Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 1 | /* BEGIN_HEADER */ |
Manuel Pégourié-Gonnard | 7f80997 | 2015-03-09 17:05:11 +0000 | [diff] [blame] | 2 | #include "mbedtls/gcm.h" |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 3 | |
| 4 | /* Use the multipart interface to process the encrypted data in two parts |
| 5 | * and check that the output matches the expected output. |
| 6 | * The context must have been set up with the key. */ |
| 7 | static int check_multipart( mbedtls_gcm_context *ctx, |
| 8 | int mode, |
| 9 | const data_t *iv, |
| 10 | const data_t *add, |
| 11 | const data_t *input, |
| 12 | const data_t *expected_output, |
| 13 | const data_t *tag, |
Mateusz Starzyk | af4ecdd | 2021-06-15 15:29:48 +0200 | [diff] [blame] | 14 | size_t n1, |
| 15 | size_t n1_add) |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 16 | { |
| 17 | int ok = 0; |
| 18 | uint8_t *output = NULL; |
| 19 | size_t n2 = input->len - n1; |
Mateusz Starzyk | 658f4fd | 2021-05-26 14:26:48 +0200 | [diff] [blame] | 20 | size_t n2_add = add->len - n1_add; |
Gilles Peskine | a56c448 | 2021-04-15 17:22:35 +0200 | [diff] [blame] | 21 | size_t olen; |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 22 | |
| 23 | /* Sanity checks on the test data */ |
| 24 | TEST_ASSERT( n1 <= input->len ); |
Mateusz Starzyk | 658f4fd | 2021-05-26 14:26:48 +0200 | [diff] [blame] | 25 | TEST_ASSERT( n1_add <= add->len ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 26 | TEST_EQUAL( input->len, expected_output->len ); |
| 27 | |
| 28 | TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode, |
Gilles Peskine | 295fc13 | 2021-04-15 18:32:23 +0200 | [diff] [blame] | 29 | iv->x, iv->len ) ); |
Mateusz Starzyk | 658f4fd | 2021-05-26 14:26:48 +0200 | [diff] [blame] | 30 | TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x, n1_add ) ); |
| 31 | TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x + n1_add, n2_add ) ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 32 | |
| 33 | /* Allocate a tight buffer for each update call. This way, if the function |
| 34 | * tries to write beyond the advertised required buffer size, this will |
| 35 | * count as an overflow for memory sanitizers and static checkers. */ |
| 36 | ASSERT_ALLOC( output, n1 ); |
Gilles Peskine | a56c448 | 2021-04-15 17:22:35 +0200 | [diff] [blame] | 37 | olen = 0xdeadbeef; |
| 38 | TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x, n1, output, n1, &olen ) ); |
| 39 | TEST_EQUAL( n1, olen ); |
| 40 | ASSERT_COMPARE( output, olen, expected_output->x, n1 ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 41 | mbedtls_free( output ); |
| 42 | output = NULL; |
| 43 | |
| 44 | ASSERT_ALLOC( output, n2 ); |
Gilles Peskine | a56c448 | 2021-04-15 17:22:35 +0200 | [diff] [blame] | 45 | olen = 0xdeadbeef; |
| 46 | TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x + n1, n2, output, n2, &olen ) ); |
| 47 | TEST_EQUAL( n2, olen ); |
| 48 | ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 49 | mbedtls_free( output ); |
| 50 | output = NULL; |
| 51 | |
| 52 | ASSERT_ALLOC( output, tag->len ); |
Gilles Peskine | 5a7be10 | 2021-06-23 21:51:32 +0200 | [diff] [blame] | 53 | TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen, output, tag->len ) ); |
| 54 | TEST_EQUAL( 0, olen ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 55 | ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); |
| 56 | mbedtls_free( output ); |
| 57 | output = NULL; |
| 58 | |
| 59 | ok = 1; |
| 60 | exit: |
| 61 | mbedtls_free( output ); |
| 62 | return( ok ); |
| 63 | } |
| 64 | |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 65 | static void check_cipher_with_empty_ad( mbedtls_gcm_context *ctx, |
| 66 | int mode, |
| 67 | const data_t *iv, |
| 68 | const data_t *input, |
| 69 | const data_t *expected_output, |
| 70 | const data_t *tag, |
