Merge branch 'master' of lab.las3.de:lwc/compare

mbed_aes_gcm/LWC_AEAD_KAT_128_96.txt

+Count = 1
+Key = 0C0102030405060708090A0B0C0D0E0F
+Nonce = FF0102030405060708090A0B
+PT = 10010203
+AD = 
+CT = 09F654220000000000000000000000003381ABB14002E61F0CABC2D4B535927F
+
+crypto_aead_decrypt returned <-18>
+PT = 00000000000000000000000000000000

mbed_aes_gcm/Makefile

 CC=gcc
-CFLAGS=-c -Wall
-LDFLAGS=
-SOURCES=aes.c cipher.c cipher_wrap.c gcm.c main.c platform.c platform_util.c
-OBJECTS=$(SOURCES:.c=.o)
-EXECUTABLE=gcm
+NISTGCCFLAGS=-std=c99 -Wall -Wextra -Wshadow -O2 
+LFLAGS=-lm
 
-all: $(SOURCES) $(EXECUTABLE)
+all: gcm
 
-$(EXECUTABLE): $(OBJECTS) 
-	$(CC) $(LDFLAGS) $(OBJECTS) -o $@
+gcm: gcm.c genkat_aead.c aes.c cipher.c cipher_wrap.c platform.c platform_util.c
+	$(CC) $(NISTGCCFLAGS) -o $@ $^ $(LFLAGS)
 
-.cpp.o:
-	$(CC) $(CFLAGS) $< -o $@
+.PHONY: clean
 
 clean:
-	rm -rf *.o out
+	rm -rf gcm
 

mbed_aes_gcm/api.h

 #define CRYPTO_KEYBYTES 16
 #define CRYPTO_NSECBYTES 0 
 #define CRYPTO_NPUBBYTES 12 
-#define CRYPTO_ABYTES 16 
+#define CRYPTO_ABYTES 16
 #define CRYPTO_NOOVERLAP 1 

mbed_aes_gcm/crypto_aead.h

-/* Reference implementation of ACE-128 AEAD
- Written by:
- Kalikinkar Mandal <kmandal@uwaterloo.ca>
- */
-
 typedef unsigned long long u64;
 
-int ace_init(
-			unsigned char *state, 
-			const unsigned char *npub,
-			const unsigned char *k
-			);
-int ace_ad(
-			unsigned char *state,
-			const unsigned char *ad, 
-			const u64 adlen
-		     );
-
-int ace_gentag(
-			unsigned char *tag, 
-			const unsigned char tlen,
-			unsigned char *state, 
-			const unsigned char *k
-			);
 int crypto_encrypt(
 		   unsigned char *c,unsigned long long *clen,
 		   const unsigned char *m,unsigned long long mlen,
@@ -56,9 +34,3 @@ int crypto_aead_decrypt(
 	const unsigned char *k
 );
 
-int ace_gentag(
-               unsigned char *tag,
-               const unsigned char tlen,
-               unsigned char *state,
-               const unsigned char *k
-               );

mbed_aes_gcm/example_decryption.c

-#include "gcm.h"
-#include "platform_util.h"
-#include "api.h"
-#include <stdio.h>
-#include "crypto_aead.h"
-
-static void single_encryption(void) {
-    // 32 bytes.. that's 256 bits
-    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
-    unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
-    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-      0xde, 0xca, 0xf8, 0x88 };
-    unsigned char ad[1400];
-    unsigned long long adlen = 0;
-    unsigned long long mlen = 0;
-    unsigned long long clen = 64;
-    unsigned char m[1400];
-    unsigned char nsec[CRYPTO_NSECBYTES];
-
-
-    //mbedtls_gcm_init( &ctx );
-    // 128 bits, not bytes!
-    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
-    
-    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
-    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
-    //mbedtls_gcm_free( &ctx );
-    
-    int res;
-    
-    res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k); 
-    if (res  == 0) {
-        printf("Local decryption test workerino!\n");
-    } else {
-        printf("Local test failed -.-\n");
-    }
-
-}
-
-int main(void) {
-    //mbedtls_gcm_self_test(1);
-    single_encryption();
-    return 0;
-}

