blob: c7942f81a75f513451f9b4e33dd7869485995124 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +02001/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +00002#include "mbedtls/gcm.h"
Gilles Peskine36dd93e2021-04-13 13:02:03 +02003
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
7static int check_multipart( mbedtls_gcm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1 )
15{
16 int ok = 0;
17 uint8_t *output = NULL;
18 size_t n2 = input->len - n1;
Mateusz Starzyk658f4fd2021-05-26 14:26:48 +020019 size_t n1_add = n1 < add->len ? add->len - n1 : add->len;
20 size_t n2_add = add->len - n1_add;
Gilles Peskinea56c4482021-04-15 17:22:35 +020021 size_t olen;
Gilles Peskine36dd93e2021-04-13 13:02:03 +020022
23 /* Sanity checks on the test data */
24 TEST_ASSERT( n1 <= input->len );
Mateusz Starzyk658f4fd2021-05-26 14:26:48 +020025 TEST_ASSERT( n1_add <= add->len );
Gilles Peskine36dd93e2021-04-13 13:02:03 +020026 TEST_EQUAL( input->len, expected_output->len );
27
28 TEST_EQUAL( 0, mbedtls_gcm_starts( ctx, mode,
Gilles Peskine295fc132021-04-15 18:32:23 +020029 iv->x, iv->len ) );
Mateusz Starzyk658f4fd2021-05-26 14:26:48 +020030 TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x, n1_add ) );
31 TEST_EQUAL( 0, mbedtls_gcm_update_ad( ctx, add->x + n1_add, n2_add ) );
Gilles Peskine36dd93e2021-04-13 13:02:03 +020032
33 /* Allocate a tight buffer for each update call. This way, if the function
34 * tries to write beyond the advertised required buffer size, this will
35 * count as an overflow for memory sanitizers and static checkers. */
36 ASSERT_ALLOC( output, n1 );
Gilles Peskinea56c4482021-04-15 17:22:35 +020037 olen = 0xdeadbeef;
38 TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x, n1, output, n1, &olen ) );
39 TEST_EQUAL( n1, olen );
40 ASSERT_COMPARE( output, olen, expected_output->x, n1 );
Gilles Peskine36dd93e2021-04-13 13:02:03 +020041 mbedtls_free( output );
42 output = NULL;
43
44 ASSERT_ALLOC( output, n2 );
Gilles Peskinea56c4482021-04-15 17:22:35 +020045 olen = 0xdeadbeef;
46 TEST_EQUAL( 0, mbedtls_gcm_update( ctx, input->x + n1, n2, output, n2, &olen ) );
47 TEST_EQUAL( n2, olen );
48 ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 );
Gilles Peskine36dd93e2021-04-13 13:02:03 +020049 mbedtls_free( output );
50 output = NULL;
51
52 ASSERT_ALLOC( output, tag->len );
Gilles Peskine9461e452021-04-15 16:48:32 +020053 TEST_EQUAL( 0, mbedtls_gcm_finish( ctx, NULL, 0, output, tag->len ) );
Gilles Peskine36dd93e2021-04-13 13:02:03 +020054 ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
55 mbedtls_free( output );
56 output = NULL;
57
58 ok = 1;
59exit:
60 mbedtls_free( output );
61 return( ok );
62}
63
Paul Bakker33b43f12013-08-20 11:48:36 +020064/* END_HEADER */
Paul Bakker89e80c92012-03-20 13:50:09 +000065
Paul Bakker33b43f12013-08-20 11:48:36 +020066/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +020067 * depends_on:MBEDTLS_GCM_C
Paul Bakker33b43f12013-08-20 11:48:36 +020068 * END_DEPENDENCIES
69 */
Paul Bakker89e80c92012-03-20 13:50:09 +000070
Paul Bakker33b43f12013-08-20 11:48:36 +020071/* BEGIN_CASE */
Ron Eldor5a21fd62016-12-16 16:15:56 +020072void gcm_bad_parameters( int cipher_id, int direction,
Azim Khan5fcca462018-06-29 11:05:32 +010073 data_t *key_str, data_t *src_str,
74 data_t *iv_str, data_t *add_str,
Ron Eldor5a21fd62016-12-16 16:15:56 +020075 int tag_len_bits, int gcm_result )
76{
Ron Eldor5a21fd62016-12-16 16:15:56 +020077 unsigned char output[128];
78 unsigned char tag_output[16];
79 mbedtls_gcm_context ctx;
Azim Khan317efe82017-08-02 17:33:54 +010080 size_t tag_len = tag_len_bits / 8;
