mirror of
https://github.com/wolfSSL/wolfssl.git
synced 2026-07-05 10:50:53 +02:00
add AEAD bad tag tests
This commit is contained in:
@@ -4400,6 +4400,70 @@ int test_wc_AesGcmStream_ReinitAfterFinal(void)
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_wc_AesGcmStream_ReinitAfterFinal */
|
||||
|
||||
int test_wc_AesGcmStream_BadAuthTag(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if !defined(NO_AES) && defined(HAVE_AESGCM) && defined(HAVE_AES_DECRYPT) && \
|
||||
defined(WOLFSSL_AES_128) && defined(WOLFSSL_AESGCM_STREAM)
|
||||
static const byte key[AES_128_KEY_SIZE] = {
|
||||
0xfe,0xff,0xe9,0x92, 0x86,0x65,0x73,0x1c,
|
||||
0x6d,0x6a,0x8f,0x94, 0x67,0x30,0x83,0x08
|
||||
};
|
||||
static const byte iv[GCM_NONCE_MID_SZ] = {
|
||||
0xca,0xfe,0xba,0xbe, 0xfa,0xce,0xdb,0xad,
|
||||
0xde,0xca,0xf8,0x88
|
||||
};
|
||||
static const byte aad[20] = {
|
||||
0xfe,0xed,0xfa,0xce, 0xde,0xad,0xbe,0xef,
|
||||
0xfe,0xed,0xfa,0xce, 0xde,0xad,0xbe,0xef,
|
||||
0xab,0xad,0xda,0xd2
|
||||
};
|
||||
static const byte plain[16] = {
|
||||
0xd9,0x31,0x32,0x25, 0xf8,0x84,0x06,0xe5,
|
||||
0xa5,0x59,0x09,0xc5, 0xaf,0xf5,0x26,0x9a
|
||||
};
|
||||
Aes enc[1];
|
||||
Aes dec[1];
|
||||
byte ct[sizeof(plain)];
|
||||
byte pt[sizeof(plain)];
|
||||
byte tag[WC_AES_BLOCK_SIZE];
|
||||
byte bad_aad[sizeof(aad)];
|
||||
|
||||
XMEMSET(enc, 0, sizeof(Aes));
|
||||
XMEMSET(dec, 0, sizeof(Aes));
|
||||
XMEMSET(tag, 0, sizeof(tag));
|
||||
|
||||
ExpectIntEQ(wc_AesInit(enc, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_AesGcmInit(enc, key, sizeof(key), iv, sizeof(iv)), 0);
|
||||
ExpectIntEQ(wc_AesGcmEncryptUpdate(enc, ct, plain, sizeof(plain),
|
||||
aad, sizeof(aad)), 0);
|
||||
ExpectIntEQ(wc_AesGcmEncryptFinal(enc, tag, sizeof(tag)), 0);
|
||||
wc_AesFree(enc);
|
||||
|
||||
tag[0] ^= 0x01;
|
||||
|
||||
ExpectIntEQ(wc_AesInit(dec, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_AesGcmDecryptInit(dec, key, sizeof(key), iv, sizeof(iv)), 0);
|
||||
ExpectIntEQ(wc_AesGcmDecryptUpdate(dec, pt, ct, sizeof(ct),
|
||||
aad, sizeof(aad)), 0);
|
||||
ExpectIntEQ(wc_AesGcmDecryptFinal(dec, tag, sizeof(tag)),
|
||||
WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
|
||||
wc_AesFree(dec);
|
||||
|
||||
tag[0] ^= 0x01;
|
||||
XMEMCPY(bad_aad, aad, sizeof(aad));
|
||||
bad_aad[0] ^= 0x01;
|
||||
ExpectIntEQ(wc_AesInit(dec, NULL, INVALID_DEVID), 0);
|
||||
ExpectIntEQ(wc_AesGcmDecryptInit(dec, key, sizeof(key), iv, sizeof(iv)), 0);
|
||||
ExpectIntEQ(wc_AesGcmDecryptUpdate(dec, pt, ct, sizeof(ct),
|
||||
bad_aad, sizeof(bad_aad)), 0);
|
||||
ExpectIntEQ(wc_AesGcmDecryptFinal(dec, tag, sizeof(tag)),
|
||||
WC_NO_ERR_TRACE(AES_GCM_AUTH_E));
|
||||
wc_AesFree(dec);
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
/*******************************************************************************
|
||||
* GMAC
|
||||
******************************************************************************/
|
||||
|
||||
@@ -54,6 +54,7 @@ int test_wc_AesGcmNonStdNonce(void);
|
||||
int test_wc_AesGcmStream(void);
|
||||
int test_wc_AesGcmStream_MidStreamState(void);
|
||||
int test_wc_AesGcmStream_ReinitAfterFinal(void);
|
||||
int test_wc_AesGcmStream_BadAuthTag(void);
|
||||
int test_wc_AesCcmSetKey(void);
|
||||
int test_wc_AesCcmEncryptDecrypt(void);
|
||||
int test_wc_AesCcmEncryptDecrypt_InPlace(void);
|
||||
@@ -151,6 +152,7 @@ int test_wc_CryptoCb_Tls13_Key_No_Zero_Without_Offload(void);
|
||||
TEST_DECL_GROUP("aes", test_wc_AesGcmStream), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_MidStreamState), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_ReinitAfterFinal), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesGcmStream_BadAuthTag), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesCcmSetKey), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt), \
