TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / aa01a038b521931382951036a5cd49bddcc40b51 / . / tests / suites / test_suite_gcm.function
blob: 747914f6bcc2f3f1047e4822e5f7e07ae3711be3 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/gcm.h"
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]7static int check_multipart(mbedtls_gcm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
Mateusz Starzyk658f4fd2021-05-26 14:26:48 +0200[diff] [blame]20 size_t n2_add = add->len - n1_add;
Gilles Peskinea56c4482021-04-15 17:22:35 +0200[diff] [blame]21 size_t olen;
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]22
23 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]24 TEST_ASSERT(n1 <= input->len);
25 TEST_ASSERT(n1_add <= add->len);
26 TEST_EQUAL(input->len, expected_output->len);
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]27
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]28 TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode,
29 iv->x, iv->len));
30 TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, add->x, n1_add));
31 TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, add->x + n1_add, n2_add));
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]32
33 /* Allocate a tight buffer for each update call. This way, if the function
34 * tries to write beyond the advertised required buffer size, this will
35 * count as an overflow for memory sanitizers and static checkers. */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]36 TEST_CALLOC(output, n1);
Gilles Peskinea56c4482021-04-15 17:22:35 +0200[diff] [blame]37 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]38 TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, n1, output, n1, &olen));
39 TEST_EQUAL(n1, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]40 TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]41 mbedtls_free(output);
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]42 output = NULL;
43
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]44 TEST_CALLOC(output, n2);
Gilles Peskinea56c4482021-04-15 17:22:35 +0200[diff] [blame]45 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]46 TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x + n1, n2, output, n2, &olen));
47 TEST_EQUAL(n2, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]48 TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]49 mbedtls_free(output);
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]50 output = NULL;
51
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]52 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]53 TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len));
54 TEST_EQUAL(0, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]55 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]56 mbedtls_free(output);
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]57 output = NULL;
58
59 ok = 1;
60exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]61 mbedtls_free(output);
62 return ok;
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]63}
64
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]65static void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx,
66 int mode,
67 const data_t *iv,
68 const data_t *input,
69 const data_t *expected_output,
70 const data_t *tag,
71 size_t ad_update_count)
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]72{
73 size_t n;
74 uint8_t *output = NULL;
75 size_t olen;
76
77 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]78 TEST_EQUAL(input->len, expected_output->len);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]79
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]80 TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode,
81 iv->x, iv->len));
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]82
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]83 for (n = 0; n < ad_update_count; n++) {
84 TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, NULL, 0));
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]85 }
86
87 /* Allocate a tight buffer for each update call. This way, if the function
88 * tries to write beyond the advertised required buffer size, this will
89 * count as an overflow for memory sanitizers and static checkers. */
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]90 TEST_CALLOC(output, input->len);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]91 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]92 TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, input->len, output, input->len, &olen));
93 TEST_EQUAL(input->len, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]94 TEST_MEMORY_COMPARE(output, olen, expected_output->x, input->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]95 mbedtls_free(output);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]96 output = NULL;
97
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]98 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]99 TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len));
100 TEST_EQUAL(0, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]101 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]102
103exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]104 mbedtls_free(output);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]105}
106
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]107static void check_empty_cipher_with_ad(mbedtls_gcm_context *ctx,
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]108 int mode,
109 const data_t *iv,
110 const data_t *add,
111 const data_t *tag,
112 size_t cipher_update_count)
113{
114 size_t olen;
115 size_t n;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]116 uint8_t *output_tag = NULL;
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]117
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]118 TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode, iv->x, iv->len));
119 TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, add->x, add->len));
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]120
