4 files changed, 47 insertions, 23 deletions

diff --git a/src/include/ipxe/crypto.h b/src/include/ipxe/crypto.h
index 931be05..d414480 100644
--- a/src/include/ipxe/crypto.h
+++ b/src/include/ipxe/crypto.h
@@ -54,25 +54,25 @@ struct cipher_algorithm {
 	size_t blocksize;
 	/** Set key
 	 *
-	 * @v ctx		Context
-	 * @v key		Key
-	 * @v keylen		Key length
-	 * @ret rc		Return status code
+	 * @v ctx	Context
+	 * @v key	Key
+	 * @v keylen	Key length
+	 * @ret rc	Return status code
 	 */
 	int ( * setkey ) ( void *ctx, const void *key, size_t keylen );
 	/** Set initialisation vector
 	 *
-	 * @v ctx		Context
-	 * @v iv		Initialisation vector
-	 * @v ivlen		Initialisation vector length
+	 * @v ctx	Context
+	 * @v iv	Initialisation vector
+	 * @v ivlen	Initialisation vector length
 	 */
 	void ( * setiv ) ( void *ctx, const void *iv, size_t ivlen );
 	/** Encrypt data
 	 *
-	 * @v ctx		Context
-	 * @v src		Data to encrypt
-	 * @v dst		Buffer for encrypted data
-	 * @v len		Length of data
+	 * @v ctx	Context
+	 * @v src	Data to encrypt
+	 * @v dst	Buffer for encrypted data, or NULL for additional data
+	 * @v len	Length of data
 	 *
 	 * @v len is guaranteed to be a multiple of @c blocksize.
 	 */
@@ -80,10 +80,10 @@ struct cipher_algorithm {
 			     size_t len );
 	/** Decrypt data
 	 *
-	 * @v ctx		Context
-	 * @v src		Data to decrypt
-	 * @v dst		Buffer for decrypted data
-	 * @v len		Length of data
+	 * @v ctx	Context
+	 * @v src	Data to decrypt
+	 * @v dst	Buffer for decrypted data, or NULL for additional data
+	 * @v len	Length of data
 	 *
 	 * @v len is guaranteed to be a multiple of @c blocksize.
 	 */
diff --git a/src/tests/aes_test.c b/src/tests/aes_test.c
index ad66c73..e7201fc 100644
--- a/src/tests/aes_test.c
+++ b/src/tests/aes_test.c
@@ -86,7 +86,7 @@ FILE_LICENCE ( GPL2_OR_LATER_OR_UBDL );
 
 /** AES-128-ECB (same test as AES-128-Core) */
 CIPHER_TEST ( aes_128_ecb, &aes_ecb_algorithm,
-	AES_KEY_NIST_128, AES_IV_NIST_DUMMY, AES_PLAINTEXT_NIST,
+	AES_KEY_NIST_128, AES_IV_NIST_DUMMY, ADDITIONAL(), AES_PLAINTEXT_NIST,
 	CIPHERTEXT ( 0x3a, 0xd7, 0x7b, 0xb4, 0x0d, 0x7a, 0x36, 0x60,
 		     0xa8, 0x9e, 0xca, 0xf3, 0x24, 0x66, 0xef, 0x97,
 		     0xf5, 0xd3, 0xd5, 0x85, 0x03, 0xb9, 0x69, 0x9d,
@@ -98,7 +98,7 @@ CIPHER_TEST ( aes_128_ecb, &aes_ecb_algorithm,
 
