1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/gcm.h" 3*62c56f98SSadaf Ebrahimi 4*62c56f98SSadaf Ebrahimi/* Use the multipart interface to process the encrypted data in two parts 5*62c56f98SSadaf Ebrahimi * and check that the output matches the expected output. 6*62c56f98SSadaf Ebrahimi * The context must have been set up with the key. */ 7*62c56f98SSadaf Ebrahimistatic int check_multipart(mbedtls_gcm_context *ctx, 8*62c56f98SSadaf Ebrahimi int mode, 9*62c56f98SSadaf Ebrahimi const data_t *iv, 10*62c56f98SSadaf Ebrahimi const data_t *add, 11*62c56f98SSadaf Ebrahimi const data_t *input, 12*62c56f98SSadaf Ebrahimi const data_t *expected_output, 13*62c56f98SSadaf Ebrahimi const data_t *tag, 14*62c56f98SSadaf Ebrahimi size_t n1, 15*62c56f98SSadaf Ebrahimi size_t n1_add) 16*62c56f98SSadaf Ebrahimi{ 17*62c56f98SSadaf Ebrahimi int ok = 0; 18*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 19*62c56f98SSadaf Ebrahimi size_t n2 = input->len - n1; 20*62c56f98SSadaf Ebrahimi size_t n2_add = add->len - n1_add; 21*62c56f98SSadaf Ebrahimi size_t olen; 22*62c56f98SSadaf Ebrahimi 23*62c56f98SSadaf Ebrahimi /* Sanity checks on the test data */ 24*62c56f98SSadaf Ebrahimi TEST_ASSERT(n1 <= input->len); 25*62c56f98SSadaf Ebrahimi TEST_ASSERT(n1_add <= add->len); 26*62c56f98SSadaf Ebrahimi TEST_EQUAL(input->len, expected_output->len); 27*62c56f98SSadaf Ebrahimi 28*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode, 29*62c56f98SSadaf Ebrahimi iv->x, iv->len)); 30*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, add->x, n1_add)); 31*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, add->x + n1_add, n2_add)); 32*62c56f98SSadaf Ebrahimi 33*62c56f98SSadaf Ebrahimi /* Allocate a tight buffer for each update call. This way, if the function 34*62c56f98SSadaf Ebrahimi * tries to write beyond the advertised required buffer size, this will 35*62c56f98SSadaf Ebrahimi * count as an overflow for memory sanitizers and static checkers. */ 36*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, n1); 37*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 38*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, n1, output, n1, &olen)); 39*62c56f98SSadaf Ebrahimi TEST_EQUAL(n1, olen); 40*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, olen, expected_output->x, n1); 41*62c56f98SSadaf Ebrahimi mbedtls_free(output); 42*62c56f98SSadaf Ebrahimi output = NULL; 43*62c56f98SSadaf Ebrahimi 44*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, n2); 45*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 46*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x + n1, n2, output, n2, &olen)); 47*62c56f98SSadaf Ebrahimi TEST_EQUAL(n2, olen); 48*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, olen, expected_output->x + n1, n2); 49*62c56f98SSadaf Ebrahimi mbedtls_free(output); 50*62c56f98SSadaf Ebrahimi output = NULL; 51*62c56f98SSadaf Ebrahimi 52*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, tag->len); 53*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); 54*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, olen); 55*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 56*62c56f98SSadaf Ebrahimi mbedtls_free(output); 57*62c56f98SSadaf Ebrahimi output = NULL; 58*62c56f98SSadaf Ebrahimi 59*62c56f98SSadaf Ebrahimi ok = 1; 60*62c56f98SSadaf Ebrahimiexit: 61*62c56f98SSadaf Ebrahimi mbedtls_free(output); 