add AEAD bad tag tests

This commit is contained in:
Jeremiah Mackey
2026-05-05 22:12:51 +00:00
parent 90359f90e1
commit ec44572bfc
4 changed files with 128 additions and 0 deletions
+64
View File
@@ -4400,6 +4400,70 @@ int test_wc_AesGcmStream_ReinitAfterFinal(void)
return EXPECT_RESULT();
} /* END test_wc_AesGcmStream_ReinitAfterFinal */
int test_wc_AesGcmStream_BadAuthTag(void)
{
EXPECT_DECLS;
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_DECRYPT) && \
defined(WOLFSSL_AES_128) && defined(WOLFSSL_AESGCM_STREAM)
static const byte key[AES_128_KEY_SIZE] = {
0xfe,0xff,0xe9,0x92, 0x86,0x65,0x73,0x1c,
0x6d,0x6a,0x8f,0x94, 0x67,0x30,0x83,0x08
};
static const byte iv[GCM_NONCE_MID_SZ] = {
0xca,0xfe,0xba,0xbe, 0xfa,0xce,0xdb,0xad,
0xde,0xca,0xf8,0x88
};
static const byte aad[20] = {
0xfe,0xed,0xfa,0xce, 0xde,0xad,0xbe,0xef,
0xfe,0xed,0xfa,0xce, 0xde,0xad,0xbe,0xef,
0xab,0xad,0xda,0xd2
};
static const byte plain[16] = {
0xd9,0x31,0x32,0x25, 0xf8,0x84,0x06,0xe5,
0xa5,0x59,0x09,0xc5, 0xaf,0xf5,0x26,0x9a
};
Aes enc[1];
Aes dec[1];
byte ct[sizeof(plain)];
byte pt[sizeof(plain)];
byte tag[WC_AES_BLOCK_SIZE];
byte bad_aad[sizeof(aad)];
XMEMSET(enc, 0, sizeof(Aes));
XMEMSET(dec, 0, sizeof(Aes));
XMEMSET(tag, 0, sizeof(tag));
ExpectIntEQ(wc_AesInit(enc, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_AesGcmInit(enc, key, sizeof(key), iv, sizeof(iv)), 0);
ExpectIntEQ(wc_AesGcmEncryptUpdate(enc, ct, plain, sizeof(plain),
aad, sizeof(aad)), 0);
ExpectIntEQ(wc_AesGcmEncryptFinal(enc, tag, sizeof(tag)), 0);
wc_AesFree(enc);
tag[0] ^= 0x01;
ExpectIntEQ(wc_AesInit(dec, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_AesGcmDecryptInit(dec, key, sizeof(key), iv, sizeof(iv)), 0);
ExpectIntEQ(wc_AesGcmDecryptUpdate(dec, pt, ct, sizeof(ct),
aad, sizeof(aad)), 0);
ExpectIntEQ(wc_AesGcmDecryptFinal(dec, tag, sizeof(tag)),
WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
wc_AesFree(dec);
tag[0] ^= 0x01;
XMEMCPY(bad_aad, aad, sizeof(aad));
bad_aad[0] ^= 0x01;
ExpectIntEQ(wc_AesInit(dec, NULL, INVALID_DEVID), 0);
ExpectIntEQ(wc_AesGcmDecryptInit(dec, key, sizeof(key), iv, sizeof(iv)), 0);
ExpectIntEQ(wc_AesGcmDecryptUpdate(dec, pt, ct, sizeof(ct),
bad_aad, sizeof(bad_aad)), 0);
ExpectIntEQ(wc_AesGcmDecryptFinal(dec, tag, sizeof(tag)),
WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
wc_AesFree(dec);
#endif
return EXPECT_RESULT();
}
/*******************************************************************************
* GMAC
******************************************************************************/
+2
View File
@@ -54,6 +54,7 @@ int test_wc_AesGcmNonStdNonce(void);
int test_wc_AesGcmStream(void);
int test_wc_AesGcmStream_MidStreamState(void);
int test_wc_AesGcmStream_ReinitAfterFinal(void);
int test_wc_AesGcmStream_BadAuthTag(void);
int test_wc_AesCcmSetKey(void);
int test_wc_AesCcmEncryptDecrypt(void);
int test_wc_AesCcmEncryptDecrypt_InPlace(void);
@@ -151,6 +152,7 @@ int test_wc_CryptoCb_Tls13_Key_No_Zero_Without_Offload(void);