 /** AES-128-CBC */
 CIPHER_TEST ( aes_128_cbc, &aes_cbc_algorithm,
-	AES_KEY_NIST_128, AES_IV_NIST_CBC, AES_PLAINTEXT_NIST,
+	AES_KEY_NIST_128, AES_IV_NIST_CBC, ADDITIONAL(), AES_PLAINTEXT_NIST,
 	CIPHERTEXT ( 0x76, 0x49, 0xab, 0xac, 0x81, 0x19, 0xb2, 0x46,
 		     0xce, 0xe9, 0x8e, 0x9b, 0x12, 0xe9, 0x19, 0x7d,
 		     0x50, 0x86, 0xcb, 0x9b, 0x50, 0x72, 0x19, 0xee,
@@ -110,7 +110,7 @@ CIPHER_TEST ( aes_128_cbc, &aes_cbc_algorithm,
 
 /** AES-192-ECB (same test as AES-192-Core) */
 CIPHER_TEST ( aes_192_ecb, &aes_ecb_algorithm,
-	AES_KEY_NIST_192, AES_IV_NIST_DUMMY, AES_PLAINTEXT_NIST,
+	AES_KEY_NIST_192, AES_IV_NIST_DUMMY, ADDITIONAL(), AES_PLAINTEXT_NIST,
 	CIPHERTEXT ( 0xbd, 0x33, 0x4f, 0x1d, 0x6e, 0x45, 0xf2, 0x5f,
 		     0xf7, 0x12, 0xa2, 0x14, 0x57, 0x1f, 0xa5, 0xcc,
 		     0x97, 0x41, 0x04, 0x84, 0x6d, 0x0a, 0xd3, 0xad,
@@ -122,7 +122,7 @@ CIPHER_TEST ( aes_192_ecb, &aes_ecb_algorithm,
 
 /** AES-192-CBC */
 CIPHER_TEST ( aes_192_cbc, &aes_cbc_algorithm,
-	AES_KEY_NIST_192, AES_IV_NIST_CBC, AES_PLAINTEXT_NIST,
+	AES_KEY_NIST_192, AES_IV_NIST_CBC, ADDITIONAL(), AES_PLAINTEXT_NIST,
 	CIPHERTEXT ( 0x4f, 0x02, 0x1d, 0xb2, 0x43, 0xbc, 0x63, 0x3d,
 		     0x71, 0x78, 0x18, 0x3a, 0x9f, 0xa0, 0x71, 0xe8,
 		     0xb4, 0xd9, 0xad, 0xa9, 0xad, 0x7d, 0xed, 0xf4,
@@ -134,7 +134,7 @@ CIPHER_TEST ( aes_192_cbc, &aes_cbc_algorithm,
 
 /** AES-256-ECB (same test as AES-256-Core) */
 CIPHER_TEST ( aes_256_ecb, &aes_ecb_algorithm,
-	AES_KEY_NIST_256, AES_IV_NIST_DUMMY, AES_PLAINTEXT_NIST,
+	AES_KEY_NIST_256, AES_IV_NIST_DUMMY, ADDITIONAL(), AES_PLAINTEXT_NIST,
 	CIPHERTEXT ( 0xf3, 0xee, 0xd1, 0xbd, 0xb5, 0xd2, 0xa0, 0x3c,
 		     0x06, 0x4b, 0x5a, 0x7e, 0x3d, 0xb1, 0x81, 0xf8,
 		     0x59, 0x1c, 0xcb, 0x10, 0xd4, 0x10, 0xed, 0x26,
@@ -146,7 +146,7 @@ CIPHER_TEST ( aes_256_ecb, &aes_ecb_algorithm,
 
 /** AES-256-CBC */
 CIPHER_TEST ( aes_256_cbc, &aes_cbc_algorithm,
-	AES_KEY_NIST_256, AES_IV_NIST_CBC, AES_PLAINTEXT_NIST,
+	AES_KEY_NIST_256, AES_IV_NIST_CBC, ADDITIONAL(), AES_PLAINTEXT_NIST,
 	CIPHERTEXT ( 0xf5, 0x8c, 0x4c, 0x04, 0xd6, 0xe5, 0xf1, 0xba,
 		     0x77, 0x9e, 0xab, 0xfb, 0x5f, 0x7b, 0xfb, 0xd6,
 		     0x9c, 0xfc, 0x4e, 0x96, 0x7e, 0xdb, 0x80, 0x8d,
diff --git a/src/tests/cipher_test.c b/src/tests/cipher_test.c
index 5361502..c49b4b6 100644
--- a/src/tests/cipher_test.c
+++ b/src/tests/cipher_test.c
@@ -63,6 +63,12 @@ void cipher_encrypt_okx ( struct cipher_test *test, const char *file,
 	      file, line );
 	cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
 
