| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 1 | /* BEGIN_HEADER */ |
| Manuel Pégourié-Gonnard | 7f80997 | 2015-03-09 17:05:11 +0000 | [diff] [blame] | 2 | #include "mbedtls/gcm.h" |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 3 | /* END_HEADER */ |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 4 | |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 5 | /* BEGIN_DEPENDENCIES |
| Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 6 | * depends_on:MBEDTLS_GCM_C |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 7 | * END_DEPENDENCIES |
| 8 | */ |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 9 | |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 10 | /* BEGIN_CASE */ |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 11 | void gcm_bad_parameters(int cipher_id, int direction, |
| 12 | data_t *key_str, data_t *src_str, |
| 13 | data_t *iv_str, data_t *add_str, |
| 14 | int tag_len_bits, int gcm_result) |
| Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 15 | { |
| Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 16 | unsigned char output[128]; |
| 17 | unsigned char tag_output[16]; |
| 18 | mbedtls_gcm_context ctx; |
| Azim Khan | 317efe8 | 2017-08-02 17:33:54 +0100 | [diff] [blame] | 19 | size_t tag_len = tag_len_bits / 8; |
| Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 20 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 21 | mbedtls_gcm_init(&ctx); |
| Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 22 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 23 | memset(output, 0x00, sizeof(output)); |
| 24 | memset(tag_output, 0x00, sizeof(tag_output)); |
| Darryl Green | 11999bb | 2018-03-13 15:22:58 +0000 | [diff] [blame] | 25 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 26 | TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); |
| 27 | TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, direction, src_str->len, iv_str->x, iv_str->len, |
| 28 | add_str->x, add_str->len, src_str->x, output, tag_len, |
| 29 | tag_output) == gcm_result); |
| Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 30 | |
| 31 | exit: |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 32 | mbedtls_gcm_free(&ctx); |
| Ron Eldor | 5a21fd6 | 2016-12-16 16:15:56 +0200 | [diff] [blame] | 33 | } |
| 34 | /* END_CASE */ |
| 35 | |
| 36 | /* BEGIN_CASE */ |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 37 | void gcm_encrypt_and_tag(int cipher_id, data_t *key_str, |
| 38 | data_t *src_str, data_t *iv_str, |
| 39 | data_t *add_str, data_t *dst, |
| 40 | int tag_len_bits, data_t *tag, |
| 41 | int init_result) |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 42 | { |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 43 | unsigned char output[128]; |
| 44 | unsigned char tag_output[16]; |
| Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 45 | mbedtls_gcm_context ctx; |
| Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 46 | size_t tag_len = tag_len_bits / 8; |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 47 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 48 | mbedtls_gcm_init(&ctx); |
| Manuel Pégourié-Gonnard | c34e8dd | 2015-04-28 21:42:17 +0200 | [diff] [blame] | 49 | |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 50 | memset(output, 0x00, 128); |
| 51 | memset(tag_output, 0x00, 16); |
| 52 | |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 53 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 54 | TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result); |
| 55 | if (init_result == 0) { |
| 56 | TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, |
| 57 | iv_str->len, add_str->x, add_str->len, src_str->x, |
| 58 | output, tag_len, tag_output) == 0); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 59 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 60 | TEST_ASSERT(mbedtls_test_hexcmp(output, dst->x, |