mbed_aes_gcm/example_encryption.c

-#include "gcm.h"
-#include "platform_util.h"
-#include "api.h"
-#include <stdio.h>
-#include "crypto_aead.h"
-
-static void single_encryption(void) {
-    // 32 bytes.. that's 256 bits
-    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
-    unsigned char m[64] = { 0xd9, 0x31, 0x32, 0x25, 0xf8, 0x84, 0x06, 0xe5,
-      0xa5, 0x59, 0x09, 0xc5, 0xaf, 0xf5, 0x26, 0x9a,
-      0x86, 0xa7, 0xa9, 0x53, 0x15, 0x34, 0xf7, 0xda,
-      0x2e, 0x4c, 0x30, 0x3d, 0x8a, 0x31, 0x8a, 0x72,
-      0x1c, 0x3c, 0x0c, 0x95, 0x95, 0x68, 0x09, 0x53,
-      0x2f, 0xcf, 0x0e, 0x24, 0x49, 0xa6, 0xb5, 0x25,
-      0xb1, 0x6a, 0xed, 0xf5, 0xaa, 0x0d, 0xe6, 0x57,
-      0xba, 0x63, 0x7b, 0x39, 0x1a, 0xaf, 0xd2, 0x55 };
-    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-      0xde, 0xca, 0xf8, 0x88 };
-    unsigned char ad[1400];
-    unsigned long long adlen = 0;
-    unsigned long long mlen = 64;
-    unsigned long long clen = 0;
-    unsigned char c[1400];
-    unsigned char nsec[CRYPTO_NSECBYTES];
-
-
-    //mbedtls_gcm_init( &ctx );
-    // 128 bits, not bytes!
-    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
-    
-    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
-    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
-    //mbedtls_gcm_free( &ctx );
-    
-    int res;
-    res = crypto_aead_encrypt(c, &clen, m, mlen, ad, adlen, nsec, npub, k);
-    if (res  == 0) {
-        printf("Local encryption test workerino!\n");
-    } else {
-        printf("Local test failed -.-\n");
-    }
-
-}
-
-int main(void) {
-    //mbedtls_gcm_self_test(1);
-    single_encryption();
-    return 0;
-}

mbed_aes_gcm/gcm.c

@@ -38,6 +38,7 @@
 #if defined(MBEDTLS_GCM_C)
 
 #include "gcm.h"
+#include "api.h"
 #include "crypto_aead.h"
 #include "platform_util.h"
 
@@ -87,6 +88,8 @@
 }
 #endif
 
+
+
 /*
  * Initialize a context
  */
@@ -109,14 +112,17 @@ int crypto_aead_encrypt(
       )
 {
   mbedtls_gcm_context ctx;
-  unsigned char tag_buf[16];
   int ret;
+  unsigned long long mask = 15;
+  unsigned long long mlenp = (mlen + mask) & (~mask);
+  unsigned char tag_buf[CRYPTO_ABYTES];
+  *clen = mlenp + CRYPTO_ABYTES;
 
   mbedtls_gcm_init( &ctx );
   ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
   ret = mbedtls_gcm_crypt_and_tag( &ctx, 1, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
   mbedtls_gcm_free( &ctx );
-  
+  memcpy(c + mlenp, tag_buf, CRYPTO_ABYTES);
   return ret;
 }
 