Ron Eldor5a21fd62016-12-16 16:15:56 +020081
82 mbedtls_gcm_init( &ctx );
83
Ron Eldor5a21fd62016-12-16 16:15:56 +020084 memset( output, 0x00, sizeof( output ) );
85 memset( tag_output, 0x00, sizeof( tag_output ) );
Darryl Green11999bb2018-03-13 15:22:58 +000086
Azim Khan317efe82017-08-02 17:33:54 +010087 TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == 0 );
88 TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, direction, src_str->len, iv_str->x, iv_str->len,
89 add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == gcm_result );
Ron Eldor5a21fd62016-12-16 16:15:56 +020090
91exit:
92 mbedtls_gcm_free( &ctx );
93}
94/* END_CASE */
95
96/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +010097void gcm_encrypt_and_tag( int cipher_id, data_t * key_str,
98 data_t * src_str, data_t * iv_str,
Ronald Cronac6ae352020-06-26 14:33:03 +020099 data_t * add_str, data_t * dst,
100 int tag_len_bits, data_t * tag,
Azim Khand30ca132017-06-09 04:32:58 +0100101 int init_result )
Paul Bakker89e80c92012-03-20 13:50:09 +0000102{
Paul Bakker89e80c92012-03-20 13:50:09 +0000103 unsigned char output[128];
104 unsigned char tag_output[16];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200105 mbedtls_gcm_context ctx;
Azim Khanf1aaec92017-05-30 14:23:15 +0100106 size_t tag_len = tag_len_bits / 8;
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200107 size_t n1;
Paul Bakker89e80c92012-03-20 13:50:09 +0000108
Manuel Pégourié-Gonnardc34e8dd2015-04-28 21:42:17 +0200109 mbedtls_gcm_init( &ctx );
110
Paul Bakker89e80c92012-03-20 13:50:09 +0000111 memset(output, 0x00, 128);
112 memset(tag_output, 0x00, 16);
113
Paul Bakker89e80c92012-03-20 13:50:09 +0000114
Azim Khand30ca132017-06-09 04:32:58 +0100115 TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200116 if( init_result == 0 )
Paul Bakker89e80c92012-03-20 13:50:09 +0000117 {
Azim Khand30ca132017-06-09 04:32:58 +0100118 TEST_ASSERT( mbedtls_gcm_crypt_and_tag( &ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, src_str->x, output, tag_len, tag_output ) == 0 );
Paul Bakker89e80c92012-03-20 13:50:09 +0000119
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200120 ASSERT_COMPARE( output, src_str->len, dst->x, dst->len );
121 ASSERT_COMPARE( tag_output, tag_len, tag->x, tag->len );
122
Gilles Peskine58fc2722021-04-13 15:58:27 +0200123 for( n1 = 0; n1 <= src_str->len; n1 += 1 )
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200124 {
125 mbedtls_test_set_step( n1 );
126 if( !check_multipart( &ctx, MBEDTLS_GCM_ENCRYPT,
127 iv_str, add_str, src_str,
128 dst, tag,
129 n1 ) )
130 goto exit;
131 }
Paul Bakker89e80c92012-03-20 13:50:09 +0000132 }
Manuel Pégourié-Gonnard4fe92002013-09-13 13:45:58 +0200133
Paul Bakkerbd51b262014-07-10 15:26:12 +0200134exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200135 mbedtls_gcm_free( &ctx );
Paul Bakker89e80c92012-03-20 13:50:09 +0000136}
Paul Bakker33b43f12013-08-20 11:48:36 +0200137/* END_CASE */
Paul Bakker89e80c92012-03-20 13:50:09 +0000138
Paul Bakker33b43f12013-08-20 11:48:36 +0200139/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100140void gcm_decrypt_and_verify( int cipher_id, data_t * key_str,
141 data_t * src_str, data_t * iv_str,
142 data_t * add_str, int tag_len_bits,
143 data_t * tag_str, char * result,
144 data_t * pt_result, int init_result )
Paul Bakker89e80c92012-03-20 13:50:09 +0000145{
Paul Bakker89e80c92012-03-20 13:50:09 +0000146 unsigned char output[128];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200147 mbedtls_gcm_context ctx;