| 61 | src_str->len, dst->len) == 0); |
| 62 | TEST_ASSERT(mbedtls_test_hexcmp(tag_output, tag->x, |
| 63 | tag_len, tag->len) == 0); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 64 | } |
| Manuel Pégourié-Gonnard | 4fe9200 | 2013-09-13 13:45:58 +0200 | [diff] [blame] | 65 | |
| Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 66 | exit: |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 67 | mbedtls_gcm_free(&ctx); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 68 | } |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 69 | /* END_CASE */ |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 70 | |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 71 | /* BEGIN_CASE */ |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 72 | void gcm_decrypt_and_verify(int cipher_id, data_t *key_str, |
| 73 | data_t *src_str, data_t *iv_str, |
| 74 | data_t *add_str, int tag_len_bits, |
| 75 | data_t *tag_str, char *result, |
| 76 | data_t *pt_result, int init_result) |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 77 | { |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 78 | unsigned char output[128]; |
| Manuel Pégourié-Gonnard | 2cf5a7c | 2015-04-08 12:49:31 +0200 | [diff] [blame] | 79 | mbedtls_gcm_context ctx; |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 80 | int ret; |
| Azim Khan | f1aaec9 | 2017-05-30 14:23:15 +0100 | [diff] [blame] | 81 | size_t tag_len = tag_len_bits / 8; |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 82 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 83 | mbedtls_gcm_init(&ctx); |
| Manuel Pégourié-Gonnard | c34e8dd | 2015-04-28 21:42:17 +0200 | [diff] [blame] | 84 | |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 85 | memset(output, 0x00, 128); |
| 86 | |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 87 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 88 | TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result); |
| 89 | if (init_result == 0) { |
| 90 | ret = mbedtls_gcm_auth_decrypt(&ctx, |
| 91 | src_str->len, |
| 92 | iv_str->x, |
| 93 | iv_str->len, |
| 94 | add_str->x, |
| 95 | add_str->len, |
| 96 | tag_str->x, |
| 97 | tag_len, |
| 98 | src_str->x, |
| 99 | output); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 100 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 101 | if (strcmp("FAIL", result) == 0) { |
| 102 | TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED); |
| 103 | } else { |
| 104 | TEST_ASSERT(ret == 0); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 105 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 106 | TEST_ASSERT(mbedtls_test_hexcmp(output, pt_result->x, |
| 107 | src_str->len, |
| 108 | pt_result->len) == 0); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 109 | } |
| 110 | } |
| Manuel Pégourié-Gonnard | 4fe9200 | 2013-09-13 13:45:58 +0200 | [diff] [blame] | 111 | |
| Paul Bakker | bd51b26 | 2014-07-10 15:26:12 +0200 | [diff] [blame] | 112 | exit: |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 113 | mbedtls_gcm_free(&ctx); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 114 | } |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 115 | /* END_CASE */ |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 116 | |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 117 | /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 118 | void gcm_invalid_param() |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 119 | { |
| 120 | mbedtls_gcm_context ctx; |
| 121 | unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; |
| 122 | mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; |
| 123 | int valid_mode = MBEDTLS_GCM_ENCRYPT; |
| 124 | int valid_len = sizeof(valid_buffer); |
| 125 | int valid_bitlen = 128, invalid_bitlen = 1; |
| 126 | |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 127 | mbedtls_gcm_init(&ctx); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 128 | |
