Lines Matching full:0
45 #define MBEDTLS_GCM_ACC_SMALLTABLE 0
55 memset(ctx, 0, sizeof(mbedtls_gcm_context)); in mbedtls_gcm_init()
85 MBEDTLS_PUT_UINT64_BE(MBEDTLS_GET_UINT64_BE(&src[1], 0) >> 1, &dst[1], 0); in gcm_gen_table_rightshift()
86 u8Dst[8] |= (u8Src[7] & 0x01) << 7; in gcm_gen_table_rightshift()
87 MBEDTLS_PUT_UINT64_BE(MBEDTLS_GET_UINT64_BE(&src[0], 0) >> 1, &dst[0], 0); in gcm_gen_table_rightshift()
88 u8Dst[0] ^= (u8Src[15] & 0x01) ? 0xE1 : 0; in gcm_gen_table_rightshift()
96 * is the high-order bit of HH corresponds to P^0 and the low-order bit of HL
102 uint64_t u64h[2] = { 0 }; in gcm_gen_table()
108 size_t olen = 0; in gcm_gen_table()
111 if (ret != 0) { in gcm_gen_table()
118 ctx->H[MBEDTLS_GCM_HTABLE_SIZE/2][0] = u64h[0]; in gcm_gen_table()
124 return 0; in gcm_gen_table()
129 return 0; in gcm_gen_table()
133 /* 0 corresponds to 0 in GF(2^128) */ in gcm_gen_table()
134 ctx->H[0][0] = 0; in gcm_gen_table()
135 ctx->H[0][1] = 0; in gcm_gen_table()
137 for (i = MBEDTLS_GCM_HTABLE_SIZE/4; i > 0; i >>= 1) { in gcm_gen_table()
143 for (i = MBEDTLS_GCM_HTABLE_SIZE/2; i > 0; i >>= 1) { in gcm_gen_table()
144 MBEDTLS_PUT_UINT64_BE(ctx->H[i][0], &ctx->H[i][0], 0); in gcm_gen_table()
145 MBEDTLS_PUT_UINT64_BE(ctx->H[i][1], &ctx->H[i][1], 0); in gcm_gen_table()
159 return 0; in gcm_gen_table()
176 if ((ret = mbedtls_block_cipher_setup(&ctx->block_cipher_ctx, cipher)) != 0) { in mbedtls_gcm_setkey()
180 if ((ret = mbedtls_block_cipher_setkey(&ctx->block_cipher_ctx, key, keybits)) != 0) { in mbedtls_gcm_setkey()
198 if ((ret = mbedtls_cipher_setup(&ctx->cipher_ctx, cipher_info)) != 0) { in mbedtls_gcm_setkey()
203 MBEDTLS_ENCRYPT)) != 0) { in mbedtls_gcm_setkey()
208 if ((ret = gcm_gen_table(ctx)) != 0) { in mbedtls_gcm_setkey()
212 return 0; in mbedtls_gcm_setkey()
217 0x0000, 0xc201, 0x8403, 0x4602, 0x0807, 0xca06, 0x8c04, 0x4e05,
218 0x100e, 0xd20f, 0x940d, 0x560c, 0x1809, 0xda08, 0x9c0a, 0x5e0b,
219 0x201c, 0xe21d, 0xa41f, 0x661e, 0x281b, 0xea1a, 0xac18, 0x6e19,
220 0x3012, 0xf213, 0xb411, 0x7610, 0x3815, 0xfa14, 0xbc16, 0x7e17,
221 0x4038, 0x8239, 0xc43b, 0x063a, 0x483f, 0x8a3e, 0xcc3c, 0x0e3d,
222 0x5036, 0x9237, 0xd435, 0x1634, 0x5831, 0x9a30, 0xdc32, 0x1e33,
223 0x6024, 0xa225, 0xe427, 0x2626, 0x6823, 0xaa22, 0xec20, 0x2e21,
224 0x702a, 0xb22b, 0xf429, 0x3628, 0x782d, 0xba2c, 0xfc2e, 0x3e2f,
225 0x8070, 0x4271, 0x0473, 0xc672, 0x8877, 0x4a76, 0x0c74, 0xce75,
226 0x907e, 0x527f, 0x147d, 0xd67c, 0x9879, 0x5a78, 0x1c7a, 0xde7b,
227 0xa06c, 0x626d, 0x246f, 0xe66e, 0xa86b, 0x6a6a, 0x2c68, 0xee69,
228 0xb062, 0x7263, 0x3461, 0xf660, 0xb865, 0x7a64, 0x3c66, 0xfe67,