62*62c56f98SSadaf Ebrahimi return ok; 63*62c56f98SSadaf Ebrahimi} 64*62c56f98SSadaf Ebrahimi 65*62c56f98SSadaf Ebrahimistatic void check_cipher_with_empty_ad(mbedtls_gcm_context *ctx, 66*62c56f98SSadaf Ebrahimi int mode, 67*62c56f98SSadaf Ebrahimi const data_t *iv, 68*62c56f98SSadaf Ebrahimi const data_t *input, 69*62c56f98SSadaf Ebrahimi const data_t *expected_output, 70*62c56f98SSadaf Ebrahimi const data_t *tag, 71*62c56f98SSadaf Ebrahimi size_t ad_update_count) 72*62c56f98SSadaf Ebrahimi{ 73*62c56f98SSadaf Ebrahimi size_t n; 74*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 75*62c56f98SSadaf Ebrahimi size_t olen; 76*62c56f98SSadaf Ebrahimi 77*62c56f98SSadaf Ebrahimi /* Sanity checks on the test data */ 78*62c56f98SSadaf Ebrahimi TEST_EQUAL(input->len, expected_output->len); 79*62c56f98SSadaf Ebrahimi 80*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode, 81*62c56f98SSadaf Ebrahimi iv->x, iv->len)); 82*62c56f98SSadaf Ebrahimi 83*62c56f98SSadaf Ebrahimi for (n = 0; n < ad_update_count; n++) { 84*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, NULL, 0)); 85*62c56f98SSadaf Ebrahimi } 86*62c56f98SSadaf Ebrahimi 87*62c56f98SSadaf Ebrahimi /* Allocate a tight buffer for each update call. This way, if the function 88*62c56f98SSadaf Ebrahimi * tries to write beyond the advertised required buffer size, this will 89*62c56f98SSadaf Ebrahimi * count as an overflow for memory sanitizers and static checkers. */ 90*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, input->len); 91*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 92*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update(ctx, input->x, input->len, output, input->len, &olen)); 93*62c56f98SSadaf Ebrahimi TEST_EQUAL(input->len, olen); 94*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, olen, expected_output->x, input->len); 95*62c56f98SSadaf Ebrahimi mbedtls_free(output); 96*62c56f98SSadaf Ebrahimi output = NULL; 97*62c56f98SSadaf Ebrahimi 98*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, tag->len); 99*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); 100*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, olen); 101*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 102*62c56f98SSadaf Ebrahimi 103*62c56f98SSadaf Ebrahimiexit: 104*62c56f98SSadaf Ebrahimi mbedtls_free(output); 105*62c56f98SSadaf Ebrahimi} 106*62c56f98SSadaf Ebrahimi 107*62c56f98SSadaf Ebrahimistatic void check_empty_cipher_with_ad(mbedtls_gcm_context *ctx, 108*62c56f98SSadaf Ebrahimi int mode, 109*62c56f98SSadaf Ebrahimi const data_t *iv, 110*62c56f98SSadaf Ebrahimi const data_t *add, 111*62c56f98SSadaf Ebrahimi const data_t *tag, 112*62c56f98SSadaf Ebrahimi size_t cipher_update_count) 113*62c56f98SSadaf Ebrahimi{ 114*62c56f98SSadaf Ebrahimi size_t olen; 115*62c56f98SSadaf Ebrahimi size_t n; 116*62c56f98SSadaf Ebrahimi uint8_t *output_tag = NULL; 117*62c56f98SSadaf Ebrahimi 118*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode, iv->x, iv->len)); 119*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update_ad(ctx, add->x, add->len)); 120*62c56f98SSadaf Ebrahimi 121*62c56f98SSadaf Ebrahimi for (n = 0; n < cipher_update_count; n++) { 122*62c56f98SSadaf Ebrahimi olen = 0xdeadbeef; 123*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_update(ctx, NULL, 0, NULL, 0, &olen)); 124*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, olen); 