| 71 | size_t ad_update_count) |
| 72 | { |
| 73 | size_t n; |
| 74 | uint8_t *output = NULL; |
| 75 | size_t olen; |
| 76 | |
| 77 | /* Sanity checks on the test data */ |
| 78 | TEST_EQUAL( input->len, expected_output->len ); |
| 79 | |
| 80 | TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode, |
| 81 | iv->x, iv->len ) ); |
| 82 | |
Mateusz Starzyk | 939a54c | 2021-06-22 11:12:28 +0200 | [diff] [blame] | 83 | for( n = 0; n < ad_update_count; n++ ) |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 84 | { |
| 85 | TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, NULL, 0 ) ); |
| 86 | } |
| 87 | |
| 88 | /* Allocate a tight buffer for each update call. This way, if the function |
| 89 | * tries to write beyond the advertised required buffer size, this will |
| 90 | * count as an overflow for memory sanitizers and static checkers. */ |
| 91 | ASSERT_ALLOC( output, input->len ); |
| 92 | olen = 0xdeadbeef; |
| 93 | TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x, input->len, output, input->len, &olen ) ); |
| 94 | TEST_EQUAL( input->len, olen ); |
| 95 | ASSERT_COMPARE( output, olen, expected_output->x, input->len ); |
| 96 | mbedtls_free( output ); |
| 97 | output = NULL; |
| 98 | |
| 99 | ASSERT_ALLOC( output, tag->len ); |
Gilles Peskine | 5a7be10 | 2021-06-23 21:51:32 +0200 | [diff] [blame] | 100 | TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen, output, tag->len ) ); |
| 101 | TEST_EQUAL( 0, olen ); |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 102 | ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); |
| 103 | |
| 104 | exit: |
| 105 | mbedtls_free( output ); |
| 106 | } |
| 107 | |
| 108 | static void check_empty_cipher_with_ad( mbedtls_gcm_context *ctx, |
| 109 | int mode, |
| 110 | const data_t *iv, |
| 111 | const data_t *add, |
| 112 | const data_t *tag, |
| 113 | size_t cipher_update_count) |
| 114 | { |
| 115 | size_t olen; |
| 116 | size_t n; |
| 117 | uint8_t* output_tag = NULL; |
| 118 | |
| 119 | TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode, iv->x, iv->len ) ); |
| 120 | TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x, add->len ) ); |
| 121 | |
Mateusz Starzyk | 939a54c | 2021-06-22 11:12:28 +0200 | [diff] [blame] | 122 | for( n = 0; n < cipher_update_count; n++ ) |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 123 | { |
| 124 | olen = 0xdeadbeef; |
| 125 | TEST_EQUAL( 0, mbedtls_gcm_update( ctx, NULL, 0, NULL, 0, &olen ) ); |
| 126 | TEST_EQUAL( 0, olen ); |
| 127 | } |
| 128 | |
| 129 | ASSERT_ALLOC( output_tag, tag->len ); |
Gilles Peskine | 5a7be10 | 2021-06-23 21:51:32 +0200 | [diff] [blame] | 130 | TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen, |
| 131 | output_tag, tag->len ) ); |
| 132 | TEST_EQUAL( 0, olen ); |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 133 | ASSERT_COMPARE( output_tag, tag->len, tag->x, tag->len ); |
| 134 | |
| 135 | exit: |
| 136 | mbedtls_free( output_tag ); |
| 137 | } |
| 138 | |
Mateusz Starzyk | 469c9f3 | 2021-06-18 00:06:52 +0200 | [diff] [blame] | 139 | static void check_no_cipher_no_ad( mbedtls_gcm_context *ctx, |
| 140 | int mode, |
| 141 | const data_t *iv, |
| 142 | const data_t *tag ) |
| 143 | { |
| 144 | uint8_t *output = NULL; |
Gilles Peskine | 5a7be10 | 2021-06-23 21:51:32 +0200 | [diff] [blame] | 145 | size_t olen = 0; |
Mateusz Starzyk | 469c9f3 | 2021-06-18 00:06:52 +0200 | [diff] [blame] | 146 | |
| 147 | TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode, |
| 148 | iv->x, iv->len ) ); |
| 149 | ASSERT_ALLOC( output, tag->len ); |
Gilles Peskine | 5a7be10 | 2021-06-23 21:51:32 +0200 | [diff] [blame] | 150 | TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, &olen, output, tag->len ) ); |
| 151 | TEST_EQUAL( 0, olen ); |
Mateusz Starzyk | 469c9f3 | 2021-06-18 00:06:52 +0200 | [diff] [blame] | 152 | ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); |