Paul Bakker89e80c92012-03-20 13:50:09 +0000148 int ret;
Azim Khanf1aaec92017-05-30 14:23:15 +0100149 size_t tag_len = tag_len_bits / 8;
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200150 size_t n1;
Paul Bakker89e80c92012-03-20 13:50:09 +0000151
Manuel Pégourié-Gonnardc34e8dd2015-04-28 21:42:17 +0200152 mbedtls_gcm_init( &ctx );
153
Paul Bakker89e80c92012-03-20 13:50:09 +0000154 memset(output, 0x00, 128);
155
Paul Bakker89e80c92012-03-20 13:50:09 +0000156
Azim Khand30ca132017-06-09 04:32:58 +0100157 TEST_ASSERT( mbedtls_gcm_setkey( &ctx, cipher_id, key_str->x, key_str->len * 8 ) == init_result );
Paul Bakker33b43f12013-08-20 11:48:36 +0200158 if( init_result == 0 )
Paul Bakker89e80c92012-03-20 13:50:09 +0000159 {
Azim Khand30ca132017-06-09 04:32:58 +0100160 ret = mbedtls_gcm_auth_decrypt( &ctx, src_str->len, iv_str->x, iv_str->len, add_str->x, add_str->len, tag_str->x, tag_len, src_str->x, output );
Paul Bakker89e80c92012-03-20 13:50:09 +0000161
Azim Khan46c9b1f2017-05-31 20:46:35 +0100162 if( strcmp( "FAIL", result ) == 0 )
Paul Bakker89e80c92012-03-20 13:50:09 +0000163 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200164 TEST_ASSERT( ret == MBEDTLS_ERR_GCM_AUTH_FAILED );
Paul Bakker89e80c92012-03-20 13:50:09 +0000165 }
166 else
167 {
Manuel Pégourié-Gonnardf7ce67f2013-09-03 20:17:35 +0200168 TEST_ASSERT( ret == 0 );
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200169 ASSERT_COMPARE( output, src_str->len, pt_result->x, pt_result->len );
Paul Bakker89e80c92012-03-20 13:50:09 +0000170
Gilles Peskine58fc2722021-04-13 15:58:27 +0200171 for( n1 = 0; n1 <= src_str->len; n1 += 1 )
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200172 {
173 mbedtls_test_set_step( n1 );
174 if( !check_multipart( &ctx, MBEDTLS_GCM_DECRYPT,
175 iv_str, add_str, src_str,
176 pt_result, tag_str,
177 n1 ) )
178 goto exit;
179 }
Paul Bakker89e80c92012-03-20 13:50:09 +0000180 }
181 }
Manuel Pégourié-Gonnard4fe92002013-09-13 13:45:58 +0200182
Paul Bakkerbd51b262014-07-10 15:26:12 +0200183exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200184 mbedtls_gcm_free( &ctx );
Paul Bakker89e80c92012-03-20 13:50:09 +0000185}
Paul Bakker33b43f12013-08-20 11:48:36 +0200186/* END_CASE */
Paul Bakker89e80c92012-03-20 13:50:09 +0000187
TRodziewicz062f3532021-05-25 15:15:57 +0200188/* BEGIN_CASE depends_on:NOT_DEFINED */
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500189void gcm_invalid_param( )
190{
191 mbedtls_gcm_context ctx;
192 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
193 mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
Ronald Cron875b5fb2021-05-21 08:50:00 +0200194 int invalid_bitlen = 1;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500195
196 mbedtls_gcm_init( &ctx );
197
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500198 /* mbedtls_gcm_setkey */
Ronald Cron875b5fb2021-05-21 08:50:00 +0200199 TEST_EQUAL(
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500200 MBEDTLS_ERR_GCM_BAD_INPUT,
201 mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
202
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500203exit:
204 mbedtls_gcm_free( &ctx );
205}
206/* END_CASE */
207
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200208/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Azim Khanf1aaec92017-05-30 14:23:15 +0100209void gcm_selftest( )
Paul Bakker89e80c92012-03-20 13:50:09 +0000210{
Andres AG93012e82016-09-09 09:10:28 +0100211 TEST_ASSERT( mbedtls_gcm_self_test( 1 ) == 0 );
Paul Bakker89e80c92012-03-20 13:50:09 +0000212}
Paul Bakker33b43f12013-08-20 11:48:36 +0200213/* END_CASE */