Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 1 | /* BEGIN_HEADER */ |
Manuel Pégourié-Gonnard | 7f80997 | 2015-03-09 17:05:11 +0000 | [diff] [blame] | 2 | #include "mbedtls/gcm.h" |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 3 | |
| 4 | /* Use the multipart interface to process the encrypted data in two parts |
| 5 | * and check that the output matches the expected output. |
| 6 | * The context must have been set up with the key. */ |
| 7 | static int check_multipart( mbedtls_gcm_context *ctx, |
| 8 | int mode, |
| 9 | const data_t *iv, |
| 10 | const data_t *add, |
| 11 | const data_t *input, |
| 12 | const data_t *expected_output, |
| 13 | const data_t *tag, |
| 14 | size_t n1 ) |
| 15 | { |
| 16 | int ok = 0; |
| 17 | uint8_t *output = NULL; |
| 18 | size_t n2 = input->len - n1; |
Mateusz Starzyk | 658f4fd | 2021-05-26 14:26:48 +0200 | [diff] [blame^] | 19 | size_t n1_add = n1 < add->len ? add->len - n1 : add->len; |
| 20 | size_t n2_add = add->len - n1_add; |
Gilles Peskine | a56c448 | 2021-04-15 17:22:35 +0200 | [diff] [blame] | 21 | size_t olen; |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 22 | |
| 23 | /* Sanity checks on the test data */ |
| 24 | TEST_ASSERT( n1 <= input->len ); |
Mateusz Starzyk | 658f4fd | 2021-05-26 14:26:48 +0200 | [diff] [blame^] | 25 | TEST_ASSERT( n1_add <= add->len ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 26 | TEST_EQUAL( input->len, expected_output->len ); |
| 27 | |
| 28 | TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode, |
Gilles Peskine | 295fc13 | 2021-04-15 18:32:23 +0200 | [diff] [blame] | 29 | iv->x, iv->len ) ); |
Mateusz Starzyk | 658f4fd | 2021-05-26 14:26:48 +0200 | [diff] [blame^] | 30 | TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x, n1_add ) ); |
| 31 | TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x + n1_add, n2_add ) ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 32 | |
| 33 | /* Allocate a tight buffer for each update call. This way, if the function |
| 34 | * tries to write beyond the advertised required buffer size, this will |
| 35 | * count as an overflow for memory sanitizers and static checkers. */ |
| 36 | ASSERT_ALLOC( output, n1 ); |
Gilles Peskine | a56c448 | 2021-04-15 17:22:35 +0200 | [diff] [blame] | 37 | olen = 0xdeadbeef; |
| 38 | TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x, n1, output, n1, &olen ) ); |
| 39 | TEST_EQUAL( n1, olen ); |
| 40 | ASSERT_COMPARE( output, olen, expected_output->x, n1 ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 41 | mbedtls_free( output ); |
| 42 | output = NULL; |
| 43 | |
| 44 | ASSERT_ALLOC( output, n2 ); |
Gilles Peskine | a56c448 | 2021-04-15 17:22:35 +0200 | [diff] [blame] | 45 | olen = 0xdeadbeef; |
| 46 | TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x + n1, n2, output, n2, &olen ) ); |
| 47 | TEST_EQUAL( n2, olen ); |
| 48 | ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 49 | mbedtls_free( output ); |
| 50 | output = NULL; |
| 51 | |
| 52 | ASSERT_ALLOC( output, tag->len ); |
Gilles Peskine | 9461e45 | 2021-04-15 16:48:32 +0200 | [diff] [blame] | 53 | TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, output, tag->len ) ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 54 | ASSERT_COMPARE( output, tag->len, tag->x, tag->len ); |
| 55 | mbedtls_free( output ); |
| 56 | output = NULL; |
| 57 | |
| 58 | ok = 1; |
| 59 | exit: |
| 60 | mbedtls_free( output ); |
| 61 | return( ok ); |
| 62 | } |
| 63 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 64 | /* END_HEADER */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 65 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 66 | /* BEGIN_DEPENDENCIES |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 67 | * depends_on:MBEDTLS_GCM_C |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 68 | * END_DEPENDENCIES |
| 69 | */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 70 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 71 | /* BEGIN_CASE */ |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 72 | void gcm_bad_parameters( int cipher_id, int direction, |
Azim Khan | 5fcca46 | 2018-06-29 11:05:32 +0100 | [diff] [blame] | 73 | data_t *key_str, data_t *src_str, |
| 74 | data_t *iv_str, data_t *add_str, |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 75 | int tag_len_bits, int gcm_result ) |