125*62c56f98SSadaf Ebrahimi } 126*62c56f98SSadaf Ebrahimi 127*62c56f98SSadaf Ebrahimi TEST_CALLOC(output_tag, tag->len); 128*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, 129*62c56f98SSadaf Ebrahimi output_tag, tag->len)); 130*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, olen); 131*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output_tag, tag->len, tag->x, tag->len); 132*62c56f98SSadaf Ebrahimi 133*62c56f98SSadaf Ebrahimiexit: 134*62c56f98SSadaf Ebrahimi mbedtls_free(output_tag); 135*62c56f98SSadaf Ebrahimi} 136*62c56f98SSadaf Ebrahimi 137*62c56f98SSadaf Ebrahimistatic void check_no_cipher_no_ad(mbedtls_gcm_context *ctx, 138*62c56f98SSadaf Ebrahimi int mode, 139*62c56f98SSadaf Ebrahimi const data_t *iv, 140*62c56f98SSadaf Ebrahimi const data_t *tag) 141*62c56f98SSadaf Ebrahimi{ 142*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 143*62c56f98SSadaf Ebrahimi size_t olen = 0; 144*62c56f98SSadaf Ebrahimi 145*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_starts(ctx, mode, 146*62c56f98SSadaf Ebrahimi iv->x, iv->len)); 147*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, tag->len); 148*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_finish(ctx, NULL, 0, &olen, output, tag->len)); 149*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, olen); 150*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, tag->len, tag->x, tag->len); 151*62c56f98SSadaf Ebrahimi 152*62c56f98SSadaf Ebrahimiexit: 153*62c56f98SSadaf Ebrahimi mbedtls_free(output); 154*62c56f98SSadaf Ebrahimi} 155*62c56f98SSadaf Ebrahimi 156*62c56f98SSadaf Ebrahimi/* END_HEADER */ 157*62c56f98SSadaf Ebrahimi 158*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 159*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_GCM_C 160*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 161*62c56f98SSadaf Ebrahimi */ 162*62c56f98SSadaf Ebrahimi 163*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 164*62c56f98SSadaf Ebrahimivoid gcm_bad_parameters(int cipher_id, int direction, 165*62c56f98SSadaf Ebrahimi data_t *key_str, data_t *src_str, 166*62c56f98SSadaf Ebrahimi data_t *iv_str, data_t *add_str, 167*62c56f98SSadaf Ebrahimi int tag_len_bits, int gcm_result) 168*62c56f98SSadaf Ebrahimi{ 169*62c56f98SSadaf Ebrahimi unsigned char output[128]; 170*62c56f98SSadaf Ebrahimi unsigned char tag_output[16]; 171*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 172*62c56f98SSadaf Ebrahimi size_t tag_len = tag_len_bits / 8; 173*62c56f98SSadaf Ebrahimi 174*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 175*62c56f98SSadaf Ebrahimi 176*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 177*62c56f98SSadaf Ebrahimi memset(tag_output, 0x00, sizeof(tag_output)); 178*62c56f98SSadaf Ebrahimi 179*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); 180*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, direction, src_str->len, iv_str->x, iv_str->len, 181*62c56f98SSadaf Ebrahimi add_str->x, add_str->len, src_str->x, output, tag_len, 182*62c56f98SSadaf Ebrahimi tag_output) == gcm_result); 183*62c56f98SSadaf Ebrahimi 184*62c56f98SSadaf Ebrahimiexit: 185*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 186*62c56f98SSadaf Ebrahimi} 187*62c56f98SSadaf Ebrahimi/* END_CASE */ 188*62c56f98SSadaf Ebrahimi 189*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 190*62c56f98SSadaf Ebrahimivoid gcm_encrypt_and_tag(int cipher_id, data_t *key_str, 191*62c56f98SSadaf Ebrahimi data_t *src_str, data_t *iv_str, 192*62c56f98SSadaf Ebrahimi data_t *add_str, data_t *dst, 193*62c56f98SSadaf Ebrahimi int tag_len_bits, data_t *tag, 194*62c56f98SSadaf Ebrahimi int init_result) 195*62c56f98SSadaf Ebrahimi{ 196*62c56f98SSadaf Ebrahimi unsigned char output[128]; 197*62c56f98SSadaf Ebrahimi unsigned char tag_output[16]; 198*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 199*62c56f98SSadaf Ebrahimi size_t tag_len = tag_len_bits / 8; 200*62c56f98SSadaf Ebrahimi size_t n1; 201*62c56f98SSadaf Ebrahimi size_t n1_add; 202*62c56f98SSadaf Ebrahimi 203*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 204*62c56f98SSadaf Ebrahimi 205*62c56f98SSadaf Ebrahimi memset(output, 0x00, 128); 206*62c56f98SSadaf Ebrahimi memset(tag_output, 0x00, 16); 207*62c56f98SSadaf Ebrahimi 208*62c56f98SSadaf Ebrahimi 209*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result); 210*62c56f98SSadaf Ebrahimi if (init_result == 0) { 211*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, src_str->len, iv_str->x, 212*62c56f98SSadaf Ebrahimi iv_str->len, add_str->x, add_str->len, src_str->x, 213*62c56f98SSadaf Ebrahimi output, tag_len, tag_output) == 0); 214*62c56f98SSadaf Ebrahimi 215*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, src_str->len, dst->x, dst->len); 216*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(tag_output, tag_len, tag->x, tag->len); 217*62c56f98SSadaf Ebrahimi 218*62c56f98SSadaf Ebrahimi for (n1 = 0; n1 <= src_str->len; n1 += 1) { 219*62c56f98SSadaf Ebrahimi for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) { 220*62c56f98SSadaf Ebrahimi mbedtls_test_set_step(n1 * 10000 + n1_add); 221*62c56f98SSadaf Ebrahimi if (!check_multipart(&ctx, MBEDTLS_GCM_ENCRYPT, 222*62c56f98SSadaf Ebrahimi iv_str, add_str, src_str, 223*62c56f98SSadaf Ebrahimi dst, tag, 224*62c56f98SSadaf Ebrahimi n1, n1_add)) { 225*62c56f98SSadaf Ebrahimi goto exit; 226*62c56f98SSadaf Ebrahimi } 227*62c56f98SSadaf Ebrahimi } 228*62c56f98SSadaf Ebrahimi } 229*62c56f98SSadaf Ebrahimi } 230*62c56f98SSadaf Ebrahimi 231*62c56f98SSadaf Ebrahimiexit: 232*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 233*62c56f98SSadaf Ebrahimi} 234*62c56f98SSadaf Ebrahimi/* END_CASE */ 235*62c56f98SSadaf Ebrahimi 236*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 237*62c56f98SSadaf Ebrahimivoid gcm_decrypt_and_verify(int cipher_id, data_t *key_str, 238*62c56f98SSadaf Ebrahimi data_t *src_str, data_t *iv_str, 239*62c56f98SSadaf Ebrahimi data_t *add_str, int tag_len_bits, 240*62c56f98SSadaf Ebrahimi data_t *tag_str, char *result, 241*62c56f98SSadaf Ebrahimi data_t *pt_result, int init_result) 242*62c56f98SSadaf Ebrahimi{ 243*62c56f98SSadaf Ebrahimi unsigned char output[128]; 244*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 245*62c56f98SSadaf Ebrahimi int ret; 246*62c56f98SSadaf Ebrahimi size_t tag_len = tag_len_bits / 8; 247*62c56f98SSadaf Ebrahimi size_t n1; 248*62c56f98SSadaf Ebrahimi size_t n1_add; 249*62c56f98SSadaf Ebrahimi 250*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 251*62c56f98SSadaf Ebrahimi 252*62c56f98SSadaf Ebrahimi memset(output, 0x00, 128); 253*62c56f98SSadaf Ebrahimi 254*62c56f98SSadaf Ebrahimi 255*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == init_result); 256*62c56f98SSadaf Ebrahimi if (init_result == 0) { 257*62c56f98SSadaf Ebrahimi ret = mbedtls_gcm_auth_decrypt(&ctx, 258*62c56f98SSadaf Ebrahimi src_str->len, 259*62c56f98SSadaf Ebrahimi iv_str->x, 260*62c56f98SSadaf Ebrahimi iv_str->len, 261*62c56f98SSadaf Ebrahimi add_str->x, 262*62c56f98SSadaf Ebrahimi add_str->len, 263*62c56f98SSadaf Ebrahimi tag_str->x, 264*62c56f98SSadaf Ebrahimi tag_len, 265*62c56f98SSadaf Ebrahimi src_str->x, 266*62c56f98SSadaf Ebrahimi output); 267*62c56f98SSadaf Ebrahimi 268*62c56f98SSadaf Ebrahimi if (strcmp("FAIL", result) == 0) { 269*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == MBEDTLS_ERR_GCM_AUTH_FAILED); 270*62c56f98SSadaf Ebrahimi } else { 271*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0); 272*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(output, src_str->len, pt_result->x, pt_result->len); 273*62c56f98SSadaf Ebrahimi 274*62c56f98SSadaf Ebrahimi for (n1 = 0; n1 <= src_str->len; n1 += 1) { 275*62c56f98SSadaf Ebrahimi for (n1_add = 0; n1_add <= add_str->len; n1_add += 1) { 276*62c56f98SSadaf Ebrahimi mbedtls_test_set_step(n1 * 10000 + n1_add); 277*62c56f98SSadaf Ebrahimi if (!check_multipart(&ctx, MBEDTLS_GCM_DECRYPT, 278*62c56f98SSadaf Ebrahimi iv_str, add_str, src_str, 279*62c56f98SSadaf Ebrahimi pt_result, tag_str, 280*62c56f98SSadaf Ebrahimi n1, n1_add)) { 281*62c56f98SSadaf Ebrahimi goto exit; 282*62c56f98SSadaf Ebrahimi } 283*62c56f98SSadaf Ebrahimi } 284*62c56f98SSadaf Ebrahimi } 285*62c56f98SSadaf Ebrahimi } 286*62c56f98SSadaf Ebrahimi } 287*62c56f98SSadaf Ebrahimi 288*62c56f98SSadaf Ebrahimiexit: 289*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 290*62c56f98SSadaf Ebrahimi} 291*62c56f98SSadaf Ebrahimi/* END_CASE */ 292*62c56f98SSadaf Ebrahimi 293*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 294*62c56f98SSadaf Ebrahimivoid gcm_decrypt_and_verify_empty_cipher(int cipher_id, 295*62c56f98SSadaf Ebrahimi data_t *key_str, 296*62c56f98SSadaf Ebrahimi data_t *iv_str, 297*62c56f98SSadaf Ebrahimi data_t *add_str, 298*62c56f98SSadaf Ebrahimi data_t *tag_str, 299*62c56f98SSadaf Ebrahimi int cipher_update_calls) 300*62c56f98SSadaf Ebrahimi{ 301*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 302*62c56f98SSadaf Ebrahimi 303*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 304*62c56f98SSadaf Ebrahimi 305*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); 306*62c56f98SSadaf Ebrahimi check_empty_cipher_with_ad(&ctx, MBEDTLS_GCM_DECRYPT, 307*62c56f98SSadaf Ebrahimi iv_str, add_str, tag_str, 308*62c56f98SSadaf Ebrahimi cipher_update_calls); 309*62c56f98SSadaf Ebrahimi 310*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 311*62c56f98SSadaf Ebrahimi} 312*62c56f98SSadaf Ebrahimi/* END_CASE */ 313*62c56f98SSadaf Ebrahimi 314*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 315*62c56f98SSadaf Ebrahimivoid gcm_decrypt_and_verify_empty_ad(int cipher_id, 316*62c56f98SSadaf Ebrahimi data_t *key_str, 317*62c56f98SSadaf Ebrahimi data_t *iv_str, 318*62c56f98SSadaf Ebrahimi data_t *src_str, 319*62c56f98SSadaf Ebrahimi data_t *tag_str, 320*62c56f98SSadaf Ebrahimi data_t *pt_result, 321*62c56f98SSadaf Ebrahimi int ad_update_calls) 322*62c56f98SSadaf Ebrahimi{ 323*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 324*62c56f98SSadaf Ebrahimi 325*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 326*62c56f98SSadaf Ebrahimi 327*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); 328*62c56f98SSadaf Ebrahimi