+	/* Process additional data, if applicable */
+	if ( test->additional_len ) {
+		cipher_encrypt ( cipher, ctx, test->additional, NULL,
+				 test->additional_len );
+	}
+
 	/* Perform encryption */
 	cipher_encrypt ( cipher, ctx, test->plaintext, ciphertext, len );
 
@@ -89,7 +95,13 @@ void cipher_decrypt_okx ( struct cipher_test *test, const char *file,
 	      file, line );
 	cipher_setiv ( cipher, ctx, test->iv, test->iv_len );
 
-	/* Perform encryption */
+	/* Process additional data, if applicable */
+	if ( test->additional_len ) {
+		cipher_decrypt ( cipher, ctx, test->additional, NULL,
+				 test->additional_len );
+	}
+
+	/* Perform decryption */
 	cipher_decrypt ( cipher, ctx, test->ciphertext, plaintext, len );
 
 	/* Compare against expected plaintext */
diff --git a/src/tests/cipher_test.h b/src/tests/cipher_test.h
index d7c5aef..4139a77 100644
--- a/src/tests/cipher_test.h
+++ b/src/tests/cipher_test.h
@@ -25,6 +25,10 @@ struct cipher_test {
 	const void *iv;
 	/** Length of initialisation vector */
 	size_t iv_len;
+	/** Additional data */
+	const void *additional;
+	/** Length of additional data */
+	size_t additional_len;
 	/** Plaintext */
 	const void *plaintext;
 	/** Ciphertext */
@@ -39,6 +43,9 @@ struct cipher_test {
 /** Define inline initialisation vector */
 #define IV(...) { __VA_ARGS__ }
 
+/** Define inline additional data */
+#define ADDITIONAL(...) { __VA_ARGS__ }
+
 /** Define inline plaintext data */
 #define PLAINTEXT(...) { __VA_ARGS__ }
 
@@ -52,13 +59,16 @@ struct cipher_test {
  * @v CIPHER		Cipher algorithm
  * @v KEY		Key
  * @v IV		Initialisation vector
+ * @v ADDITIONAL	Additional data
  * @v PLAINTEXT		Plaintext
  * @v CIPHERTEXT	Ciphertext
  * @ret test		Cipher test
  */
-#define CIPHER_TEST( name, CIPHER, KEY, IV, PLAINTEXT, CIPHERTEXT )	\
+#define CIPHER_TEST( name, CIPHER, KEY, IV, ADDITIONAL, PLAINTEXT,	\
+		     CIPHERTEXT )					\
 	static const uint8_t name ## _key [] = KEY;			\
 	static const uint8_t name ## _iv [] = IV;			\
+	static const uint8_t name ## _additional [] = ADDITIONAL;	\
 	static const uint8_t name ## _plaintext [] = PLAINTEXT;		\
 	static const uint8_t name ## _ciphertext			\
 		[ sizeof ( name ## _plaintext ) ] = CIPHERTEXT;		\
@@ -68,6 +78,8 @@ struct cipher_test {
 		.key_len = sizeof ( name ## _key ),			\
 		.iv = name ## _iv,					\
 		.iv_len = sizeof ( name ## _iv ),			\
+		.additional = name ## _additional,			\
+		.additional_len = sizeof ( name ## _additional ),	\
 		.plaintext = name ## _plaintext,			\
 		.ciphertext = name ## _ciphertext,			\
 		.len = sizeof ( name ## _plaintext ),			\