| 153 | |
| 154 | exit: |
| 155 | mbedtls_free( output ); |
| 156 | } |
| 157 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 158 | /* END_HEADER */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 159 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 160 | /* BEGIN_DEPENDENCIES |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 161 | * depends_on:MBEDTLS_GCM_C |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 162 | * END_DEPENDENCIES |
| 163 | */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 164 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 165 | /* BEGIN_CASE */ |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 166 | void gcm_bad_parameters( int cipher_id, int direction, |
Azim Khan | 5fcca46 | 2018-06-29 11:05:32 +0100 | [diff] [blame] | 167 | data_t *key_str, data_t *src_str, |
| 168 | data_t *iv_str, data_t *add_str, |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 169 | int tag_len_bits, int gcm_result ) |
| 170 | { |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 171 | unsigned char output[128]; |
| 172 | unsigned char tag_output[16]; |
| 173 | mbedtls_gcm_context ctx; |
Azim Khan | 317efe8 | 2017-08-02 17:33:54 +0100 | [diff] [blame] | 174 | size_t tag_len = tag_len_bits / 8; |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 175 | |
| 176 | mbedtls_gcm_init( &ctx ); |
| 177 | |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 178 | memset( output, 0x00, sizeof( output ) ); |
| 179 | memset( tag_output, 0x00, sizeof( tag_output ) ); |
Darryl Green | 11999bb | 2018-03-13 15:22:58 +0000 | [diff] [blame] | 180 | |
Azim Khan | 317efe8 | 2017-08-02 17:33:54 +0100 | [diff] [blame] | 181 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 182 | TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, src_str->len, iv_str->x, iv_str->len, |
| 183 | add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == gcm_result ); |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 184 | |
| 185 | exit: |
| 186 | mbedtls_gcm_free( &ctx ); |
| 187 | } |
| 188 | /* END_CASE */ |
| 189 | |
| 190 | /* BEGIN_CASE */ |
Azim Khan | 5fcca46 | 2018-06-29 11:05:32 +0100 | [diff] [blame] | 191 | void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, |
| 192 | data_t * src_str, data_t * iv_str, |
Ronald Cron | ac6ae35 | 2020-06-26 14:33:03 +0200 | [diff] [blame] | 193 | data_t * add_str, data_t * dst, |
| 194 | int tag_len_bits, data_t * tag, |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 195 | int init_result ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 196 | { |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 197 | unsigned char output[128]; |
| 198 | unsigned char tag_output[16]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 199 | mbedtls_gcm_context ctx; |
Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 200 | size_t tag_len = tag_len_bits / 8; |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 201 | size_t n1; |
Mateusz Starzyk | af4ecdd | 2021-06-15 15:29:48 +0200 | [diff] [blame] | 202 | size_t n1_add; |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 203 | |
Manuel Pégourié-Gonnard | c34e8dd | 2015-04-28 21:42:17 +0200 | [diff] [blame] | 204 | mbedtls_gcm_init( &ctx ); |
| 205 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 206 | memset(output, 0x00, 128); |
| 207 | memset(tag_output, 0x00, 16); |
| 208 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 209 | |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 210 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result ); |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 211 | if( init_result == 0 ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 212 | { |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 213 | TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 214 | |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 215 | ASSERT_COMPARE( output, src_str->len, dst->x, dst->len ); |