TEST_DECL_GROUP("aes", test_wc_AesGcmStream), \
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_MidStreamState), \
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_ReinitAfterFinal), \
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_BadAuthTag), \
TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt_InPlace), \
+60
View File
@@ -284,6 +284,66 @@ int test_wc_XChaCha20Poly1305_aead(void)
return EXPECT_RESULT();
} /* END test_wc_XChaCha20Poly1305_aead */
int test_wc_XChaCha20Poly1305_BadAuthTag(void)
{
EXPECT_DECLS;
#if defined(HAVE_POLY1305) && defined(HAVE_XCHACHA)
const byte key[32] = {
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
};
const byte nonce[24] = {
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57
};
const byte plaintext[] = {
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x73
};
const byte aad[] = {
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3
};
byte ct[sizeof(plaintext) + 16];
byte pt[sizeof(plaintext)];
byte ct_bad[sizeof(ct)];
byte aad_bad[sizeof(aad)];
XMEMSET(ct, 0, sizeof(ct));
ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(ct, sizeof(ct),
plaintext, sizeof(plaintext), aad, sizeof(aad),
nonce, sizeof(nonce), key, sizeof(key)), 0);
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct, sizeof(ct),
aad, sizeof(aad), nonce, sizeof(nonce), key, sizeof(key)), 0);
XMEMCPY(ct_bad, ct, sizeof(ct));
ct_bad[sizeof(ct) - 1] ^= 0x01;
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct_bad,
sizeof(ct_bad), aad, sizeof(aad), nonce, sizeof(nonce),
key, sizeof(key)),
WC_NO_ERR_TRACE(MAC_CMP_FAILED_E));
XMEMCPY(ct_bad, ct, sizeof(ct));
ct_bad[0] ^= 0x01;
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct_bad,
sizeof(ct_bad), aad, sizeof(aad), nonce, sizeof(nonce),
key, sizeof(key)),
WC_NO_ERR_TRACE(MAC_CMP_FAILED_E));
XMEMCPY(aad_bad, aad, sizeof(aad));
aad_bad[0] ^= 0x01;
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct, sizeof(ct),
aad_bad, sizeof(aad_bad), nonce, sizeof(nonce),
key, sizeof(key)),
WC_NO_ERR_TRACE(MAC_CMP_FAILED_E));
#endif
return EXPECT_RESULT();
}
#include <wolfssl/wolfcrypt/random.h>
#define MC_CIPHER_TEST_COUNT 100
+2
View File
@@ -26,6 +26,7 @@
int test_wc_ChaCha20Poly1305_aead(void);
int test_wc_XChaCha20Poly1305_aead(void);
int test_wc_XChaCha20Poly1305_BadAuthTag(void);
int test_wc_ChaCha20Poly1305_MonteCarlo(void);
int test_wc_ChaCha20Poly1305_Stream(void);
int test_wc_ChaCha20Poly1305_AeadEdgeCases(void);
@@ -38,6 +39,7 @@ int test_wc_ChaCha20Poly1305_CrossCipher(void);
#define TEST_CHACHA20_POLY1305_DECLS \
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead), \
TEST_DECL_GROUP("xchacha20-poly1305", test_wc_XChaCha20Poly1305_aead), \
TEST_DECL_GROUP("xchacha20-poly1305", test_wc_XChaCha20Poly1305_BadAuthTag), \
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_MonteCarlo), \
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_Stream), \
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_AeadEdgeCases), \