@@ -130,12 +136,16 @@ int crypto_aead_decrypt(
 )
 {
   mbedtls_gcm_context ctx;
-  unsigned char tag_buf[16];
   int ret;
+  unsigned char tag_buf[CRYPTO_ABYTES];
+  
+  clen -= CRYPTO_ABYTES;
+  memcpy(tag_buf, c + clen, CRYPTO_ABYTES);
+  *mlen = clen;
 
   mbedtls_gcm_init( &ctx );
   ret = mbedtls_gcm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, k, 128);
-  ret = mbedtls_gcm_crypt_and_tag( &ctx, 0, mlen, npub, 12, ad, adlen, m, c, 16, tag_buf );
+  ret = mbedtls_gcm_auth_decrypt( &ctx, clen, npub, 12, ad, adlen, tag_buf, 16, c, m);
   mbedtls_gcm_free( &ctx );
   
   return ret;
@@ -829,7 +839,7 @@ int mbedtls_gcm_self_test( int verbose )
 {
     mbedtls_gcm_context ctx;
     unsigned char buf[64];
-    unsigned char tag_buf[16];
+    unsigned char tag_buf[CRYPTO_ABYTES];
     int i, j, ret;
     mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_AES;
 

mbed_aes_gcm/genkat_aead.c

+//
+// NIST-developed software is provided by NIST as a public service.
+// You may use, copy and distribute copies of the software in any medium,
+// provided that you keep intact this entire notice. You may improve, 
+// modify and create derivative works of the software or any portion of
+// the software, and you may copy and distribute such modifications or
+// works. Modified works should carry a notice stating that you changed
+// the software and should note the date and nature of any such change.
+// Please explicitly acknowledge the National Institute of Standards and 
+// Technology as the source of the software.
+//
+// NIST-developed software is expressly provided "AS IS." NIST MAKES NO 
+// WARRANTY OF ANY KIND, EXPRESS, IMPLIED, IN FACT OR ARISING BY OPERATION
+// OF LAW, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTY OF MERCHANTABILITY,
+// FITNESS FOR A PARTICULAR PURPOSE, NON-INFRINGEMENT AND DATA ACCURACY. NIST
+// NEITHER REPRESENTS NOR WARRANTS THAT THE OPERATION OF THE SOFTWARE WILL BE 
+// UNINTERRUPTED OR ERROR-FREE, OR THAT ANY DEFECTS WILL BE CORRECTED. NIST 
+// DOES NOT WARRANT OR MAKE ANY REPRESENTATIONS REGARDING THE USE OF THE SOFTWARE
+// OR THE RESULTS THEREOF, INCLUDING BUT NOT LIMITED TO THE CORRECTNESS, ACCURACY,
+// RELIABILITY, OR USEFULNESS OF THE SOFTWARE.
+//
+// You are solely responsible for determining the appropriateness of using and 
+// distributing the software and you assume all risks associated with its use, 
+// including but not limited to the risks and costs of program errors, compliance 
+// with applicable laws, damage to or loss of data, programs or equipment, and 
+// the unavailability or interruption of operation. This software is not intended
+// to be used in any situation where a failure could cause risk of injury or 
+// damage to property. The software developed by NIST employees is not subject to
+// copyright protection within the United States.
+//
+
+// disable deprecation for sprintf and fopen
+#ifdef _MSC_VER
+#define _CRT_SECURE_NO_WARNINGS
+#endif
+
+#include <stdio.h>
+#include <string.h>
+
+#include "crypto_aead.h"
+#include "api.h"
+
+#define KAT_SUCCESS          0
+#define KAT_FILE_OPEN_ERROR -1
+#define KAT_DATA_ERROR      -3
+#define KAT_CRYPTO_FAILURE  -4
+
+#define MAX_FILE_NAME				256