| 216 | ASSERT_COMPARE( tag_output, tag_len, tag->x, tag->len ); |
| 217 | |
Gilles Peskine | 58fc272 | 2021-04-13 15:58:27 +0200 | [diff] [blame] | 218 | for( n1 = 0; n1 <= src_str->len; n1 += 1 ) |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 219 | { |
Mateusz Starzyk | af4ecdd | 2021-06-15 15:29:48 +0200 | [diff] [blame] | 220 | for( n1_add = 0; n1_add <= add_str->len; n1_add += 1 ) |
| 221 | { |
Mateusz Starzyk | f8a0d4d | 2021-06-17 11:40:52 +0200 | [diff] [blame] | 222 | mbedtls_test_set_step( n1 * 10000 + n1_add ); |
Mateusz Starzyk | af4ecdd | 2021-06-15 15:29:48 +0200 | [diff] [blame] | 223 | if( !check_multipart( &ctx, MBEDTLS_GCM_ENCRYPT, |
| 224 | iv_str, add_str, src_str, |
| 225 | dst, tag, |
| 226 | n1, n1_add ) ) |
| 227 | goto exit; |
| 228 | } |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 229 | } |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 230 | } |
Manuel Pégourié-Gonnard | 4fe9200 | 2013-09-13 13:45:58 +0200 | [diff] [blame] | 231 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 232 | exit: |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 233 | mbedtls_gcm_free( &ctx ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 234 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 235 | /* END_CASE */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 236 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 237 | /* BEGIN_CASE */ |
Azim Khan | 5fcca46 | 2018-06-29 11:05:32 +0100 | [diff] [blame] | 238 | void gcm_decrypt_and_verify( int cipher_id, data_t * key_str, |
| 239 | data_t * src_str, data_t * iv_str, |
| 240 | data_t * add_str, int tag_len_bits, |
| 241 | data_t * tag_str, char * result, |
| 242 | data_t * pt_result, int init_result ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 243 | { |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 244 | unsigned char output[128]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 245 | mbedtls_gcm_context ctx; |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 246 | int ret; |
Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 247 | size_t tag_len = tag_len_bits / 8; |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 248 | size_t n1; |
Mateusz Starzyk | af4ecdd | 2021-06-15 15:29:48 +0200 | [diff] [blame] | 249 | size_t n1_add; |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 250 | |
Manuel Pégourié-Gonnard | c34e8dd | 2015-04-28 21:42:17 +0200 | [diff] [blame] | 251 | mbedtls_gcm_init( &ctx ); |
| 252 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 253 | memset(output, 0x00, 128); |
| 254 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 255 | |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 256 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result ); |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 257 | if( init_result == 0 ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 258 | { |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 259 | ret = mbedtls_gcm_auth_decrypt( &ctx, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, tag_str->x, tag_len, src_str->x, output ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 260 | |
Azim Khan | 46c9b1f | 2017-05-31 20:46:35 +0100 | [diff] [blame] | 261 | if( strcmp( "FAIL", result ) == 0 ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 262 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 263 | TEST_ASSERT( ret == MBEDTLS_ERR_GCM_AUTH_FAILED ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 264 | } |
| 265 | else |
| 266 | { |
Manuel Pégourié-Gonnard | f7ce67f | 2013-09-03 20:17:35 +0200 | [diff] [blame] | 267 | TEST_ASSERT( ret == 0 ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 268 | ASSERT_COMPARE( output, src_str->len, pt_result->x, pt_result->len ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 269 | |
