0x80, 0x7a, 0x3e,
0x25, 0xab, 0xc5, 0x02, },
}, {
.ksize = 16,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 64,
.digest = (u8[]){ 0xca, 0xaa, 0x39, 0x67, 0x9c, 0xf7, 0x6b, 0xc7,
0xb6, 0x82, 0xca, 0x0e, 0x65, 0x36, 0x5b, 0x7c,
0x24, 0x00, 0xfa, 0x5f, 0xda, 0x06, 0x91, 0x93,
0x6a, 0x31, 0x83, 0xb5, },
}, {
.ksize = 1,
.key = "B",
.plaintext = blake2_ordered_sequence,
.psize = 256,
.digest = (u8[]){ 0x90, 0x02, 0x26, 0xb5, 0x06, 0x9c, 0x36, 0x86,
0x94, 0x91, 0x90, 0x1e, 0x7d, 0x2a, 0x71, 0xb2,
0x48, 0xb5, 0xe8, 0x16, 0xfd, 0x64, 0x33, 0x45,
0xb3, 0xd7, 0xec, 0xcc, },
}};
static const struct hash_testvec blakes2s_256_tv_template[] = {{
.plaintext = blake2_ordered_sequence,
.psize = 15,
.digest = (u8[]){ 0xd9, 0x7c, 0x82, 0x8d, 0x81, 0x82, 0xa7, 0x21,
0x80, 0xa0, 0x6a, 0x78, 0x26, 0x83, 0x30, 0x67,
0x3f, 0x7c, 0x4e, 0x06, 0x35, 0x94, 0x7c, 0x04,
0xc0, 0x23, 0x23, 0xfd, 0x45, 0xc0, 0xa5, 0x2d, },
}, {
.ksize = 32,
.key = blake2_ordered_sequence,
.digest = (u8[]){ 0x48, 0xa8, 0x99, 0x7d, 0xa4, 0x07, 0x87, 0x6b,
0x3d, 0x79, 0xc0, 0xd9, 0x23, 0x25, 0xad, 0x3b,
0x89, 0xcb, 0xb7, 0x54, 0xd8, 0x6a, 0xb7, 0x1a,
0xee, 0x04, 0x7a, 0xd3, 0x45, 0xfd, 0x2c, 0x49, },
}, {
.ksize = 1,
.key = "B",
.plaintext = blake2_ordered_sequence,
.psize = 1,
.digest = (u8[]){ 0x22, 0x27, 0xae, 0xaa, 0x6e, 0x81, 0x56, 0x03,
0xa7, 0xe3, 0xa1, 0x18, 0xa5, 0x9a, 0x2c, 0x18,
0xf4, 0x63, 0xbc, 0x16, 0x70, 0xf1, 0xe7, 0x4b,
0x00, 0x6d, 0x66, 0x16, 0xae, 0x9e, 0x74, 0x4e, },
}, {
.ksize = 16,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 7,
.digest = (u8[]){ 0x58, 0x5d, 0xa8, 0x60, 0x1c, 0xa4, 0xd8, 0x03,
0x86, 0x86, 0x84, 0x64, 0xd7, 0xa0, 0x8e, 0x15,
0x2f, 0x05, 0xa2, 0x1b, 0xbc, 0xef, 0x7a, 0x34,
0xb3, 0xc5, 0xbc, 0x4b, 0xf0, 0x32, 0xeb, 0x12, },
}, {
.ksize = 32,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 64,
.digest = (u8[]){ 0x89, 0x75, 0xb0, 0x57, 0x7f, 0xd3, 0x55, 0x66,
0xd7, 0x50, 0xb3, 0x62, 0xb0, 0x89, 0x7a, 0x26,
0xc3, 0x99, 0x13, 0x6d, 0xf0, 0x7b, 0xab, 0xab,
0xbd, 0xe6, 0x20, 0x3f, 0xf2, 0x95, 0x4e, 0xd4, },
}, {
.ksize = 1,
.key = "B",
.plaintext = blake2_ordered_sequence,
.psize = 247,
.digest = (u8[]){ 0x2e, 0x74, 0x1c, 0x1d, 0x03, 0xf4, 0x9d, 0x84,
0x6f, 0xfc, 0x86, 0x32, 0x92, 0x49, 0x7e, 0x66,
0xd7, 0xc3, 0x10, 0x88, 0xfe, 0x28, 0xb3, 0xe0,
0xbf, 0x50, 0x75, 0xad, 0x8e, 0xa4, 0xe6, 0xb2, },
}, {
.ksize = 16,
.key = blake2_ordered_sequence,
.plaintext = blake2_ordered_sequence,
.psize = 256,
.digest = (u8[]){ 0xb9, 0xd2, 0x81, 0x0e, 0x3a, 0xb1, 0x62, 0x9b,
0xad, 0x44, 0x05, 0xf4, 0x92, 0x2e, 0x99, 0xc1,
0x4a, 0x47, 0xbb, 0x5b, 0x6f, 0xb2, 0x96, 0xed,
0xd5, 0x06, 0xb5, 0x3a, 0x7c, 0x7a, 0x65, 0x1d, },
}};
#endif /* _CRYPTO_TESTMGR_H */