The GCMVS requires the following tests:
- GCM/GMAC Authenticated Encryption
- GCM/GMAC Authenticated Decryption
- XPN Authenticated Encryption
- XPN Authenticated Decryption
There are several configuration options available for GCMVS, which are determined by the features supported by the implementation under test (IUT). These include mode of operation, key length, source of Initialization Vector (IV) / Salt, Plaintext (PT) length, Additional Authenticated Data (AAD) length, and Authentication Tag / Integrity Check Value (ICV) length. The configurations used for the HSC Subsystem are:
- External 96-bit IV/Salt for all tests
- 128-bit Authentication Tag (ICV) length for all tests
- Plaintext (PT) lengths of 0 to any-number-of-bits
- The GCMVS requires support for:
- 0 bits
- 2 cases that are multiples of 128-bit
- 2 cases that are non-multiples of 128-bit
- The HSC Subsystem supports any number of PT bits
- The GCMVS requires support for:
- AAD lengths of 0 to 504-bits (or greater)
- The GCMVS requires support for:
- 0 bits
- 2 cases that are multiples of 128-bit
- 2 cases that are non-multiples of 128-bit
- The HSC Subsystem supports up to 63 bytes (63*8=504-bits) of AAD when Plaintext (PT) / Ciphertext (CT) is non-zero
- The HSC Subsystem supports >63 bytes of AAD when PT/CT is 0 (Authentication-Only mode)
- The GCMVS requires support for:
- Key sizes of 128 and 256-bits
- Encryption and Decryption
- GCM/GMAC (Non-XPN) and XPN modes
The GCMVS generates all valid combinations of the above, and they must be supported by the design. As examples, the following are a subset of the valid configurations:
- Encryption, 128-bit key, 128-bit PT, 128-bit AAD, Non-XPN
- Encryption, 128-bit key, 128-bit PT, 256-bit AAD, Non-XPN
- Encryption, 128-bit key, 128-bit PT, 256-bit AAD, XPN
- Decryption, 128-bit key, 128-bit PT, 256-bit AAD, XPN