229 0xc048, 0x0249, 0x444b, 0x864a, 0xc84f, 0x0a4e, 0x4c4c, 0x8e4d,
230 0xd046, 0x1247, 0x5445, 0x9644, 0xd841, 0x1a40, 0x5c42, 0x9e43,
231 0xe054, 0x2255, 0x6457, 0xa656, 0xe853, 0x2a52, 0x6c50, 0xae51,
232 0xf05a, 0x325b, 0x7459, 0xb658, 0xf85d, 0x3a5c, 0x7c5e, 0xbe5f,
233 0x00e1, 0xc2e0, 0x84e2, 0x46e3, 0x08e6, 0xcae7, 0x8ce5, 0x4ee4,
234 0x10ef, 0xd2ee, 0x94ec, 0x56ed, 0x18e8, 0xdae9, 0x9ceb, 0x5eea,
235 0x20fd, 0xe2fc, 0xa4fe, 0x66ff, 0x28fa, 0xeafb, 0xacf9, 0x6ef8,
236 0x30f3, 0xf2f2, 0xb4f0, 0x76f1, 0x38f4, 0xfaf5, 0xbcf7, 0x7ef6,
237 0x40d9, 0x82d8, 0xc4da, 0x06db, 0x48de, 0x8adf, 0xccdd, 0x0edc,
238 0x50d7, 0x92d6, 0xd4d4, 0x16d5, 0x58d0, 0x9ad1, 0xdcd3, 0x1ed2,
239 0x60c5, 0xa2c4, 0xe4c6, 0x26c7, 0x68c2, 0xaac3, 0xecc1, 0x2ec0,
240 0x70cb, 0xb2ca, 0xf4c8, 0x36c9, 0x78cc, 0xbacd, 0xfccf, 0x3ece,
241 0x8091, 0x4290, 0x0492, 0xc693, 0x8896, 0x4a97, 0x0c95, 0xce94,
242 0x909f, 0x529e, 0x149c, 0xd69d, 0x9898, 0x5a99, 0x1c9b, 0xde9a,
243 0xa08d, 0x628c, 0x248e, 0xe68f, 0xa88a, 0x6a8b, 0x2c89, 0xee88,
244 0xb083, 0x7282, 0x3480, 0xf681, 0xb884, 0x7a85, 0x3c87, 0xfe86,
245 0xc0a9, 0x02a8, 0x44aa, 0x86ab, 0xc8ae, 0x0aaf, 0x4cad, 0x8eac,
246 0xd0a7, 0x12a6, 0x54a4, 0x96a5, 0xd8a0, 0x1aa1, 0x5ca3, 0x9ea2,
247 0xe0b5, 0x22b4, 0x64b6, 0xa6b7, 0xe8b2, 0x2ab3, 0x6cb1, 0xaeb0,
248 0xf0bb, 0x32ba, 0x74b8, 0xb6b9, 0xf8bc, 0x3abd, 0x7cbf, 0xbebe
259 u64z[0] = 0; in gcm_mult_largetable()
260 u64z[1] = 0; in gcm_mult_largetable()
263 for (i = 15; i > 0; i--) { in gcm_mult_largetable()
269 u64z[0] >>= 8; in gcm_mult_largetable()
271 u16z[0] ^= MBEDTLS_GET_UINT16_LE(&last8[rem], 0); in gcm_mult_largetable()
274 for (i = 15; i > 0; i--) { in gcm_mult_largetable()
280 u64z[0] <<= 8; in gcm_mult_largetable()
282 u16z[0] ^= last8[rem]; in gcm_mult_largetable()
286 mbedtls_xor_no_simd(output, u8z, (uint8_t *) H[x[0]], 16); in gcm_mult_largetable()
296 0x0000, 0x1c20, 0x3840, 0x2460,
297 0x7080, 0x6ca0, 0x48c0, 0x54e0,
298 0xe100, 0xfd20, 0xd940, 0xc560,
299 0x9180, 0x8da0, 0xa9c0, 0xb5e0
304 int i = 0; in gcm_mult_smalltable()
310 lo = x[15] & 0xf; in gcm_mult_smalltable()
311 hi = (x[15] >> 4) & 0xf; in gcm_mult_smalltable()
315 rem = (unsigned char) pu64z[1] & 0xf; in gcm_mult_smalltable()
316 u64z[1] = (pu64z[0] << 60) | (pu64z[1] >> 4); in gcm_mult_smalltable()
317 u64z[0] = (pu64z[0] >> 4); in gcm_mult_smalltable()
318 u64z[0] ^= (uint64_t) last4[rem] << 48; in gcm_mult_smalltable()
321 for (i = 14; i >= 0; i--) { in gcm_mult_smalltable()
322 lo = x[i] & 0xf; in gcm_mult_smalltable()
323 hi = (x[i] >> 4) & 0xf; in gcm_mult_smalltable()