Gilles Peskine | 58fc272 | 2021-04-13 15:58:27 +0200 | [diff] [blame] | 270 | for( n1 = 0; n1 <= src_str->len; n1 += 1 ) |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 271 | { |
Mateusz Starzyk | af4ecdd | 2021-06-15 15:29:48 +0200 | [diff] [blame] | 272 | for( n1_add = 0; n1_add <= add_str->len; n1_add += 1 ) |
| 273 | { |
Mateusz Starzyk | f8a0d4d | 2021-06-17 11:40:52 +0200 | [diff] [blame] | 274 | mbedtls_test_set_step( n1 * 10000 + n1_add ); |
Mateusz Starzyk | af4ecdd | 2021-06-15 15:29:48 +0200 | [diff] [blame] | 275 | if( !check_multipart( &ctx, MBEDTLS_GCM_DECRYPT, |
| 276 | iv_str, add_str, src_str, |
| 277 | pt_result, tag_str, |
| 278 | n1, n1_add ) ) |
| 279 | goto exit; |
| 280 | } |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 281 | } |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 282 | } |
| 283 | } |
Manuel Pégourié-Gonnard | 4fe9200 | 2013-09-13 13:45:58 +0200 | [diff] [blame] | 284 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 285 | exit: |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 286 | mbedtls_gcm_free( &ctx ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 287 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 288 | /* END_CASE */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 289 | |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 290 | /* BEGIN_CASE */ |
| 291 | void gcm_decrypt_and_verify_empty_cipher( int cipher_id, |
| 292 | data_t * key_str, |
| 293 | data_t * iv_str, |
| 294 | data_t * add_str, |
| 295 | data_t * tag_str, |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 296 | int cipher_update_calls ) |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 297 | { |
| 298 | mbedtls_gcm_context ctx; |
| 299 | |
| 300 | mbedtls_gcm_init( &ctx ); |
| 301 | |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 302 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 303 | check_empty_cipher_with_ad( &ctx, MBEDTLS_GCM_DECRYPT, |
| 304 | iv_str, add_str, tag_str, |
| 305 | cipher_update_calls ); |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 306 | |
| 307 | mbedtls_gcm_free( &ctx ); |
| 308 | } |
| 309 | /* END_CASE */ |
| 310 | |
| 311 | /* BEGIN_CASE */ |
| 312 | void gcm_decrypt_and_verify_empty_ad( int cipher_id, |
| 313 | data_t * key_str, |
| 314 | data_t * iv_str, |
| 315 | data_t * src_str, |
| 316 | data_t * tag_str, |
| 317 | data_t * pt_result, |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 318 | int ad_update_calls ) |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 319 | { |
| 320 | mbedtls_gcm_context ctx; |
| 321 | |
| 322 | mbedtls_gcm_init( &ctx ); |
| 323 | |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 324 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 325 | check_cipher_with_empty_ad( &ctx, MBEDTLS_GCM_DECRYPT, |
| 326 | iv_str, src_str, pt_result, tag_str, |
| 327 | ad_update_calls ); |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 328 | |
| 329 | mbedtls_gcm_free( &ctx ); |
| 330 | } |
| 331 | /* END_CASE */ |
| 332 | |
| 333 | /* BEGIN_CASE */ |
Mateusz Starzyk | 469c9f3 | 2021-06-18 00:06:52 +0200 | [diff] [blame] | 334 | void gcm_decrypt_and_verify_no_ad_no_cipher( int cipher_id, |
| 335 | data_t * key_str, |
| 336 | data_t * iv_str, |
| 337 | data_t * tag_str ) |
| 338 | { |
| 339 | mbedtls_gcm_context ctx; |
| 340 | |
| 341 | mbedtls_gcm_init( &ctx ); |
| 342 | |
| 343 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 344 | check_no_cipher_no_ad( &ctx, MBEDTLS_GCM_DECRYPT, |
| 345 | iv_str, tag_str ); |
| 346 | |
| 347 | mbedtls_gcm_free( &ctx ); |
| 348 | } |
| 349 | /* END_CASE */ |
| 350 | |
| 351 | /* BEGIN_CASE */ |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 352 | void gcm_encrypt_and_tag_empty_cipher( int cipher_id, |
