TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / fba59211869f562d5b27110815bf9007d4fda87a^! / . / tests / suites / test_suite_aes.function
commitfba59211869f562d5b27110815bf9007d4fda87a[log] [tgz]
authorAndrzej Kurek <andrzej.kurek@arm.com>Fri Aug 07 21:02:25 2020 -0400
committerAndrzej Kurek <andrzej.kurek@arm.com>Sat Aug 08 19:06:44 2020 -0400
tree8a5eef1c00384d7ba5d0a6d1a7136a45e6f06139
parent9df2b416b908b7ce206386a04980ac9f6c66b57c [diff] [blame]
aes: validate keys using crc before encryption/decryption

CRC is calculated when the key is set. This commit also adds new tests
for ecb encryption and decryption, simulating a fault injection after the key is set.
Signed-off-by: Andrzej Kurek <andrzej.kurek@arm.com>

diff --git a/tests/suites/test_suite_aes.function b/tests/suites/test_suite_aes.function
index da8c1e9..2a2f9cb 100644
--- a/tests/suites/test_suite_aes.function
+++ b/tests/suites/test_suite_aes.function

@@ -1,5 +1,6 @@
 /* BEGIN_HEADER */
 #include "mbedtls/aes.h"
+#include "mbedtls/platform.h"
 /* END_HEADER */
 
 /* BEGIN_DEPENDENCIES
@@ -369,6 +370,60 @@
 }
 /* END_CASE */
 
+/* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */
+void aes_encrypt_ecb_crc( data_t * key_str, data_t * src_str,
+                          data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc )
+{
+    unsigned char output[100];
+    mbedtls_aes_context ctx;
+
+    memset(output, 0x00, 100);
+
+    mbedtls_aes_init( &ctx );
+
+    TEST_ASSERT( mbedtls_aes_setkey_enc( &ctx, key_str->x, key_str->len * 8 ) == 0 );
+
+    if( check_crc )
+        TEST_ASSERT( ctx.crc == crc );
+    else
+        ctx.crc = crc;
+
+    TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_ENCRYPT, src_str->x, output ) == crypt_result );
+
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+
+exit:
+    mbedtls_aes_free( &ctx );
+}
+/* END_CASE */
+
+/* BEGIN_CASE depends_on:MBEDTLS_VALIDATE_AES_KEYS_INTEGRITY:MBEDTLS_AES_SCA_COUNTERMEASURES:!MBEDTLS_AES_SETKEY_ENC_ALT:!MBEDTLS_AESNI_C */
+void aes_decrypt_ecb_crc( data_t * key_str, data_t * src_str,
+                          data_t * hex_dst_string, unsigned int crc, int crypt_result, int check_crc )
+{
+    unsigned char output[100];
+    mbedtls_aes_context ctx;
+
+    memset(output, 0x00, 100);
+
+    mbedtls_aes_init( &ctx );
+
+    TEST_ASSERT( mbedtls_aes_setkey_dec( &ctx, key_str->x, key_str->len * 8 ) == 0 );
+
+    if( check_crc )
+        TEST_ASSERT( ctx.crc == crc );
+    else
+        ctx.crc = crc;
+
+    TEST_ASSERT( mbedtls_aes_crypt_ecb( &ctx, MBEDTLS_AES_DECRYPT, src_str->x, output ) == crypt_result );
+
+    TEST_ASSERT( hexcmp( output, hex_dst_string->x, 16, hex_dst_string->len ) == 0 );
+
+exit:
+    mbedtls_aes_free( &ctx );
+}
+/* END_CASE */
+
 /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
 void aes_check_params( )
 {