325 rem = (unsigned char) u64z[1] & 0xf; in gcm_mult_smalltable()
326 u64z[1] = (u64z[0] << 60) | (u64z[1] >> 4); in gcm_mult_smalltable()
327 u64z[0] = (u64z[0] >> 4); in gcm_mult_smalltable()
328 u64z[0] ^= (uint64_t) last4[rem] << 48; in gcm_mult_smalltable()
331 rem = (unsigned char) u64z[1] & 0xf; in gcm_mult_smalltable()
332 u64z[1] = (u64z[0] << 60) | (u64z[1] >> 4); in gcm_mult_smalltable()
333 u64z[0] = (u64z[0] >> 4); in gcm_mult_smalltable()
334 u64z[0] ^= (uint64_t) last4[rem] << 48; in gcm_mult_smalltable()
338 MBEDTLS_PUT_UINT64_BE(u64z[0], output, 0); in gcm_mult_smalltable()
387 size_t olen = 0; in mbedtls_gcm_starts()
392 if (iv_len == 0 || (uint64_t) iv_len >> 61 != 0) { in mbedtls_gcm_starts()
396 memset(ctx->y, 0x00, sizeof(ctx->y)); in mbedtls_gcm_starts()
397 memset(ctx->buf, 0x00, sizeof(ctx->buf)); in mbedtls_gcm_starts()
400 ctx->len = 0; in mbedtls_gcm_starts()
401 ctx->add_len = 0; in mbedtls_gcm_starts()
407 memset(work_buf, 0x00, 16); in mbedtls_gcm_starts()
412 while (iv_len > 0) { in mbedtls_gcm_starts()
417 #pragma GCC diagnostic warning "-Wstringop-overflow=0" in mbedtls_gcm_starts()
443 if (ret != 0) { in mbedtls_gcm_starts()
447 return 0; in mbedtls_gcm_starts()
455 * * len == 0 && add_len == 0: initial state
456 * * len == 0 && add_len % 16 != 0: the first `add_len % 16` bytes have
459 * * len == 0 && add_len % 16 == 0: the authentication tag is correct if
461 * * len % 16 != 0: the first `len % 16` bytes have
464 * * len > 0 && len % 16 == 0: the authentication tag is correct if
476 #if SIZE_MAX > 0xFFFFFFFFFFFFFFFFULL in mbedtls_gcm_update_ad()
477 if (add_len > 0xFFFFFFFFFFFFFFFFULL) { in mbedtls_gcm_update_ad()
482 if (new_add_len < ctx->add_len || new_add_len >> 61 != 0) { in mbedtls_gcm_update_ad()
489 if (offset != 0) { in mbedtls_gcm_update_ad()
517 if (add_len > 0) { in mbedtls_gcm_update_ad()
521 return 0; in mbedtls_gcm_update_ad()
545 size_t olen = 0; in gcm_mask()
548 if (ret != 0) { in gcm_mask()
561 return 0; in gcm_mask()
573 unsigned char ectr[16] = { 0 }; in mbedtls_gcm_update()
580 /* Exit early if input_length==0 so that we don't do any pointer arithmetic in mbedtls_gcm_update()
584 if (input_length == 0) { in mbedtls_gcm_update()
585 return 0; in mbedtls_gcm_update()
595 (uint64_t) ctx->len + input_length > 0xFFFFFFFE0ull) { in mbedtls_gcm_update()
599 if (ctx->len == 0 && ctx->add_len % 16 != 0) { in mbedtls_gcm_update()
604 if (offset != 0) { in mbedtls_gcm_update()
610 if ((ret = gcm_mask(ctx, ectr, offset, use_len, p, out_p)) != 0) { in mbedtls_gcm_update()