| 76 | { |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 77 | unsigned char output[128]; |
| 78 | unsigned char tag_output[16]; |
| 79 | mbedtls_gcm_context ctx; |
Azim Khan | 317efe8 | 2017-08-02 17:33:54 +0100 | [diff] [blame] | 80 | size_t tag_len = tag_len_bits / 8; |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 81 | |
| 82 | mbedtls_gcm_init( &ctx ); |
| 83 | |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 84 | memset( output, 0x00, sizeof( output ) ); |
| 85 | memset( tag_output, 0x00, sizeof( tag_output ) ); |
Darryl Green | 11999bb | 2018-03-13 15:22:58 +0000 | [diff] [blame] | 86 | |
Azim Khan | 317efe8 | 2017-08-02 17:33:54 +0100 | [diff] [blame] | 87 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 ); |
| 88 | TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, src_str->len, iv_str->x, iv_str->len, |
| 89 | add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == gcm_result ); |
Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 90 | |
| 91 | exit: |
| 92 | mbedtls_gcm_free( &ctx ); |
| 93 | } |
| 94 | /* END_CASE */ |
| 95 | |
| 96 | /* BEGIN_CASE */ |
Azim Khan | 5fcca46 | 2018-06-29 11:05:32 +0100 | [diff] [blame] | 97 | void gcm_encrypt_and_tag( int cipher_id, data_t * key_str, |
| 98 | data_t * src_str, data_t * iv_str, |
Ronald Cron | ac6ae35 | 2020-06-26 14:33:03 +0200 | [diff] [blame] | 99 | data_t * add_str, data_t * dst, |
| 100 | int tag_len_bits, data_t * tag, |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 101 | int init_result ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 102 | { |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 103 | unsigned char output[128]; |
| 104 | unsigned char tag_output[16]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 105 | mbedtls_gcm_context ctx; |
Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 106 | size_t tag_len = tag_len_bits / 8; |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 107 | size_t n1; |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 108 | |
Manuel Pégourié-Gonnard | c34e8dd | 2015-04-28 21:42:17 +0200 | [diff] [blame] | 109 | mbedtls_gcm_init( &ctx ); |
| 110 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 111 | memset(output, 0x00, 128); |
| 112 | memset(tag_output, 0x00, 16); |
| 113 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 114 | |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 115 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result ); |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 116 | if( init_result == 0 ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 117 | { |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 118 | TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 119 | |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 120 | ASSERT_COMPARE( output, src_str->len, dst->x, dst->len ); |
| 121 | ASSERT_COMPARE( tag_output, tag_len, tag->x, tag->len ); |
| 122 | |
Gilles Peskine | 58fc272 | 2021-04-13 15:58:27 +0200 | [diff] [blame] | 123 | for( n1 = 0; n1 <= src_str->len; n1 += 1 ) |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 124 | { |
| 125 | mbedtls_test_set_step( n1 ); |
| 126 | if( !check_multipart( &ctx, MBEDTLS_GCM_ENCRYPT, |
| 127 | iv_str, add_str, src_str, |
| 128 | dst, tag, |
| 129 | n1 ) ) |
| 130 | goto exit; |
| 131 | } |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 132 | } |
Manuel Pégourié-Gonnard | 4fe9200 | 2013-09-13 13:45:58 +0200 | [diff] [blame] | 133 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 134 | exit: |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 135 | mbedtls_gcm_free( &ctx ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 136 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 137 | /* END_CASE */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 138 | |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 139 | /* BEGIN_CASE */ |
Azim Khan | 5fcca46 | 2018-06-29 11:05:32 +0100 | [diff] [blame] | 140 | void gcm_decrypt_and_verify( int cipher_id, data_t * key_str, |
| 141 | data_t * src_str, data_t * iv_str, |
| 142 | data_t * add_str, int tag_len_bits, |
| 143 | data_t * tag_str, char * result, |
| 144 | data_t * pt_result, int init_result ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 145 | { |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 146 | unsigned char output[128]; |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 147 | mbedtls_gcm_context ctx; |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 148 | int ret; |
Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 149 | size_t tag_len = tag_len_bits / 8; |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 150 | size_t n1; |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 151 | |
Manuel Pégourié-Gonnard | c34e8dd | 2015-04-28 21:42:17 +0200 | [diff] [blame] | 152 | mbedtls_gcm_init( &ctx ); |
| 153 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 154 | memset(output, 0x00, 128); |
| 155 | |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 156 | |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 157 | TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result ); |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 158 | if( init_result == 0 ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 159 | { |
Azim Khan | d30ca13 | 2017-06-09 04:32:58 +0100 | [diff] [blame] | 160 | ret = mbedtls_gcm_auth_decrypt( &ctx, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, tag_str->x, tag_len, src_str->x, output ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 161 | |
Azim Khan | 46c9b1f | 2017-05-31 20:46:35 +0100 | [diff] [blame] | 162 | if( strcmp( "FAIL", result ) == 0 ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 163 | { |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 164 | TEST_ASSERT( ret == MBEDTLS_ERR_GCM_AUTH_FAILED ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 165 | } |
| 166 | else |
| 167 | { |
Manuel Pégourié-Gonnard | f7ce67f | 2013-09-03 20:17:35 +0200 | [diff] [blame] | 168 | TEST_ASSERT( ret == 0 ); |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 169 | ASSERT_COMPARE( output, src_str->len, pt_result->x, pt_result->len ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 170 | |
Gilles Peskine | 58fc272 | 2021-04-13 15:58:27 +0200 | [diff] [blame] | 171 | for( n1 = 0; n1 <= src_str->len; n1 += 1 ) |
Gilles Peskine | 36dd93e | 2021-04-13 13:02:03 +0200 | [diff] [blame] | 172 | { |
| 173 | mbedtls_test_set_step( n1 ); |
| 174 | if( !check_multipart( &ctx, MBEDTLS_GCM_DECRYPT, |
| 175 | iv_str, add_str, src_str, |
| 176 | pt_result, tag_str, |
| 177 | n1 ) ) |
| 178 | goto exit; |
| 179 | } |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 180 | } |
| 181 | } |
Manuel Pégourié-Gonnard | 4fe9200 | 2013-09-13 13:45:58 +0200 | [diff] [blame] | 182 | |
Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 183 | exit: |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 184 | mbedtls_gcm_free( &ctx ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 185 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 186 | /* END_CASE */ |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 187 | |
TRodziewicz | 062f353 | 2021-05-25 15:15:57 +0200 | [diff] [blame] | 188 | /* BEGIN_CASE depends_on:NOT_DEFINED */ |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 189 | void gcm_invalid_param( ) |
| 190 | { |
| 191 | mbedtls_gcm_context ctx; |
| 192 | unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; |
| 193 | mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; |
Ronald Cron | 875b5fb | 2021-05-21 08:50:00 +0200 | [diff] [blame] | 194 | int invalid_bitlen = 1; |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 195 | |
| 196 | mbedtls_gcm_init( &ctx ); |
| 197 | |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 198 | /* mbedtls_gcm_setkey */ |
Ronald Cron | 875b5fb | 2021-05-21 08:50:00 +0200 | [diff] [blame] | 199 | TEST_EQUAL( |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 200 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| 201 | mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) ); |
| 202 | |
Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 203 | exit: |
| 204 | mbedtls_gcm_free( &ctx ); |
| 205 | } |
| 206 | /* END_CASE */ |
| 207 | |
Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 208 | /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ |
Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 209 | void gcm_selftest( ) |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 210 | { |
Andres AG | 93012e8 | 2016-09-09 09:10:28 +0100 | [diff] [blame] | 211 | TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 ); |
Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 212 | } |
Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 213 | /* END_CASE */ |