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]121 for (n = 0; n < cipher_update_count; n++) {
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]122 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]123 TEST_EQUAL(0, mbedtls_gcm_update(ctx, NULL, 0, NULL, 0, &olen));
124 TEST_EQUAL(0, olen);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]125 }
126
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]127 TEST_CALLOC(output_tag, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]128 TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen,
129 output_tag, tag->len));
130 TEST_EQUAL(0, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]131 TEST_MEMORY_COMPARE(output_tag, tag->len, tag->x, tag->len);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]132
133exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]134 mbedtls_free(output_tag);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]135}
136
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]137static void check_no_cipher_no_ad(mbedtls_gcm_context *ctx,
138 int mode,
139 const data_t *iv,
140 const data_t *tag)
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]141{
142 uint8_t *output = NULL;
Gilles Peskine5a7be102021-06-23 21:51:32 +0200[diff] [blame]143 size_t olen = 0;
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]144
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]145 TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode,
146 iv->x, iv->len));
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]147 TEST_CALLOC(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]148 TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len));
149 TEST_EQUAL(0, olen);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]150 TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]151
152exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]153 mbedtls_free(output);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]154}
155
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]156/* END_HEADER */
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]157
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]158/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]159 * depends_on:MBEDTLS_GCM_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]160 * END_DEPENDENCIES
161 */
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]162
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]163/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]164void gcm_bad_parameters(int cipher_id, int direction,
165 data_t *key_str, data_t *src_str,
166 data_t *iv_str, data_t *add_str,
167 int tag_len_bits, int gcm_result)
Ron Eldor5a21fd62016-12-16 16:15:56 +0200[diff] [blame]168{
Ron Eldor5a21fd62016-12-16 16:15:56 +0200[diff] [blame]169 unsigned char output[128];
170 unsigned char tag_output[16];
171 mbedtls_gcm_context ctx;
Azim Khan317efe82017-08-02 17:33:54 +0100[diff] [blame]172 size_t tag_len = tag_len_bits / 8;
Ron Eldor5a21fd62016-12-16 16:15:56 +0200[diff] [blame]173
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]174 mbedtls_gcm_init(&ctx);
Ron Eldor5a21fd62016-12-16 16:15:56 +0200[diff] [blame]175
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]176 memset(output, 0x00, sizeof(output));
177 memset(tag_output, 0x00, sizeof(tag_output));
Darryl Green11999bb2018-03-13 15:22:58 +0000[diff] [blame]178
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]179 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
180 TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, direction, src_str->len, iv_str->x, iv_str->len,
181 add_str->x, add_str->len, src_str->x, output, tag_len,
182 tag_output) == gcm_result);
Ron Eldor5a21fd62016-12-16 16:15:56 +0200[diff] [blame]183
184exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]185 mbedtls_gcm_free(&ctx);
Ron Eldor5a21fd62016-12-16 16:15:56 +0200[diff] [blame]186}
187/* END_CASE */
188
189/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]190void gcm_encrypt_and_tag(int cipher_id, data_t *key_str,
191 data_t *src_str, data_t *iv_str,
192 data_t *add_str, data_t *dst,
193 int tag_len_bits, data_t *tag,
194 int init_result)
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]195{
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]196 unsigned char output[128];
197 unsigned char tag_output[16];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]198 mbedtls_gcm_context ctx;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]199 size_t tag_len = tag_len_bits / 8;
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]200 size_t n1;
Mateusz Starzykaf4ecdd2021-06-15 15:29:48 +0200[diff] [blame]201 size_t n1_add;
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]202
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]203 mbedtls_gcm_init(&ctx);
Manuel Pégourié-Gonnardc34e8dd2015-04-28 21:42:17 +0200[diff] [blame]204
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]205 memset(output, 0x00, 128);
206 memset(tag_output, 0x00, 16);
207
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]208
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]209 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result);
210 if (init_result == 0) {
211 TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x,
212 iv_str->len, add_str->x, add_str->len, src_str->x,
213 output, tag_len, tag_output) == 0);
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]214
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]215 TEST_MEMORY_COMPARE(output, src_str->len, dst->x, dst->len);
216 TEST_MEMORY_COMPARE(tag_output, tag_len, tag->x, tag->len);
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]217
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]218 for (n1 = 0; n1 <= src_str->len; n1 += 1) {
219 for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) {
220 mbedtls_test_set_step(n1 * 10000 + n1_add);
221 if (!check_multipart(&ctx, MBEDTLS_GCM_ENCRYPT,
222 iv_str, add_str, src_str,
223 dst, tag,
224 n1, n1_add)) {
Mateusz Starzykaf4ecdd2021-06-15 15:29:48 +0200[diff] [blame]225 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]226 }
