From eecdfe16483e1d342b21c80bf0d0ed561fe42d95 Mon Sep 17 00:00:00 2001
From: John Safranek <jasaf@mac.com>
Date: Fri, 15 Jun 2012 16:05:47 -0700
Subject: [PATCH] added test case for AES-GCM

---
 ctaocrypt/test/test.c | 85 +++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 85 insertions(+)

diff --git a/ctaocrypt/test/test.c b/ctaocrypt/test/test.c
index 065de670e..18a976cf6 100644
--- a/ctaocrypt/test/test.c
+++ b/ctaocrypt/test/test.c
@@ -1144,6 +1144,91 @@ int aes_test()
     }
 #endif /* CYASSL_AES_COUNTER */
 
+#ifdef HAVE_AESGCM
+    {
+        /*
+         * This is Test Case 16 from the document Galois/
+         * Counter Mode of Operation (GCM) by McGrew and
+         * Viega.
+         */
+        const byte k[] =
+        {
+            0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+            0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
+            0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
+            0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08
+        };
+
+        const byte iv[] =
+        {
+            0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
+            0xde, 0xca, 0xf8, 0x88, 0x00, 0x00, 0x00, 0x00
+        };
+        
+        const byte p[] =
+        {
+            0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
+            0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
+            0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
+            0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
+            0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
+            0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
+            0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
+            0xba, 0x63, 0x7b, 0x39
+        };
+        
+        const byte a[] =
+        {
+            0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+            0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
+            0xab, 0xad, 0xda, 0xd2
+        };
+        
+        const byte c[] =
+        {
+            0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
+            0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
+            0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
+            0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
+            0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
+            0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
+            0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
+            0xbc, 0xc9, 0xf6, 0x62
+        };
+
+        const byte t[] =
+        {
+            0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
+            0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b
+        };
+
+        byte t2[16];
+        byte p2[60];
+        byte c2[60];
+
+        int result;
+
+        memset(t2, 0, 16);
+        memset(c2, 0, 60);
+        memset(p2, 0, 60);
+
+        AesSetKey(&enc, k, sizeof(k), iv, AES_ENCRYPTION);
+        /* AES-GCM encrypt and decrypt both use AES encrypt internally */
+        AesGcmEncrypt(&enc, c2, p, sizeof(c2), t2, sizeof(t2), a, sizeof(a));
+        if (memcmp(c, c2, sizeof(c2)))
+            return -68;
+        if (memcmp(t, t2, sizeof(t2)))
+            return -69;
+
+        result = AesGcmDecrypt(&enc,
+                            p2, c2, sizeof(p2), t2, sizeof(t2), a, sizeof(a));
+        if (result != 0)
+            return -70;
+        if (memcmp(p, p2, sizeof(p2)))
+            return -71;
+    }
+#endif /* HAVE_AESGCM */
+
     return 0;
 }
 #endif /* NO_AES */