+#define MAX_MESSAGE_LENGTH			32
+#define MAX_ASSOCIATED_DATA_LENGTH	32
+
+void init_buffer(unsigned char *buffer, unsigned long long numbytes);
+
+void fprint_bstr(FILE *fp, const char *label, const unsigned char *data, unsigned long long length);
+
+int generate_test_vectors();
+
+int main()
+{
+	int ret = generate_test_vectors();
+
+	if (ret != KAT_SUCCESS) {
+		fprintf(stderr, "test vector generation failed with code %d\n", ret);
+	}
+
+	return ret;
+}
+
+int generate_test_vectors()
+{
+	FILE                *fp;
+	char                fileName[MAX_FILE_NAME];
+	unsigned char       key[CRYPTO_KEYBYTES];
+	unsigned char		nonce[CRYPTO_NPUBBYTES];
+	unsigned char       msg[MAX_MESSAGE_LENGTH];
+	unsigned char       ct[MAX_MESSAGE_LENGTH + CRYPTO_ABYTES];
+	unsigned char       msg2[MAX_MESSAGE_LENGTH];
+	unsigned char		ad[MAX_ASSOCIATED_DATA_LENGTH];
+	unsigned long long  clen, mlen2;
+	int                 count = 1;
+	int                 func_ret, ret_val = KAT_SUCCESS;
+
+	init_buffer(key, sizeof(key));
+	init_buffer(nonce, sizeof(nonce));
+	init_buffer(msg, sizeof(msg));
+	init_buffer(ad, sizeof(ad));
+
+	sprintf(fileName, "LWC_AEAD_KAT_%d_%d.txt", (CRYPTO_KEYBYTES * 8), (CRYPTO_NPUBBYTES * 8));
+
+	if ((fp = fopen(fileName, "w")) == NULL) {
+		fprintf(stderr, "Couldn't open <%s> for write\n", fileName);
+		return KAT_FILE_OPEN_ERROR;
+	}
+
+	for (unsigned long long mlen = 0; (mlen <= MAX_MESSAGE_LENGTH) && (ret_val == KAT_SUCCESS); mlen++) {
+
+		for (unsigned long long adlen = 0; adlen <= MAX_ASSOCIATED_DATA_LENGTH; adlen++) {
+
+
+			fprintf(fp, "Count = %d\n", count++);
+
+			fprint_bstr(fp, "Key = ", key, CRYPTO_KEYBYTES);
+
+			fprint_bstr(fp, "Nonce = ", nonce, CRYPTO_NPUBBYTES);
+
+			fprint_bstr(fp, "PT = ", msg, mlen);
+
+			fprint_bstr(fp, "AD = ", ad, adlen);
+
+			if ((func_ret = crypto_aead_encrypt(ct, &clen, msg, mlen, ad, adlen, NULL, nonce, key)) != 0) {
+				fprintf(fp, "crypto_aead_encrypt returned <%d>\n", func_ret);
+				ret_val = KAT_CRYPTO_FAILURE;
+				break;
+			}
+
+			fprint_bstr(fp, "CT = ", ct, clen);
+
+			fprintf(fp, "\n");
+
+
+			if ((func_ret = crypto_aead_decrypt(msg2, &mlen2, NULL, ct, clen, ad, adlen, nonce, key)) != 0) {
+				fprintf(fp, "crypto_aead_decrypt returned <%d>\n", func_ret);
+				ret_val = KAT_CRYPTO_FAILURE;
+			  fprint_bstr(fp, "PT = ", msg2, mlen2);
+				break;
+			}
+
+			if (mlen != mlen2) {
+				fprintf(fp, "crypto_aead_decrypt returned bad 'mlen': Got <%llu>, expected <%llu>\n", mlen2, mlen);
+				ret_val = KAT_CRYPTO_FAILURE;
+				break;
+			}
+
+			if (memcmp(msg, msg2, mlen)) {
+				fprintf(fp, "crypto_aead_decrypt did not recover the plaintext\n");
+				ret_val = KAT_CRYPTO_FAILURE;
+				break;
+			}
+		}
+	}
+
+	fclose(fp);
+
+	return ret_val;
+}
+
+
+void fprint_bstr(FILE *fp, const char *label, const unsigned char *data, unsigned long long length)
+{    
+    fprintf(fp, "%s", label);
+        
+	for (unsigned long long i = 0; i < length; i++)
+		fprintf(fp, "%02X", data[i]);
+	    
+    fprintf(fp, "\n");
+}
+
+void init_buffer(unsigned char *buffer, unsigned long long numbytes)
+{
+	for (unsigned long long i = 0; i < numbytes; i++)
+		buffer[i] = (unsigned char)i;
+}

mbed_aes_gcm/main.