628 if ((ret = gcm_mask(ctx, ectr, 0, 16, p, out_p)) != 0) { in mbedtls_gcm_update()
639 if (input_length > 0) { in mbedtls_gcm_update()
641 if ((ret = gcm_mask(ctx, ectr, 0, input_length, p, out_p)) != 0) { in mbedtls_gcm_update()
647 return 0; in mbedtls_gcm_update()
663 *output_length = 0; in mbedtls_gcm_finish()
671 if (ctx->len == 0 && ctx->add_len % 16 != 0) { in mbedtls_gcm_finish()
679 if (ctx->len % 16 != 0) { in mbedtls_gcm_finish()
686 memset(work_buf, 0x00, 16); in mbedtls_gcm_finish()
688 MBEDTLS_PUT_UINT32_BE((orig_add_len >> 32), work_buf, 0); in mbedtls_gcm_finish()
700 return 0; in mbedtls_gcm_finish()
718 if ((ret = mbedtls_gcm_starts(ctx, mode, iv, iv_len)) != 0) { in mbedtls_gcm_crypt_and_tag()
722 if ((ret = mbedtls_gcm_update_ad(ctx, add, add_len)) != 0) { in mbedtls_gcm_crypt_and_tag()
727 output, length, &olen)) != 0) { in mbedtls_gcm_crypt_and_tag()
731 if ((ret = mbedtls_gcm_finish(ctx, NULL, 0, &olen, tag, tag_len)) != 0) { in mbedtls_gcm_crypt_and_tag()
735 return 0; in mbedtls_gcm_crypt_and_tag()
755 input, output, tag_len, check_tag)) != 0) { in mbedtls_gcm_auth_decrypt()
762 if (diff != 0) { in mbedtls_gcm_auth_decrypt()
767 return 0; in mbedtls_gcm_auth_decrypt()
794 { 0, 0, 1, 1, 1, 1 };
798 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
799 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
800 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
801 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
802 { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
803 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
804 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
805 0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 },
812 { 0, 0, 1, 1, 1, 2 };
816 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
817 0x00, 0x00, 0x00, 0x00 },
818 { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
819 0xde, 0xca, 0xf8, 0x88 },
820 { 0x93, 0x13, 0x22, 0x5d, 0xf8, 0x84, 0x06, 0xe5,
821 0x55, 0x90, 0x9c, 0x5a, 0xff, 0x52, 0x69, 0xaa,
822 0x6a, 0x7a, 0x95, 0x38, 0x53, 0x4f, 0x7d, 0xa1,
823 0xe4, 0xc3, 0x03, 0xd2, 0xa3, 0x18, 0xa7, 0x28,
824 0xc3, 0xc0, 0xc9, 0x51, 0x56, 0x80, 0x95, 0x39,
825 0xfc, 0xf0, 0xe2, 0x42, 0x9a, 0x6b, 0x52, 0x54,
826 0x16, 0xae, 0xdb, 0xf5, 0xa0, 0xde, 0x6a, 0x57,
827 0xa6, 0x37, 0xb3, 0x9b },
831 { 0, 0, 0, 20, 20, 20 };
834 { 0, 0, 0, 1, 1, 1 };
838 { 0x00 },
839 { 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
840 0xfe, 0xed, 0xfa, 0xce, 0xde, 0xad, 0xbe, 0xef,
841 0xab, 0xad, 0xda, 0xd2 },
845 { 0, 16, 64, 60, 60, 60 };
848 { 0, 0, 1, 1, 1, 1 };