| 129 | /* mbedtls_gcm_init() */ |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 130 | TEST_INVALID_PARAM(mbedtls_gcm_init(NULL)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 131 | |
| 132 | /* mbedtls_gcm_setkey */ |
| 133 | TEST_INVALID_PARAM_RET( |
| 134 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 135 | mbedtls_gcm_setkey(NULL, valid_cipher, valid_buffer, valid_bitlen)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 136 | TEST_INVALID_PARAM_RET( |
| 137 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 138 | mbedtls_gcm_setkey(&ctx, valid_cipher, NULL, valid_bitlen)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 139 | TEST_INVALID_PARAM_RET( |
| 140 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 141 | mbedtls_gcm_setkey(&ctx, valid_cipher, valid_buffer, invalid_bitlen)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 142 | |
| 143 | /* mbedtls_gcm_crypt_and_tag() */ |
| 144 | TEST_INVALID_PARAM_RET( |
| 145 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 146 | mbedtls_gcm_crypt_and_tag(NULL, valid_mode, valid_len, |
| 147 | valid_buffer, valid_len, |
| 148 | valid_buffer, valid_len, |
| 149 | valid_buffer, valid_buffer, |
| 150 | valid_len, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 151 | TEST_INVALID_PARAM_RET( |
| 152 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 153 | mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len, |
| 154 | NULL, valid_len, |
| 155 | valid_buffer, valid_len, |
| 156 | valid_buffer, valid_buffer, |
| 157 | valid_len, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 158 | TEST_INVALID_PARAM_RET( |
| 159 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 160 | mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len, |
| 161 | valid_buffer, valid_len, |
| 162 | NULL, valid_len, |
| 163 | valid_buffer, valid_buffer, |
| 164 | valid_len, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 165 | TEST_INVALID_PARAM_RET( |
| 166 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 167 | mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len, |
| 168 | valid_buffer, valid_len, |
| 169 | valid_buffer, valid_len, |
| 170 | NULL, valid_buffer, |
| 171 | valid_len, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 172 | TEST_INVALID_PARAM_RET( |
| 173 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 174 | mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len, |
| 175 | valid_buffer, valid_len, |
| 176 | valid_buffer, valid_len, |
| 177 | valid_buffer, NULL, |
| 178 | valid_len, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 179 | TEST_INVALID_PARAM_RET( |
| 180 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 181 | mbedtls_gcm_crypt_and_tag(&ctx, valid_mode, valid_len, |
| 182 | valid_buffer, valid_len, |
| 183 | valid_buffer, valid_len, |
| 184 | valid_buffer, valid_buffer, |
| 185 | valid_len, NULL)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 186 | |
| 187 | /* mbedtls_gcm_auth_decrypt() */ |
| 188 | TEST_INVALID_PARAM_RET( |
| 189 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 190 | mbedtls_gcm_auth_decrypt(NULL, valid_len, |
| 191 | valid_buffer, valid_len, |
| 192 | valid_buffer, valid_len, |
| 193 | valid_buffer, valid_len, |
| 194 | valid_buffer, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 195 | TEST_INVALID_PARAM_RET( |
| 196 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 197 | mbedtls_gcm_auth_decrypt(&ctx, valid_len, |
| 198 | NULL, valid_len, |
| 199 | valid_buffer, valid_len, |
| 200 | valid_buffer, valid_len, |
| 201 | valid_buffer, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 202 | TEST_INVALID_PARAM_RET( |
| 203 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 204 | mbedtls_gcm_auth_decrypt(&ctx, valid_len, |
| 205 | valid_buffer, valid_len, |
| 206 | NULL, valid_len, |
| 207 | valid_buffer, valid_len, |