|
||||
TEST_DECL_GROUP("aes", test_wc_AesCcmEncryptDecrypt_InPlace), \
|
||||
|
||||
@@ -284,6 +284,66 @@ int test_wc_XChaCha20Poly1305_aead(void)
|
||||
return EXPECT_RESULT();
|
||||
} /* END test_wc_XChaCha20Poly1305_aead */
|
||||
|
||||
int test_wc_XChaCha20Poly1305_BadAuthTag(void)
|
||||
{
|
||||
EXPECT_DECLS;
|
||||
#if defined(HAVE_POLY1305) && defined(HAVE_XCHACHA)
|
||||
const byte key[32] = {
|
||||
0x80, 0x81, 0x82, 0x83, 0x84, 0x85, 0x86, 0x87,
|
||||
0x88, 0x89, 0x8a, 0x8b, 0x8c, 0x8d, 0x8e, 0x8f,
|
||||
0x90, 0x91, 0x92, 0x93, 0x94, 0x95, 0x96, 0x97,
|
||||
0x98, 0x99, 0x9a, 0x9b, 0x9c, 0x9d, 0x9e, 0x9f
|
||||
};
|
||||
const byte nonce[24] = {
|
||||
0x40, 0x41, 0x42, 0x43, 0x44, 0x45, 0x46, 0x47,
|
||||
0x48, 0x49, 0x4a, 0x4b, 0x4c, 0x4d, 0x4e, 0x4f,
|
||||
0x50, 0x51, 0x52, 0x53, 0x54, 0x55, 0x56, 0x57
|
||||
};
|
||||
const byte plaintext[] = {
|
||||
0x4c, 0x61, 0x64, 0x69, 0x65, 0x73, 0x20, 0x61,
|
||||
0x6e, 0x64, 0x20, 0x47, 0x65, 0x6e, 0x74, 0x73
|
||||
};
|
||||
const byte aad[] = {
|
||||
0x50, 0x51, 0x52, 0x53, 0xc0, 0xc1, 0xc2, 0xc3
|
||||
};
|
||||
byte ct[sizeof(plaintext) + 16];
|
||||
byte pt[sizeof(plaintext)];
|
||||
byte ct_bad[sizeof(ct)];
|
||||
byte aad_bad[sizeof(aad)];
|
||||
|
||||
XMEMSET(ct, 0, sizeof(ct));
|
||||
|
||||
ExpectIntEQ(wc_XChaCha20Poly1305_Encrypt(ct, sizeof(ct),
|
||||
plaintext, sizeof(plaintext), aad, sizeof(aad),
|
||||
nonce, sizeof(nonce), key, sizeof(key)), 0);
|
||||
|
||||
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct, sizeof(ct),
|
||||
aad, sizeof(aad), nonce, sizeof(nonce), key, sizeof(key)), 0);
|
||||
|
||||
XMEMCPY(ct_bad, ct, sizeof(ct));
|
||||
ct_bad[sizeof(ct) - 1] ^= 0x01;
|
||||
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct_bad,
|
||||
sizeof(ct_bad), aad, sizeof(aad), nonce, sizeof(nonce),
|
||||
key, sizeof(key)),
|
||||
WC_NO_ERR_TRACE(MAC_CMP_FAILED_E));
|
||||
|
||||
XMEMCPY(ct_bad, ct, sizeof(ct));
|
||||
ct_bad[0] ^= 0x01;
|
||||
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct_bad,
|
||||
sizeof(ct_bad), aad, sizeof(aad), nonce, sizeof(nonce),
|
||||
key, sizeof(key)),
|
||||
WC_NO_ERR_TRACE(MAC_CMP_FAILED_E));
|
||||
|
||||
XMEMCPY(aad_bad, aad, sizeof(aad));
|
||||
aad_bad[0] ^= 0x01;
|
||||
ExpectIntEQ(wc_XChaCha20Poly1305_Decrypt(pt, sizeof(pt), ct, sizeof(ct),
|
||||
aad_bad, sizeof(aad_bad), nonce, sizeof(nonce),
|
||||
key, sizeof(key)),
|
||||
WC_NO_ERR_TRACE(MAC_CMP_FAILED_E));
|
||||
#endif
|
||||
return EXPECT_RESULT();
|
||||
}
|
||||
|
||||
#include <wolfssl/wolfcrypt/random.h>
|
||||
|
||||
#define MC_CIPHER_TEST_COUNT 100
|
||||
|
||||
@@ -26,6 +26,7 @@
|
||||
|
||||
int test_wc_ChaCha20Poly1305_aead(void);
|
||||
int test_wc_XChaCha20Poly1305_aead(void);
|
||||
int test_wc_XChaCha20Poly1305_BadAuthTag(void);
|
||||
int test_wc_ChaCha20Poly1305_MonteCarlo(void);
|
||||
int test_wc_ChaCha20Poly1305_Stream(void);
|
||||
int test_wc_ChaCha20Poly1305_AeadEdgeCases(void);
|
||||
@@ -38,6 +39,7 @@ int test_wc_ChaCha20Poly1305_CrossCipher(void);
|
||||
#define TEST_CHACHA20_POLY1305_DECLS \
|
||||
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_aead), \
|
||||
TEST_DECL_GROUP("xchacha20-poly1305", test_wc_XChaCha20Poly1305_aead), \
|
||||
TEST_DECL_GROUP("xchacha20-poly1305", test_wc_XChaCha20Poly1305_BadAuthTag), \
|
||||
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_MonteCarlo), \
|
||||
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_Stream), \
|
||||
TEST_DECL_GROUP("chacha20-poly1305", test_wc_ChaCha20Poly1305_AeadEdgeCases), \
|
||||
|
||||
Reference in New Issue
Block a user