852 { 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
853 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00 },
854 { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
855 0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
856 0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
857 0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
858 0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
859 0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
860 0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
861 0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 },
866 { 0x00 },
867 { 0x03, 0x88, 0xda, 0xce, 0x60, 0xb6, 0xa3, 0x92,
868 0xf3, 0x28, 0xc2, 0xb9, 0x71, 0xb2, 0xfe, 0x78 },
869 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
870 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
871 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
872 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
873 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
874 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
875 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
876 0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85 },
877 { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
878 0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
879 0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
880 0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
881 0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
882 0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
883 0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
884 0x3d, 0x58, 0xe0, 0x91 },
885 { 0x61, 0x35, 0x3b, 0x4c, 0x28, 0x06, 0x93, 0x4a,
886 0x77, 0x7f, 0xf5, 0x1f, 0xa2, 0x2a, 0x47, 0x55,
887 0x69, 0x9b, 0x2a, 0x71, 0x4f, 0xcd, 0xc6, 0xf8,
888 0x37, 0x66, 0xe5, 0xf9, 0x7b, 0x6c, 0x74, 0x23,
889 0x73, 0x80, 0x69, 0x00, 0xe4, 0x9f, 0x24, 0xb2,
890 0x2b, 0x09, 0x75, 0x44, 0xd4, 0x89, 0x6b, 0x42,
891 0x49, 0x89, 0xb5, 0xe1, 0xeb, 0xac, 0x0f, 0x07,
892 0xc2, 0x3f, 0x45, 0x98 },
893 { 0x8c, 0xe2, 0x49, 0x98, 0x62, 0x56, 0x15, 0xb6,
894 0x03, 0xa0, 0x33, 0xac, 0xa1, 0x3f, 0xb8, 0x94,
895 0xbe, 0x91, 0x12, 0xa5, 0xc3, 0xa2, 0x11, 0xa8,
896 0xba, 0x26, 0x2a, 0x3c, 0xca, 0x7e, 0x2c, 0xa7,
897 0x01, 0xe4, 0xa9, 0xa4, 0xfb, 0xa4, 0x3c, 0x90,
898 0xcc, 0xdc, 0xb2, 0x81, 0xd4, 0x8c, 0x7c, 0x6f,
899 0xd6, 0x28, 0x75, 0xd2, 0xac, 0xa4, 0x17, 0x03,
900 0x4c, 0x34, 0xae, 0xe5 },
902 { 0x00 },
903 { 0x98, 0xe7, 0x24, 0x7c, 0x07, 0xf0, 0xfe, 0x41,
904 0x1c, 0x26, 0x7e, 0x43, 0x84, 0xb0, 0xf6, 0x00 },
905 { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