-#include "gcm.h"
-#include "platform_util.h"
-#include "api.h"
-#include <stdio.h>
-#include "crypto_aead.h"
-
-static void single_encryption(void) {
-    // 32 bytes.. that's 256 bits
-    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
-    unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
-    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-      0xde, 0xca, 0xf8, 0x88 };
-    unsigned char ad[1400];
-    unsigned long long adlen = 0;
-    unsigned long long mlen = 0;
-    unsigned long long clen = 64;
-    unsigned char m[1400];
-    unsigned char nsec[CRYPTO_NSECBYTES];
-
-
-    //mbedtls_gcm_init( &ctx );
-    // 128 bits, not bytes!
-    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
-    
-    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
-    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
-    //mbedtls_gcm_free( &ctx );
-    
-    int res;
-    
-    res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k); 
-    if (res  == 0) {
-        printf("Local decryption test workerino!\n");
-    } else {
-        printf("Local test failed -.-\n");
-    }
-
-}
-
-int main(void) {
-    //mbedtls_gcm_self_test(1);
-    single_encryption();
-    return 0;
-}

mbed_aes_gcm/main.c

-#include "gcm.h"
-#include "platform_util.h"
-#include "api.h"
-#include <stdio.h>
-#include "crypto_aead.h"
-
-static void single_encryption(void) {
-    // 32 bytes.. that's 256 bits
-    const unsigned char k[32] = { 0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08,
-      0xfe, 0xff, 0xe9, 0x92, 0x86, 0x65, 0x73, 0x1c,
-      0x6d, 0x6a, 0x8f, 0x94, 0x67, 0x30, 0x83, 0x08 };
-    unsigned char c[64] = { 0x42, 0x83, 0x1e, 0xc2, 0x21, 0x77, 0x74, 0x24,
-      0x4b, 0x72, 0x21, 0xb7, 0x84, 0xd0, 0xd4, 0x9c,
-      0xe3, 0xaa, 0x21, 0x2f, 0x2c, 0x02, 0xa4, 0xe0,
-      0x35, 0xc1, 0x7e, 0x23, 0x29, 0xac, 0xa1, 0x2e,
-      0x21, 0xd5, 0x14, 0xb2, 0x54, 0x66, 0x93, 0x1c,
-      0x7d, 0x8f, 0x6a, 0x5a, 0xac, 0x84, 0xaa, 0x05,
-      0x1b, 0xa3, 0x0b, 0x39, 0x6a, 0x0a, 0xac, 0x97,
-0x3d, 0x58, 0xe0, 0x91, 0x47, 0x3f, 0x59, 0x85};
-    unsigned char npub[12] = { 0xca, 0xfe, 0xba, 0xbe, 0xfa, 0xce, 0xdb, 0xad,
-      0xde, 0xca, 0xf8, 0x88 };
-    unsigned char ad[1400];
-    unsigned long long adlen = 0;
-    unsigned long long mlen = 0;
-    unsigned long long clen = 64;
-    unsigned char m[1400];
-    unsigned char nsec[CRYPTO_NSECBYTES];
-
-
-    //mbedtls_gcm_init( &ctx );
-    // 128 bits, not bytes!
-    //ret = mbedtls_gcm_setkey( &ctx, cipher, key, 128 );
-    
-    // Context, flag (1/0), length, nonce, nonce_len, AD, AD_len, PT, output, tag_len, tag
-    //ret = mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, 64, initial_value, 12, additional, 0, plaintext, buf, 16, tag_buf);
-    //mbedtls_gcm_free( &ctx );
-    
-    int res;
-    
-    res = crypto_aead_decrypt(m, mlen, nsec, c, clen, ad, adlen, npub, k); 
-    if (res  == 0) {
-        printf("Local decryption test workerino!\n");
-    } else {
-        printf("Local test failed -.-\n");
-    }
-
-}
-
-int main(void) {
-    //mbedtls_gcm_self_test(1);
-    single_encryption();
-    return 0;
-}

mbed_aes_gcm/self_test.c

+#include "gcm.h"
+
+int main() {
+  mbedtls_gcm_self_test(1);
+  return 0;  
+}
+
+
+