Mateusz Starzykaf4ecdd2021-06-15 15:29:48 +0200[diff] [blame]227 }
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]228 }
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]229 }
Manuel Pégourié-Gonnard4fe92002013-09-13 13:45:58 +0200[diff] [blame]230
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]231exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]232 mbedtls_gcm_free(&ctx);
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]233}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]234/* END_CASE */
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]235
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]236/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]237void gcm_decrypt_and_verify(int cipher_id, data_t *key_str,
238 data_t *src_str, data_t *iv_str,
239 data_t *add_str, int tag_len_bits,
240 data_t *tag_str, char *result,
241 data_t *pt_result, int init_result)
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]242{
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]243 unsigned char output[128];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]244 mbedtls_gcm_context ctx;
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]245 int ret;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]246 size_t tag_len = tag_len_bits / 8;
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]247 size_t n1;
Mateusz Starzykaf4ecdd2021-06-15 15:29:48 +0200[diff] [blame]248 size_t n1_add;
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]249
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]250 mbedtls_gcm_init(&ctx);
Manuel Pégourié-Gonnardc34e8dd2015-04-28 21:42:17 +0200[diff] [blame]251
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]252 memset(output, 0x00, 128);
253
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]254
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]255 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result);
256 if (init_result == 0) {
257 ret = mbedtls_gcm_auth_decrypt(&ctx,
258 src_str->len,
259 iv_str->x,
260 iv_str->len,
261 add_str->x,
262 add_str->len,
263 tag_str->x,
264 tag_len,
265 src_str->x,
266 output);
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]267
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]268 if (strcmp("FAIL", result) == 0) {
269 TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED);
270 } else {
271 TEST_ASSERT(ret == 0);
Tom Cosgrovee4e9e7d2023-07-21 11:40:20 +0100[diff] [blame]272 TEST_MEMORY_COMPARE(output, src_str->len, pt_result->x, pt_result->len);
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]273
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]274 for (n1 = 0; n1 <= src_str->len; n1 += 1) {
275 for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) {
276 mbedtls_test_set_step(n1 * 10000 + n1_add);
277 if (!check_multipart(&ctx, MBEDTLS_GCM_DECRYPT,
278 iv_str, add_str, src_str,
279 pt_result, tag_str,
280 n1, n1_add)) {
Mateusz Starzykaf4ecdd2021-06-15 15:29:48 +0200[diff] [blame]281 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]282 }
Mateusz Starzykaf4ecdd2021-06-15 15:29:48 +0200[diff] [blame]283 }
Gilles Peskine36dd93e2021-04-13 13:02:03 +0200[diff] [blame]284 }
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]285 }
286 }
Manuel Pégourié-Gonnard4fe92002013-09-13 13:45:58 +0200[diff] [blame]287
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]288exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]289 mbedtls_gcm_free(&ctx);
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]290}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]291/* END_CASE */
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]292
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]293/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]294void gcm_decrypt_and_verify_empty_cipher(int cipher_id,
295 data_t *key_str,
296 data_t *iv_str,
297 data_t *add_str,
298 data_t *tag_str,
299 int cipher_update_calls)
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]300{
301 mbedtls_gcm_context ctx;
302
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]303 mbedtls_gcm_init(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]304
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]305 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
306 check_empty_cipher_with_ad(&ctx, MBEDTLS_GCM_DECRYPT,
307 iv_str, add_str, tag_str,
308 cipher_update_calls);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]309
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]310 mbedtls_gcm_free(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]311}
312/* END_CASE */
313
314/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]315void gcm_decrypt_and_verify_empty_ad(int cipher_id,
316 data_t *key_str,
317 data_t *iv_str,
318 data_t *src_str,
319 data_t *tag_str,
320 data_t *pt_result,
321 int ad_update_calls)
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]322{
323 mbedtls_gcm_context ctx;
324
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]325 mbedtls_gcm_init(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]326
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]327 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
328 check_cipher_with_empty_ad(&ctx, MBEDTLS_GCM_DECRYPT,
329 iv_str, src_str, pt_result, tag_str,
330 ad_update_calls);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]331
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]332 mbedtls_gcm_free(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]333}
334/* END_CASE */
335
336/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]337void gcm_decrypt_and_verify_no_ad_no_cipher(int cipher_id,
338 data_t *key_str,
339 data_t *iv_str,
340 data_t *tag_str)
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]341{
342 mbedtls_gcm_context ctx;
343
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]344 mbedtls_gcm_init(&ctx);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]345
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]346 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
347 check_no_cipher_no_ad(&ctx, MBEDTLS_GCM_DECRYPT,
