wolfSSL/wolfssl
1
0
Fork 1
mirror of https://github.com/wolfSSL/wolfssl.git synced 2025-07-31 19:24:42 +02:00
Code Issues Packages Projects Releases Wiki Activity

Unit test GCM sanity check Fips change.

Browse Source
This commit is contained in:
jrblixt
2017-07-20 16:01:53 -06:00
parent e9f87b9f33
commit f8e2f596d6
2 changed files with 55 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files

103
tests/api.c
View File

@@ -6127,7 +6127,7 @@ static int test_wc_AesGcmEncryptDecrypt (void)
0xab, 0xad, 0xda, 0xd2 0xab, 0xad, 0xda, 0xd2
}; };
byte iv[] = "1234567890a"; byte iv[] = "1234567890a";
byte badIV[] = "1234567890abcde"; byte longIV[] = "1234567890abcdefghij";
byte enc[sizeof(vector)]; byte enc[sizeof(vector)];
byte resultT[AES_BLOCK_SIZE]; byte resultT[AES_BLOCK_SIZE];
byte dec[sizeof(vector)]; byte dec[sizeof(vector)];
@@ -6142,17 +6142,16 @@ static int test_wc_AesGcmEncryptDecrypt (void)
ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte)); ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
if (ret == 0) { if (ret == 0) {
ret = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT, iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a)); sizeof(resultT), a, sizeof(a));
} }
if (ret == 0) { /* If encrypt fails, no decrypt. */ if (gcmE == 0) { /* If encrypt fails, no decrypt. */
gcmE = 0; gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
ret = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
iv, sizeof(iv)/sizeof(byte), resultT, iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a)); sizeof(resultT), a, sizeof(a));
if(ret == 0 || (XMEMCMP(vector, dec, sizeof(vector)) == 0)) { if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
gcmD = 0; gcmD = SSL_FATAL_ERROR;
} }
} }
printf(testingFmt, "wc_AesGcmEncrypt()"); printf(testingFmt, "wc_AesGcmEncrypt()");
@@ -6172,65 +6171,61 @@ static int test_wc_AesGcmEncryptDecrypt (void)
resultT, sizeof(resultT) - 5, a, sizeof(a)); resultT, sizeof(resultT) - 5, a, sizeof(a));
} }
if (gcmE == BAD_FUNC_ARG) { if (gcmE == BAD_FUNC_ARG) {
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), badIV, gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
sizeof(badIV)/sizeof(byte), resultT, sizeof(resultT), sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
a, sizeof(a)); a, sizeof(a));
} }
#ifdef HAVE_FIPS #ifdef HAVE_FIPS
if (gcmE == BAD_FUNC_ARG) { if (gcmE == BAD_FUNC_ARG) {
gcmE = 0; gcmE = 0;
} else { } else {
gcmE = SSL_FATAL_ERROR; gcmE = SSL_FATAL_ERROR;
} }
#endif #endif
} /* END wc_AesGcmEncrypt */ } /* END wc_AesGcmEncrypt */
printf(resultFmt, gcmE == 0 ? passed : failed); printf(resultFmt, gcmE == 0 ? passed : failed);
printf(testingFmt, "wc_AesGcmDecrypt()"); #ifdef HAVE_AES_DECRYPT
printf(testingFmt, "wc_AesGcmDecrypt()");
if (gcmD == 0) { if (gcmD == 0) {
gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte), gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT, iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a)); sizeof(resultT), a, sizeof(a));
if (gcmD == BAD_FUNC_ARG) { if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte), gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT, iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a)); sizeof(resultT), a, sizeof(a));
} }
if (gcmD == BAD_FUNC_ARG) { if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte), gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT, iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a)); sizeof(resultT), a, sizeof(a));
} }
if (gcmD == BAD_FUNC_ARG) { if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
NULL, sizeof(iv)/sizeof(byte), resultT, NULL, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a)); sizeof(resultT), a, sizeof(a));
} }
if (gcmD == BAD_FUNC_ARG) { if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte), gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), NULL, iv, sizeof(iv)/sizeof(byte), NULL,
sizeof(resultT), a, sizeof(a)); sizeof(resultT), a, sizeof(a));
} }
if (gcmD == BAD_FUNC_ARG) { if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, 0, iv, gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
sizeof(iv)/sizeof(byte), resultT, iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT), a, sizeof(a)); sizeof(resultT) + 1, a, sizeof(a));
} }
if (gcmD == BAD_FUNC_ARG) {
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
iv, sizeof(iv)/sizeof(byte), resultT,
sizeof(resultT) + 1, a, sizeof(a));
if (gcmD == BAD_FUNC_ARG) { if (gcmD == BAD_FUNC_ARG) {
gcmD = 0; gcmD = 0;
} else { } else {
gcmD = SSL_FATAL_ERROR; gcmD = SSL_FATAL_ERROR;
} }
} } /* END wc_AesGcmDecrypt */
} /* END wc_AesGcmDecrypt */
printf(resultFmt, gcmD == 0 ? passed : failed);
printf(resultFmt, gcmD == 0 ? passed : failed);
#endif /* HAVE_AES_DECRYPT */
#endif #endif
return 0; return 0;

13
wolfcrypt/src/aes.c
View File

@@ -121,8 +121,8 @@
const byte* authIn, word32 authInSz) const byte* authIn, word32 authInSz)
{ {
if (aes == NULL || authTagSz > AES_BLOCK_SIZE if (aes == NULL || authTagSz > AES_BLOCK_SIZE
|| ivSz != WOLFSSL_MIN_AUTH_TAG_SZ || authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ ||
|| authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) { ivSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -136,10 +136,9 @@
const byte* authTag, word32 authTagSz, const byte* authTag, word32 authTagSz,
const byte* authIn, word32 authInSz) const byte* authIn, word32 authInSz)
{ {
if (aes == NULL || out == NULL || in == NULL || sz == 0 if (aes == NULL || out == NULL || in == NULL || iv == NULL
|| iv == NULL || authTag == NULL || authTag == NULL || authTagSz > AES_BLOCK_SIZE ||
|| ivSz != WOLFSSL_MIN_AUTH_TAG_SZ ivSz > AES_BLOCK_SIZE) {
||authTagSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }
@@ -4753,7 +4752,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
#endif #endif
/* argument checks */ /* argument checks */
if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL || if (aes == NULL || out == NULL || in == NULL || iv == NULL ||
authTag == NULL || authTagSz > AES_BLOCK_SIZE) { authTag == NULL || authTagSz > AES_BLOCK_SIZE) {
return BAD_FUNC_ARG; return BAD_FUNC_ARG;
} }