906 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
907 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
908 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
909 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
910 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
911 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
912 0xcc, 0xda, 0x27, 0x10, 0xac, 0xad, 0xe2, 0x56 },
913 { 0x39, 0x80, 0xca, 0x0b, 0x3c, 0x00, 0xe8, 0x41,
914 0xeb, 0x06, 0xfa, 0xc4, 0x87, 0x2a, 0x27, 0x57,
915 0x85, 0x9e, 0x1c, 0xea, 0xa6, 0xef, 0xd9, 0x84,
916 0x62, 0x85, 0x93, 0xb4, 0x0c, 0xa1, 0xe1, 0x9c,
917 0x7d, 0x77, 0x3d, 0x00, 0xc1, 0x44, 0xc5, 0x25,
918 0xac, 0x61, 0x9d, 0x18, 0xc8, 0x4a, 0x3f, 0x47,
919 0x18, 0xe2, 0x44, 0x8b, 0x2f, 0xe3, 0x24, 0xd9,
920 0xcc, 0xda, 0x27, 0x10 },
921 { 0x0f, 0x10, 0xf5, 0x99, 0xae, 0x14, 0xa1, 0x54,
922 0xed, 0x24, 0xb3, 0x6e, 0x25, 0x32, 0x4d, 0xb8,
923 0xc5, 0x66, 0x63, 0x2e, 0xf2, 0xbb, 0xb3, 0x4f,
924 0x83, 0x47, 0x28, 0x0f, 0xc4, 0x50, 0x70, 0x57,
925 0xfd, 0xdc, 0x29, 0xdf, 0x9a, 0x47, 0x1f, 0x75,
926 0xc6, 0x65, 0x41, 0xd4, 0xd4, 0xda, 0xd1, 0xc9,
927 0xe9, 0x3a, 0x19, 0xa5, 0x8e, 0x8b, 0x47, 0x3f,
928 0xa0, 0xf0, 0x62, 0xf7 },
929 { 0xd2, 0x7e, 0x88, 0x68, 0x1c, 0xe3, 0x24, 0x3c,
930 0x48, 0x30, 0x16, 0x5a, 0x8f, 0xdc, 0xf9, 0xff,
931 0x1d, 0xe9, 0xa1, 0xd8, 0xe6, 0xb4, 0x47, 0xef,
932 0x6e, 0xf7, 0xb7, 0x98, 0x28, 0x66, 0x6e, 0x45,
933 0x81, 0xe7, 0x90, 0x12, 0xaf, 0x34, 0xdd, 0xd9,
934 0xe2, 0xf0, 0x37, 0x58, 0x9b, 0x29, 0x2d, 0xb3,
935 0xe6, 0x7c, 0x03, 0x67, 0x45, 0xfa, 0x22, 0xe7,
936 0xe9, 0xb7, 0x37, 0x3b },
937 { 0x00 },
938 { 0xce, 0xa7, 0x40, 0x3d, 0x4d, 0x60, 0x6b, 0x6e,
939 0x07, 0x4e, 0xc5, 0xd3, 0xba, 0xf3, 0x9d, 0x18 },
940 { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
941 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
942 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
943 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
944 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
945 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
946 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
947 0xbc, 0xc9, 0xf6, 0x62, 0x89, 0x80, 0x15, 0xad },
948 { 0x52, 0x2d, 0xc1, 0xf0, 0x99, 0x56, 0x7d, 0x07,
949 0xf4, 0x7f, 0x37, 0xa3, 0x2a, 0x84, 0x42, 0x7d,
950 0x64, 0x3a, 0x8c, 0xdc, 0xbf, 0xe5, 0xc0, 0xc9,
951 0x75, 0x98, 0xa2, 0xbd, 0x25, 0x55, 0xd1, 0xaa,
952 0x8c, 0xb0, 0x8e, 0x48, 0x59, 0x0d, 0xbb, 0x3d,
953 0xa7, 0xb0, 0x8b, 0x10, 0x56, 0x82, 0x88, 0x38,
954 0xc5, 0xf6, 0x1e, 0x63, 0x93, 0xba, 0x7a, 0x0a,
955 0xbc, 0xc9, 0xf6, 0x62 },