| 353 | data_t * key_str, |
| 354 | data_t * iv_str, |
| 355 | data_t * add_str, |
| 356 | data_t * tag_str, |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 357 | int cipher_update_calls ) |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 358 | { |
| 359 | mbedtls_gcm_context ctx; |
| 360 | |
| 361 | mbedtls_gcm_init( &ctx ); |
| 362 | |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 363 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 364 | check_empty_cipher_with_ad( &ctx, MBEDTLS_GCM_ENCRYPT, |
| 365 | iv_str, add_str, tag_str, |
| 366 | cipher_update_calls ); |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 367 | |
| 368 | exit: |
| 369 | mbedtls_gcm_free( &ctx ); |
| 370 | } |
| 371 | /* END_CASE */ |
| 372 | |
| 373 | /* BEGIN_CASE */ |
| 374 | void gcm_encrypt_and_tag_empty_ad( int cipher_id, |
| 375 | data_t * key_str, |
| 376 | data_t * iv_str, |
| 377 | data_t * src_str, |
| 378 | data_t * dst, |
| 379 | data_t * tag_str, |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 380 | int ad_update_calls ) |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 381 | { |
| 382 | mbedtls_gcm_context ctx; |
| 383 | |
| 384 | mbedtls_gcm_init( &ctx ); |
| 385 | |
Mateusz Starzyk | 032a1ce | 2021-06-17 11:50:26 +0200 | [diff] [blame] | 386 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 387 | check_cipher_with_empty_ad( &ctx, MBEDTLS_GCM_ENCRYPT, |
| 388 | iv_str, src_str, dst, tag_str, |
| 389 | ad_update_calls ); |
Mateusz Starzyk | fc60622 | 2021-06-16 11:04:07 +0200 | [diff] [blame] | 390 | |
| 391 | exit: |
| 392 | mbedtls_gcm_free( &ctx ); |
| 393 | } |
| 394 | /* END_CASE */ |
| 395 | |
Mateusz Starzyk | 469c9f3 | 2021-06-18 00:06:52 +0200 | [diff] [blame] | 396 | /* BEGIN_CASE */ |
| 397 | void gcm_encrypt_and_verify_no_ad_no_cipher( int cipher_id, |
| 398 | data_t * key_str, |
| 399 | data_t * iv_str, |
| 400 | data_t * tag_str ) |
| 401 | { |
| 402 | mbedtls_gcm_context ctx; |
| 403 | |
| 404 | mbedtls_gcm_init( &ctx ); |
| 405 | |
| 406 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 407 | check_no_cipher_no_ad( &ctx, MBEDTLS_GCM_ENCRYPT, |
| 408 | iv_str, tag_str ); |
| 409 | |
| 410 | mbedtls_gcm_free( &ctx ); |
| 411 | } |
| 412 | /* END_CASE */ |
| 413 | |
TRodziewicz | 062f353 | 2021-05-25 15:15:57 +0200 | [diff] [blame] | 414 | /* BEGIN_CASE depends_on:NOT_DEFINED */ |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 415 | void gcm_invalid_param( ) |
| 416 | { |
| 417 | mbedtls_gcm_context ctx; |
| 418 | unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; |
| 419 | mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; |
Ronald Cron | 875b5fb | 2021-05-21 08:50:00 +0200 | [diff] [blame] | 420 | int invalid_bitlen = 1; |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 421 | |
| 422 | mbedtls_gcm_init( &ctx ); |
| 423 | |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 424 | /* mbedtls_gcm_setkey */ |
Ronald Cron | 875b5fb | 2021-05-21 08:50:00 +0200 | [diff] [blame] | 425 | TEST_EQUAL( |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 426 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| 427 | mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) ); |
| 428 | |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 429 | exit: |
| 430 | mbedtls_gcm_free( &ctx ); |
| 431 | } |
| 432 | /* END_CASE */ |
| 433 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 434 | /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ |
Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 435 | void gcm_selftest( ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 436 | { |
Andres AG | 93012e8 | 2016-09-09 09:10:28 +0100 | [diff] [blame] | 437 | TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 438 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 439 | /* END_CASE */ |