| 208 | valid_buffer, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 209 | TEST_INVALID_PARAM_RET( |
| 210 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 211 | mbedtls_gcm_auth_decrypt(&ctx, valid_len, |
| 212 | valid_buffer, valid_len, |
| 213 | valid_buffer, valid_len, |
| 214 | NULL, valid_len, |
| 215 | valid_buffer, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 216 | TEST_INVALID_PARAM_RET( |
| 217 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 218 | mbedtls_gcm_auth_decrypt(&ctx, valid_len, |
| 219 | valid_buffer, valid_len, |
| 220 | valid_buffer, valid_len, |
| 221 | valid_buffer, valid_len, |
| 222 | NULL, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 223 | TEST_INVALID_PARAM_RET( |
| 224 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 225 | mbedtls_gcm_auth_decrypt(&ctx, valid_len, |
| 226 | valid_buffer, valid_len, |
| 227 | valid_buffer, valid_len, |
| 228 | valid_buffer, valid_len, |
| 229 | valid_buffer, NULL)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 230 | |
| 231 | /* mbedtls_gcm_starts() */ |
| 232 | TEST_INVALID_PARAM_RET( |
| 233 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 234 | mbedtls_gcm_starts(NULL, valid_mode, |
| 235 | valid_buffer, valid_len, |
| 236 | valid_buffer, valid_len)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 237 | |
| 238 | TEST_INVALID_PARAM_RET( |
| 239 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 240 | mbedtls_gcm_starts(&ctx, valid_mode, |
| 241 | NULL, valid_len, |
| 242 | valid_buffer, valid_len)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 243 | |
| 244 | TEST_INVALID_PARAM_RET( |
| 245 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 246 | mbedtls_gcm_starts(&ctx, valid_mode, |
| 247 | valid_buffer, valid_len, |
| 248 | NULL, valid_len)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 249 | |
| 250 | /* mbedtls_gcm_update() */ |
| 251 | TEST_INVALID_PARAM_RET( |
| 252 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 253 | mbedtls_gcm_update(NULL, valid_len, |
| 254 | valid_buffer, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 255 | TEST_INVALID_PARAM_RET( |
| 256 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 257 | mbedtls_gcm_update(&ctx, valid_len, |
| 258 | NULL, valid_buffer)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 259 | TEST_INVALID_PARAM_RET( |
| 260 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 261 | mbedtls_gcm_update(&ctx, valid_len, |
| 262 | valid_buffer, NULL)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 263 | |
| 264 | /* mbedtls_gcm_finish() */ |
| 265 | TEST_INVALID_PARAM_RET( |
| 266 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 267 | mbedtls_gcm_finish(NULL, valid_buffer, valid_len)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 268 | TEST_INVALID_PARAM_RET( |
| 269 | MBEDTLS_ERR_GCM_BAD_INPUT, |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 270 | mbedtls_gcm_finish(&ctx, NULL, valid_len)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 271 | |
| 272 | exit: |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 273 | mbedtls_gcm_free(&ctx); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 274 | } |
| 275 | /* END_CASE */ |
| 276 | |
| 277 | /* BEGIN_CASE */ |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 278 | void gcm_valid_param() |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 279 | { |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 280 | TEST_VALID_PARAM(mbedtls_gcm_free(NULL)); |
| Andrzej Kurek | c470b6b | 2019-01-31 08:20:20 -0500 | [diff] [blame] | 281 | exit: |
| 282 | return; |
| 283 | } |
| 284 | /* END_CASE */ |
| 285 | |
| Andrzej Kurek | 773a461 | 2022-10-18 07:05:55 -0400 | [diff] [blame] | 286 | /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 287 | void gcm_selftest() |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 288 | { |