check_cipher_with_empty_ad(&ctx, MBEDTLS_GCM_DECRYPT, 329*62c56f98SSadaf Ebrahimi iv_str, src_str, pt_result, tag_str, 330*62c56f98SSadaf Ebrahimi ad_update_calls); 331*62c56f98SSadaf Ebrahimi 332*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 333*62c56f98SSadaf Ebrahimi} 334*62c56f98SSadaf Ebrahimi/* END_CASE */ 335*62c56f98SSadaf Ebrahimi 336*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 337*62c56f98SSadaf Ebrahimivoid gcm_decrypt_and_verify_no_ad_no_cipher(int cipher_id, 338*62c56f98SSadaf Ebrahimi data_t *key_str, 339*62c56f98SSadaf Ebrahimi data_t *iv_str, 340*62c56f98SSadaf Ebrahimi data_t *tag_str) 341*62c56f98SSadaf Ebrahimi{ 342*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 343*62c56f98SSadaf Ebrahimi 344*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 345*62c56f98SSadaf Ebrahimi 346*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); 347*62c56f98SSadaf Ebrahimi check_no_cipher_no_ad(&ctx, MBEDTLS_GCM_DECRYPT, 348*62c56f98SSadaf Ebrahimi iv_str, tag_str); 349*62c56f98SSadaf Ebrahimi 350*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 351*62c56f98SSadaf Ebrahimi} 352*62c56f98SSadaf Ebrahimi/* END_CASE */ 353*62c56f98SSadaf Ebrahimi 354*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 355*62c56f98SSadaf Ebrahimivoid gcm_encrypt_and_tag_empty_cipher(int cipher_id, 356*62c56f98SSadaf Ebrahimi data_t *key_str, 357*62c56f98SSadaf Ebrahimi data_t *iv_str, 358*62c56f98SSadaf Ebrahimi data_t *add_str, 359*62c56f98SSadaf Ebrahimi data_t *tag_str, 360*62c56f98SSadaf Ebrahimi int cipher_update_calls) 361*62c56f98SSadaf Ebrahimi{ 362*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 363*62c56f98SSadaf Ebrahimi 364*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 365*62c56f98SSadaf Ebrahimi 366*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); 367*62c56f98SSadaf Ebrahimi check_empty_cipher_with_ad(&ctx, MBEDTLS_GCM_ENCRYPT, 368*62c56f98SSadaf Ebrahimi iv_str, add_str, tag_str, 369*62c56f98SSadaf Ebrahimi cipher_update_calls); 370*62c56f98SSadaf Ebrahimi 371*62c56f98SSadaf Ebrahimiexit: 372*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 373*62c56f98SSadaf Ebrahimi} 374*62c56f98SSadaf Ebrahimi/* END_CASE */ 375*62c56f98SSadaf Ebrahimi 376*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 377*62c56f98SSadaf Ebrahimivoid gcm_encrypt_and_tag_empty_ad(int cipher_id, 378*62c56f98SSadaf Ebrahimi data_t *key_str, 379*62c56f98SSadaf Ebrahimi data_t *iv_str, 380*62c56f98SSadaf Ebrahimi data_t *src_str, 381*62c56f98SSadaf Ebrahimi data_t *dst, 382*62c56f98SSadaf Ebrahimi data_t *tag_str, 383*62c56f98SSadaf Ebrahimi int ad_update_calls) 384*62c56f98SSadaf Ebrahimi{ 385*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 386*62c56f98SSadaf Ebrahimi 387*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 388*62c56f98SSadaf Ebrahimi 389*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); 390*62c56f98SSadaf Ebrahimi check_cipher_with_empty_ad(&ctx, MBEDTLS_GCM_ENCRYPT, 391*62c56f98SSadaf Ebrahimi iv_str, src_str, dst, tag_str, 392*62c56f98SSadaf Ebrahimi ad_update_calls); 393*62c56f98SSadaf Ebrahimi 394*62c56f98SSadaf Ebrahimiexit: 395*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 396*62c56f98SSadaf Ebrahimi} 397*62c56f98SSadaf Ebrahimi/* END_CASE */ 398*62c56f98SSadaf Ebrahimi 399*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 400*62c56f98SSadaf Ebrahimivoid