956 { 0xc3, 0x76, 0x2d, 0xf1, 0xca, 0x78, 0x7d, 0x32,
957 0xae, 0x47, 0xc1, 0x3b, 0xf1, 0x98, 0x44, 0xcb,
958 0xaf, 0x1a, 0xe1, 0x4d, 0x0b, 0x97, 0x6a, 0xfa,
959 0xc5, 0x2f, 0xf7, 0xd7, 0x9b, 0xba, 0x9d, 0xe0,
960 0xfe, 0xb5, 0x82, 0xd3, 0x39, 0x34, 0xa4, 0xf0,
961 0x95, 0x4c, 0xc2, 0x36, 0x3b, 0xc7, 0x3f, 0x78,
962 0x62, 0xac, 0x43, 0x0e, 0x64, 0xab, 0xe4, 0x99,
963 0xf4, 0x7c, 0x9b, 0x1f },
964 { 0x5a, 0x8d, 0xef, 0x2f, 0x0c, 0x9e, 0x53, 0xf1,
965 0xf7, 0x5d, 0x78, 0x53, 0x65, 0x9e, 0x2a, 0x20,
966 0xee, 0xb2, 0xb2, 0x2a, 0xaf, 0xde, 0x64, 0x19,
967 0xa0, 0x58, 0xab, 0x4f, 0x6f, 0x74, 0x6b, 0xf4,
968 0x0f, 0xc0, 0xc3, 0xb7, 0x80, 0xf2, 0x44, 0x45,
969 0x2d, 0xa3, 0xeb, 0xf1, 0xc5, 0xd8, 0x2c, 0xde,
970 0xa2, 0x41, 0x89, 0x97, 0x20, 0x0e, 0xf8, 0x2e,
971 0x44, 0xae, 0x7e, 0x3f },
977 { 0x58, 0xe2, 0xfc, 0xce, 0xfa, 0x7e, 0x30, 0x61,
978 0x36, 0x7f, 0x1d, 0x57, 0xa4, 0xe7, 0x45, 0x5a },
979 { 0xab, 0x6e, 0x47, 0xd4, 0x2c, 0xec, 0x13, 0xbd,
980 0xf5, 0x3a, 0x67, 0xb2, 0x12, 0x57, 0xbd, 0xdf },
981 { 0x4d, 0x5c, 0x2a, 0xf3, 0x27, 0xcd, 0x64, 0xa6,
982 0x2c, 0xf3, 0x5a, 0xbd, 0x2b, 0xa6, 0xfa, 0xb4 },
983 { 0x5b, 0xc9, 0x4f, 0xbc, 0x32, 0x21, 0xa5, 0xdb,
984 0x94, 0xfa, 0xe9, 0x5a, 0xe7, 0x12, 0x1a, 0x47 },
985 { 0x36, 0x12, 0xd2, 0xe7, 0x9e, 0x3b, 0x07, 0x85,
986 0x56, 0x1b, 0xe1, 0x4a, 0xac, 0xa2, 0xfc, 0xcb },
987 { 0x61, 0x9c, 0xc5, 0xae, 0xff, 0xfe, 0x0b, 0xfa,
988 0x46, 0x2a, 0xf4, 0x3c, 0x16, 0x99, 0xd0, 0x50 },
990 { 0xcd, 0x33, 0xb2, 0x8a, 0xc7, 0x73, 0xf7, 0x4b,
991 0xa0, 0x0e, 0xd1, 0xf3, 0x12, 0x57, 0x24, 0x35 },
992 { 0x2f, 0xf5, 0x8d, 0x80, 0x03, 0x39, 0x27, 0xab,
993 0x8e, 0xf4, 0xd4, 0x58, 0x75, 0x14, 0xf0, 0xfb },
994 { 0x99, 0x24, 0xa7, 0xc8, 0x58, 0x73, 0x36, 0xbf,
995 0xb1, 0x18, 0x02, 0x4d, 0xb8, 0x67, 0x4a, 0x14 },
996 { 0x25, 0x19, 0x49, 0x8e, 0x80, 0xf1, 0x47, 0x8f,
997 0x37, 0xba, 0x55, 0xbd, 0x6d, 0x27, 0x61, 0x8c },
998 { 0x65, 0xdc, 0xc5, 0x7f, 0xcf, 0x62, 0x3a, 0x24,
999 0x09, 0x4f, 0xcc, 0xa4, 0x0d, 0x35, 0x33, 0xf8 },
1000 { 0xdc, 0xf5, 0x66, 0xff, 0x29, 0x1c, 0x25, 0xbb,
1001 0xb8, 0x56, 0x8f, 0xc3, 0xd3, 0x76, 0xa6, 0xd9 },
1002 { 0x53, 0x0f, 0x8a, 0xfb, 0xc7, 0x45, 0x36, 0xb9,
1003 0xa9, 0x63, 0xb4, 0xf1, 0xc4, 0xcb, 0x73, 0x8b },
1004 { 0xd0, 0xd1, 0xc8, 0xa7, 0x99, 0x99, 0x6b, 0xf0,
1005 0x26, 0x5b, 0x98, 0xb5, 0xd4, 0x8a, 0xb9, 0x19 },
1006 { 0xb0, 0x94, 0xda, 0xc5, 0xd9, 0x34, 0x71, 0xbd,
1007 0xec, 0x1a, 0x50, 0x22, 0x70, 0xe3, 0xcc, 0x6c },
1008 { 0x76, 0xfc, 0x6e, 0xce, 0x0f, 0x4e, 0x17, 0x68,
1009 0xcd, 0xdf, 0x88, 0x53, 0xbb, 0x2d, 0x55, 0x1b },
1010 { 0x3a, 0x33, 0x7d, 0xbf, 0x46, 0xa7, 0x92, 0xc4,