348 iv_str, tag_str);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]349
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]350 mbedtls_gcm_free(&ctx);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]351}
352/* END_CASE */
353
354/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]355void gcm_encrypt_and_tag_empty_cipher(int cipher_id,
356 data_t *key_str,
357 data_t *iv_str,
358 data_t *add_str,
359 data_t *tag_str,
360 int cipher_update_calls)
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]361{
362 mbedtls_gcm_context ctx;
363
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]364 mbedtls_gcm_init(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]365
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]366 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
367 check_empty_cipher_with_ad(&ctx, MBEDTLS_GCM_ENCRYPT,
368 iv_str, add_str, tag_str,
369 cipher_update_calls);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]370
371exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]372 mbedtls_gcm_free(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]373}
374/* END_CASE */
375
376/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]377void gcm_encrypt_and_tag_empty_ad(int cipher_id,
378 data_t *key_str,
379 data_t *iv_str,
380 data_t *src_str,
381 data_t *dst,
382 data_t *tag_str,
383 int ad_update_calls)
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]384{
385 mbedtls_gcm_context ctx;
386
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]387 mbedtls_gcm_init(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]388
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]389 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
390 check_cipher_with_empty_ad(&ctx, MBEDTLS_GCM_ENCRYPT,
391 iv_str, src_str, dst, tag_str,
392 ad_update_calls);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]393
394exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]395 mbedtls_gcm_free(&ctx);
Mateusz Starzykfc606222021-06-16 11:04:07 +0200[diff] [blame]396}
397/* END_CASE */
398
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]399/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]400void gcm_encrypt_and_verify_no_ad_no_cipher(int cipher_id,
401 data_t *key_str,
402 data_t *iv_str,
403 data_t *tag_str)
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]404{
405 mbedtls_gcm_context ctx;
406
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]407 mbedtls_gcm_init(&ctx);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]408
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]409 TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0);
410 check_no_cipher_no_ad(&ctx, MBEDTLS_GCM_ENCRYPT,
411 iv_str, tag_str);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]412
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]413 mbedtls_gcm_free(&ctx);
Mateusz Starzyk469c9f32021-06-18 00:06:52 +0200[diff] [blame]414}
415/* END_CASE */
416
Tuvshinzaya Erdenekhuu104eb7f2022-07-29 14:48:21 +0100[diff] [blame]417/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]418void gcm_invalid_param()
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]419{
420 mbedtls_gcm_context ctx;
421 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
422 mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
Ronald Cron875b5fb2021-05-21 08:50:00 +0200[diff] [blame]423 int invalid_bitlen = 1;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]424
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]425 mbedtls_gcm_init(&ctx);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]426
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]427 /* mbedtls_gcm_setkey */
Ronald Cron875b5fb2021-05-21 08:50:00 +0200[diff] [blame]428 TEST_EQUAL(
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]429 MBEDTLS_ERR_GCM_BAD_INPUT,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]430 mbedtls_gcm_setkey(&ctx, valid_cipher, valid_buffer, invalid_bitlen));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]431
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]432exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]433 mbedtls_gcm_free(&ctx);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]434}
435/* END_CASE */
436
Mateusz Starzykc48f43b2021-10-04 13:46:38 +0200[diff] [blame]437/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]438void gcm_update_output_buffer_too_small(int cipher_id, int mode,
439 data_t *key_str, const data_t *input,
440 const data_t *iv)
Mateusz Starzykc48f43b2021-10-04 13:46:38 +0200[diff] [blame]441{
442 mbedtls_gcm_context ctx;
443 uint8_t *output = NULL;
Mateusz Starzyk33d01ff2021-10-21 14:55:59 +0200[diff] [blame]444 size_t olen = 0;
Mateusz Starzykc48f43b2021-10-04 13:46:38 +0200[diff] [blame]445 size_t output_len = input->len - 1;
446
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]447 mbedtls_gcm_init(&ctx);
448 TEST_EQUAL(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8), 0);
449 TEST_EQUAL(0, mbedtls_gcm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykc48f43b2021-10-04 13:46:38 +0200[diff] [blame]450
Tom Cosgrove05b2a872023-07-21 11:31:13 +0100[diff] [blame]451 TEST_CALLOC(output, output_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]452 TEST_EQUAL(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL,
453 mbedtls_gcm_update(&ctx, input->x, input->len, output, output_len, &olen));
Mateusz Starzykc48f43b2021-10-04 13:46:38 +0200[diff] [blame]454
455exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]456 mbedtls_free(output);
457 mbedtls_gcm_free(&ctx);
Mateusz Starzykc48f43b2021-10-04 13:46:38 +0200[diff] [blame]458}
459/* END_CASE */
460
Andrzej Kurekf502bcb2022-09-27 09:27:56 -0400[diff] [blame]461/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]462void gcm_selftest()
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]463{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]464 TEST_ASSERT(mbedtls_gcm_self_test(1) == 0);
Paul Bakker89e80c92012-03-20 13:50:09 +0000[diff] [blame]465}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]466/* END_CASE */