gcm_encrypt_and_verify_no_ad_no_cipher(int cipher_id, 401*62c56f98SSadaf Ebrahimi data_t *key_str, 402*62c56f98SSadaf Ebrahimi data_t *iv_str, 403*62c56f98SSadaf Ebrahimi data_t *tag_str) 404*62c56f98SSadaf Ebrahimi{ 405*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 406*62c56f98SSadaf Ebrahimi 407*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 408*62c56f98SSadaf Ebrahimi 409*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8) == 0); 410*62c56f98SSadaf Ebrahimi check_no_cipher_no_ad(&ctx, MBEDTLS_GCM_ENCRYPT, 411*62c56f98SSadaf Ebrahimi iv_str, tag_str); 412*62c56f98SSadaf Ebrahimi 413*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 414*62c56f98SSadaf Ebrahimi} 415*62c56f98SSadaf Ebrahimi/* END_CASE */ 416*62c56f98SSadaf Ebrahimi 417*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 418*62c56f98SSadaf Ebrahimivoid gcm_invalid_param() 419*62c56f98SSadaf Ebrahimi{ 420*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 421*62c56f98SSadaf Ebrahimi unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; 422*62c56f98SSadaf Ebrahimi mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; 423*62c56f98SSadaf Ebrahimi int invalid_bitlen = 1; 424*62c56f98SSadaf Ebrahimi 425*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 426*62c56f98SSadaf Ebrahimi 427*62c56f98SSadaf Ebrahimi /* mbedtls_gcm_setkey */ 428*62c56f98SSadaf Ebrahimi TEST_EQUAL( 429*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_GCM_BAD_INPUT, 430*62c56f98SSadaf Ebrahimi mbedtls_gcm_setkey(&ctx, valid_cipher, valid_buffer, invalid_bitlen)); 431*62c56f98SSadaf Ebrahimi 432*62c56f98SSadaf Ebrahimiexit: 433*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 434*62c56f98SSadaf Ebrahimi} 435*62c56f98SSadaf Ebrahimi/* END_CASE */ 436*62c56f98SSadaf Ebrahimi 437*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 438*62c56f98SSadaf Ebrahimivoid gcm_update_output_buffer_too_small(int cipher_id, int mode, 439*62c56f98SSadaf Ebrahimi data_t *key_str, const data_t *input, 440*62c56f98SSadaf Ebrahimi const data_t *iv) 441*62c56f98SSadaf Ebrahimi{ 442*62c56f98SSadaf Ebrahimi mbedtls_gcm_context ctx; 443*62c56f98SSadaf Ebrahimi uint8_t *output = NULL; 444*62c56f98SSadaf Ebrahimi size_t olen = 0; 445*62c56f98SSadaf Ebrahimi size_t output_len = input->len - 1; 446*62c56f98SSadaf Ebrahimi 447*62c56f98SSadaf Ebrahimi mbedtls_gcm_init(&ctx); 448*62c56f98SSadaf Ebrahimi TEST_EQUAL(mbedtls_gcm_setkey(&ctx, cipher_id, key_str->x, key_str->len * 8), 0); 449*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_gcm_starts(&ctx, mode, iv->x, iv->len)); 450*62c56f98SSadaf Ebrahimi 451*62c56f98SSadaf Ebrahimi TEST_CALLOC(output, output_len); 452*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_GCM_BUFFER_TOO_SMALL, 453*62c56f98SSadaf Ebrahimi mbedtls_gcm_update(&ctx, input->x, input->len, output, output_len, &olen)); 454*62c56f98SSadaf Ebrahimi 455*62c56f98SSadaf Ebrahimiexit: 456*62c56f98SSadaf Ebrahimi mbedtls_free(output); 457*62c56f98SSadaf Ebrahimi mbedtls_gcm_free(&ctx); 458*62c56f98SSadaf Ebrahimi} 459*62c56f98SSadaf Ebrahimi/* END_CASE */ 460*62c56f98SSadaf Ebrahimi 461*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ 462*62c56f98SSadaf Ebrahimivoid gcm_selftest() 463*62c56f98SSadaf Ebrahimi{ 464*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_gcm_self_test(1) == 0); 465*62c56f98SSadaf Ebrahimi} 466*62c56f98SSadaf Ebrahimi/* END_CASE */ 467