1011 0x5e, 0x45, 0x49, 0x13, 0xfe, 0x2e, 0xa8, 0xf2 },
1012 { 0xa4, 0x4a, 0x82, 0x66, 0xee, 0x1c, 0x8e, 0xb0,
1013 0xc8, 0xb5, 0xd4, 0xcf, 0x5a, 0xe9, 0xf1, 0x9a },
1026 if (verbose != 0) { in mbedtls_gcm_self_test()
1049 for (j = 0; j < loop_limit; j++) { in mbedtls_gcm_self_test()
1052 for (i = 0; i < MAX_TESTS; i++) { in mbedtls_gcm_self_test()
1053 if (verbose != 0) { in mbedtls_gcm_self_test()
1071 } else if (ret != 0) { in mbedtls_gcm_self_test()
1091 if (ret != 0) { in mbedtls_gcm_self_test()
1096 pt_len_test_data[i]) != 0 || in mbedtls_gcm_self_test()
1097 memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { in mbedtls_gcm_self_test()
1104 if (verbose != 0) { in mbedtls_gcm_self_test()
1110 if (verbose != 0) { in mbedtls_gcm_self_test()
1118 if (ret != 0) { in mbedtls_gcm_self_test()
1130 if (ret != 0) { in mbedtls_gcm_self_test()
1135 pt_len_test_data[i]) != 0 || in mbedtls_gcm_self_test()
1136 memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { in mbedtls_gcm_self_test()
1143 if (verbose != 0) { in mbedtls_gcm_self_test()
1149 if (verbose != 0) { in mbedtls_gcm_self_test()
1157 if (ret != 0) { in mbedtls_gcm_self_test()
1164 if (ret != 0) { in mbedtls_gcm_self_test()
1171 if (ret != 0) { in mbedtls_gcm_self_test()
1181 if (ret != 0) { in mbedtls_gcm_self_test()
1192 if (ret != 0) { in mbedtls_gcm_self_test()
1203 if (ret != 0) { in mbedtls_gcm_self_test()
1211 ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16); in mbedtls_gcm_self_test()
1212 if (ret != 0) { in mbedtls_gcm_self_test()
1217 pt_len_test_data[i]) != 0 || in mbedtls_gcm_self_test()
1218 memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { in mbedtls_gcm_self_test()
1225 if (verbose != 0) { in mbedtls_gcm_self_test()
1231 if (verbose != 0) { in mbedtls_gcm_self_test()
1239 if (ret != 0) { in mbedtls_gcm_self_test()
1246 if (ret != 0) { in mbedtls_gcm_self_test()
1252 if (ret != 0) { in mbedtls_gcm_self_test()
1261 if (ret != 0) { in mbedtls_gcm_self_test()
1272 if (ret != 0) { in mbedtls_gcm_self_test()
1283 if (ret != 0) { in mbedtls_gcm_self_test()
1291 ret = mbedtls_gcm_finish(&ctx, NULL, 0, &olen, tag_buf, 16); in mbedtls_gcm_self_test()
1292 if (ret != 0) { in mbedtls_gcm_self_test()
1297 pt_len_test_data[i]) != 0 || in mbedtls_gcm_self_test()
1298 memcmp(tag_buf, tag_test_data[j * 6 + i], 16) != 0) { in mbedtls_gcm_self_test()
1305 if (verbose != 0) { in mbedtls_gcm_self_test()
1311 if (verbose != 0) { in mbedtls_gcm_self_test()
1315 ret = 0; in mbedtls_gcm_self_test()
1318 if (ret != 0) { in mbedtls_gcm_self_test()
1319 if (verbose != 0) { in mbedtls_gcm_self_test()