| Gilles Peskine | 1b6c09a | 2023-01-11 14:52:35 +0100 | [diff] [blame] | 289 | TEST_ASSERT(mbedtls_gcm_self_test(1) == 0); |
| Paul Bakker | 89e80c9 | 2012-03-20 13:50:09 +0000 | [diff] [blame] | 290 | } |
| Paul Bakker | 33b43f1 | 2013-08-20 11:48:36 +0200 | [diff] [blame] | 291 | /* END_CASE */ |
| Harry Ramsey | 0cd2951 | 2024-11-13 10:30:19 +0000 | [diff] [blame] | 292 | |
| 293 | /* BEGIN_CASE */ |
| 294 | void gcm_encrypt_input_output_buffer_overlap(int cipher_id, data_t *key_str, |
| 295 | data_t *src_str, data_t *iv_str, |
| 296 | data_t *add_str, data_t *dst, |
| 297 | int tag_len_bits, data_t *tag, |
| 298 | int init_result) |
| 299 | { |
| 300 | unsigned char *buffer = NULL; |
| 301 | size_t buffer_len; |
| 302 | unsigned char tag_output[16]; |
| 303 | mbedtls_gcm_context ctx; |
| 304 | size_t tag_len = tag_len_bits / 8; |
| 305 | |
| 306 | mbedtls_gcm_init(&ctx); |
| 307 | |
| 308 | /* GCM includes padding and therefore input length can be shorter than the output length |
| 309 | * Therefore we must ensure we round up to the nearest 128-bits/16-bytes. |
| 310 | */ |
| 311 | buffer_len = src_str->len; |
| 312 | if (buffer_len % 16 != 0 || buffer_len == 0) { |
| 313 | buffer_len += (16 - (buffer_len % 16)); |
| 314 | } |
| 315 | TEST_CALLOC(buffer, buffer_len); |
| 316 | memcpy(buffer, src_str->x, src_str->len); |
| Harry Ramsey | 9d99e98 | 2024-11-13 15:57:29 +0000 | [diff] [blame] | 317 | |
| Harry Ramsey | 0cd2951 | 2024-11-13 10:30:19 +0000 | [diff] [blame] | 318 | memset(tag_output, 0x00, 16); |
| 319 | |
| 320 | TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result); |
| 321 | if (init_result == 0) { |
| 322 | TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, |
| 323 | iv_str->len, add_str->x, add_str->len, buffer, |
| 324 | buffer, tag_len, tag_output) == 0); |
| 325 | |
| 326 | TEST_ASSERT(mbedtls_test_hexcmp(buffer, dst->x, |
| 327 | src_str->len, dst->len) == 0); |
| 328 | TEST_ASSERT(mbedtls_test_hexcmp(tag_output, tag->x, |
| 329 | tag_len, tag->len) == 0); |
| 330 | } |
| 331 | |
| 332 | exit: |
| 333 | mbedtls_free(buffer); |
| 334 | mbedtls_gcm_free(&ctx); |
| 335 | } |
| 336 | /* END_CASE */ |
| 337 | |
| 338 | /* BEGIN_CASE */ |
| 339 | void gcm_decrypt_input_output_buffer_overlap(int cipher_id, data_t *key_str, |
| 340 | data_t *src_str, data_t *iv_str, |
| 341 | data_t *add_str, int tag_len_bits, |
| 342 | data_t *tag_str, char *result, |
| 343 | data_t *pt_result, int init_result) |
| 344 | { |
| 345 | unsigned char *buffer = NULL; |
| 346 | size_t buffer_len; |
| 347 | mbedtls_gcm_context ctx; |
| 348 | int ret; |
| 349 | size_t tag_len = tag_len_bits / 8; |
| 350 | |
| 351 | mbedtls_gcm_init(&ctx); |
| 352 | |
| 353 | /* GCM includes padding and therefore input length can be shorter than the output length |
| 354 | * Therefore we must ensure we round up to the nearest 128-bits/16-bytes. |
| 355 | */ |
| 356 | buffer_len = src_str->len; |
| 357 | if (buffer_len % 16 != 0 || buffer_len == 0) { |
| 358 | buffer_len += (16 - (buffer_len % 16)); |
| 359 | } |
| 360 | TEST_CALLOC(buffer, buffer_len); |
| 361 | memcpy(buffer, src_str->x, src_str->len); |
| 362 | |
| 363 | TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result); |
| 364 | if (init_result == 0) { |
| 365 | ret = mbedtls_gcm_auth_decrypt(&ctx, |
| 366 | src_str->len, |
| 367 | iv_str->x, |
| 368 | iv_str->len, |
| 369 | add_str->x, |
| 370 | add_str->len, |
| 371 | tag_str->x, |
| 372 | tag_len, |
| 373 | buffer, |
| 374 | buffer); |
| 375 | |
| 376 | if (strcmp("FAIL", result) == 0) { |
| 377 | TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED); |
| 378 | } else { |
| 379 | TEST_ASSERT(ret == 0); |
| 380 | |
| 381 | TEST_ASSERT(mbedtls_test_hexcmp(buffer, pt_result->x, |
| 382 | src_str->len, |
| 383 | pt_result->len) == 0); |
| 384 | } |
| 385 | } |
| 386 | |
| 387 | exit: |
| 388 | mbedtls_free(buffer); |
| 389 | mbedtls_gcm_free(&ctx); |
| 390 | } |
| 391 | /* END_CASE */ |