[PATCH] tests/basic: add invalid-tag negative tests for GCM

Jussi Kivilinna jussi.kivilinna at iki.fi
Fri Jan 6 14:29:36 CET 2017


* tests/basic.c (_check_gcm_cipher): Add invalid-tag tests.
--

Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
 0 files changed

diff --git a/tests/basic.c b/tests/basic.c
index 6d086b5..89ea3d5 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -1263,7 +1263,8 @@ _check_gcm_cipher (unsigned int step)
     char out[MAX_DATA_LEN];
     char tag[MAX_DATA_LEN];
     int taglen;
-    int should_fail;
+    int wrong_taglen;
+    int bad_tag;
   } tv[] =
     {
       /* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf */
@@ -1454,7 +1455,80 @@ _check_gcm_cipher (unsigned int step)
         "\xee\xb2\xb2\x2a\xaf\xde\x64\x19\xa0\x58\xab\x4f\x6f\x74\x6b\xf4"
         "\x0f\xc0\xc3\xb7\x80\xf2\x44\x45\x2d\xa3\xeb\xf1\xc5\xd8\x2c\xde"
         "\xa2\x41\x89\x97\x20\x0e\xf8\x2e\x44\xae\x7e\x3f",
-        "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" }
+        "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" },
+      /* negative tests, invalid tag. */
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a",
+	16, 0, 1 },
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\xd8\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a",
+	16, 0, 1 },
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5b",
+	16, 0, 1 },
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\xd8\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5b",
+	16, 0, 1 },
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\x58\xe2\xfc\xce\xfa\x7e\x30\xFF\x36\x7f\x1d\x57\xa4\xe7\x45\x5a",
+	16, 0, 1 },
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\x58\xe2\xfc\xce\xfa\x7e\x30\xFF\xFF\x7f\x1d\x57\xa4\xe7\x45\x5a",
+	16, 0, 1 },
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\x58\xe2\xfc\xce\xfa\x7e\x30\xFF\x36\x7f\x1d\x57\xa4\xe7\x45\xFF",
+	16, 0, 1 },
+      { GCRY_CIPHER_AES,
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+	"\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+	"", 0,
+	"",
+	0,
+	"",
+	"\xFF\xe2\xfc\xce\xfa\x7e\x30\x61\xFF\x7f\x1d\x57\xa4\xe7\x45\x5a",
+	16, 0, 1 },
     };
 
   gcry_cipher_hd_t hde, hdd;
@@ -1607,7 +1681,7 @@ _check_gcm_cipher (unsigned int step)
       err = gcry_cipher_gettag (hde, out, taglen2);
       if (err)
         {
-          if (tv[i].should_fail)
+          if (tv[i].wrong_taglen)
             goto next_tv;
 
           fail ("aes-gcm, gcry_cipher_gettag(%d) failed: %s\n",
@@ -1617,8 +1691,13 @@ _check_gcm_cipher (unsigned int step)
           return;
         }
 
-      if (memcmp (tv[i].tag, out, taglen2))
-        fail ("aes-gcm, encrypt tag mismatch entry %d\n", i);
+      if ((memcmp (tv[i].tag, out, taglen2) == 0) == tv[i].bad_tag)
+	{
+	  if (!tv[i].bad_tag)
+	    fail ("aes-gcm, encrypt tag mismatch entry %d\n", i);
+	  else
+	    fail ("aes-gcm, encrypt tag match bad-tag entry %d\n", i);
+	}
 
       err = gcry_cipher_checktag (hdd, out, taglen2);
       if (err)
@@ -1702,7 +1781,7 @@ _check_gcm_cipher (unsigned int step)
       err = gcry_cipher_gettag (hde, tag, taglen2);
       if (err)
         {
-          if (tv[i].should_fail)
+          if (tv[i].wrong_taglen)
             goto next_tv;
 
           fail ("aes-gcm, gcry_cipher_gettag(%d, %lu) (byte-buf) failed: %s\n",
@@ -1714,8 +1793,14 @@ _check_gcm_cipher (unsigned int step)
 
       taglen2 = tv[i].taglen ? tv[i].taglen : GCRY_GCM_BLOCK_LEN;
 
-      if (memcmp (tv[i].tag, tag, taglen2))
-        fail ("aes-gcm, encrypt tag mismatch entry %d, (byte-buf)\n", i);
+      if ((memcmp (tv[i].tag, tag, taglen2) == 0) == tv[i].bad_tag)
+	{
+	  if (!tv[i].bad_tag)
+	    fail ("aes-gcm, encrypt tag mismatch entry %d, (byte-buf)\n", i);
+	  else
+	    fail ("aes-gcm, encrypt tag match bad-tag entry %d, (byte-buf)\n",
+		  i);
+	}
 
       for (byteNum = 0; byteNum < tv[i].inlen; ++byteNum)
         {
@@ -1733,9 +1818,12 @@ _check_gcm_cipher (unsigned int step)
       if (memcmp (tv[i].plaintext, out, tv[i].inlen))
         fail ("aes-gcm, decrypt mismatch entry %d\n", i);
 
-      err = gcry_cipher_checktag (hdd, tag, taglen2);
+      err = gcry_cipher_checktag (hdd, tv[i].tag, taglen2);
       if (err)
         {
+          if (tv[i].bad_tag)
+            goto next_tv;
+
           fail ("aes-gcm, gcry_cipher_checktag(%d) (byte-buf) failed: %s\n",
                 i, gpg_strerror (err));
           gcry_cipher_close (hde);
@@ -1762,7 +1850,7 @@ _check_gcm_cipher (unsigned int step)
           return;
         }
 
-      if (tv[i].should_fail)
+      if (tv[i].wrong_taglen || tv[i].bad_tag)
         {
           fail ("aes-gcm, negative test succeeded %d\n", i);
           gcry_cipher_close (hde);




More information about the Gcrypt-devel mailing list