[PATCH] tests/basic: add invalid-tag negative tests for GCM
Jussi Kivilinna
jussi.kivilinna at iki.fi
Fri Jan 6 14:29:36 CET 2017
* tests/basic.c (_check_gcm_cipher): Add invalid-tag tests.
--
Signed-off-by: Jussi Kivilinna <jussi.kivilinna at iki.fi>
---
0 files changed
diff --git a/tests/basic.c b/tests/basic.c
index 6d086b5..89ea3d5 100644
--- a/tests/basic.c
+++ b/tests/basic.c
@@ -1263,7 +1263,8 @@ _check_gcm_cipher (unsigned int step)
char out[MAX_DATA_LEN];
char tag[MAX_DATA_LEN];
int taglen;
- int should_fail;
+ int wrong_taglen;
+ int bad_tag;
} tv[] =
{
/* http://csrc.nist.gov/groups/ST/toolkit/BCM/documents/proposedmodes/gcm/gcm-revised-spec.pdf */
@@ -1454,7 +1455,80 @@ _check_gcm_cipher (unsigned int step)
"\xee\xb2\xb2\x2a\xaf\xde\x64\x19\xa0\x58\xab\x4f\x6f\x74\x6b\xf4"
"\x0f\xc0\xc3\xb7\x80\xf2\x44\x45\x2d\xa3\xeb\xf1\xc5\xd8\x2c\xde"
"\xa2\x41\x89\x97\x20\x0e\xf8\x2e\x44\xae\x7e\x3f",
- "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" }
+ "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a" },
+ /* negative tests, invalid tag. */
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\xa4\x4a\x82\x66\xee\x1c\x8e\xb0\xc8\xb5\xd4\xcf\x5a\xe9\xf1\x9a",
+ 16, 0, 1 },
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\xd8\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5a",
+ 16, 0, 1 },
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\x58\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5b",
+ 16, 0, 1 },
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\xd8\xe2\xfc\xce\xfa\x7e\x30\x61\x36\x7f\x1d\x57\xa4\xe7\x45\x5b",
+ 16, 0, 1 },
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\x58\xe2\xfc\xce\xfa\x7e\x30\xFF\x36\x7f\x1d\x57\xa4\xe7\x45\x5a",
+ 16, 0, 1 },
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\x58\xe2\xfc\xce\xfa\x7e\x30\xFF\xFF\x7f\x1d\x57\xa4\xe7\x45\x5a",
+ 16, 0, 1 },
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\x58\xe2\xfc\xce\xfa\x7e\x30\xFF\x36\x7f\x1d\x57\xa4\xe7\x45\xFF",
+ 16, 0, 1 },
+ { GCRY_CIPHER_AES,
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00",
+ "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00", 12,
+ "", 0,
+ "",
+ 0,
+ "",
+ "\xFF\xe2\xfc\xce\xfa\x7e\x30\x61\xFF\x7f\x1d\x57\xa4\xe7\x45\x5a",
+ 16, 0, 1 },
};
gcry_cipher_hd_t hde, hdd;
@@ -1607,7 +1681,7 @@ _check_gcm_cipher (unsigned int step)
err = gcry_cipher_gettag (hde, out, taglen2);
if (err)
{
- if (tv[i].should_fail)
+ if (tv[i].wrong_taglen)
goto next_tv;
fail ("aes-gcm, gcry_cipher_gettag(%d) failed: %s\n",
@@ -1617,8 +1691,13 @@ _check_gcm_cipher (unsigned int step)
return;
}
- if (memcmp (tv[i].tag, out, taglen2))
- fail ("aes-gcm, encrypt tag mismatch entry %d\n", i);
+ if ((memcmp (tv[i].tag, out, taglen2) == 0) == tv[i].bad_tag)
+ {
+ if (!tv[i].bad_tag)
+ fail ("aes-gcm, encrypt tag mismatch entry %d\n", i);
+ else
+ fail ("aes-gcm, encrypt tag match bad-tag entry %d\n", i);
+ }
err = gcry_cipher_checktag (hdd, out, taglen2);
if (err)
@@ -1702,7 +1781,7 @@ _check_gcm_cipher (unsigned int step)
err = gcry_cipher_gettag (hde, tag, taglen2);
if (err)
{
- if (tv[i].should_fail)
+ if (tv[i].wrong_taglen)
goto next_tv;
fail ("aes-gcm, gcry_cipher_gettag(%d, %lu) (byte-buf) failed: %s\n",
@@ -1714,8 +1793,14 @@ _check_gcm_cipher (unsigned int step)
taglen2 = tv[i].taglen ? tv[i].taglen : GCRY_GCM_BLOCK_LEN;
- if (memcmp (tv[i].tag, tag, taglen2))
- fail ("aes-gcm, encrypt tag mismatch entry %d, (byte-buf)\n", i);
+ if ((memcmp (tv[i].tag, tag, taglen2) == 0) == tv[i].bad_tag)
+ {
+ if (!tv[i].bad_tag)
+ fail ("aes-gcm, encrypt tag mismatch entry %d, (byte-buf)\n", i);
+ else
+ fail ("aes-gcm, encrypt tag match bad-tag entry %d, (byte-buf)\n",
+ i);
+ }
for (byteNum = 0; byteNum < tv[i].inlen; ++byteNum)
{
@@ -1733,9 +1818,12 @@ _check_gcm_cipher (unsigned int step)
if (memcmp (tv[i].plaintext, out, tv[i].inlen))
fail ("aes-gcm, decrypt mismatch entry %d\n", i);
- err = gcry_cipher_checktag (hdd, tag, taglen2);
+ err = gcry_cipher_checktag (hdd, tv[i].tag, taglen2);
if (err)
{
+ if (tv[i].bad_tag)
+ goto next_tv;
+
fail ("aes-gcm, gcry_cipher_checktag(%d) (byte-buf) failed: %s\n",
i, gpg_strerror (err));
gcry_cipher_close (hde);
@@ -1762,7 +1850,7 @@ _check_gcm_cipher (unsigned int step)
return;
}
- if (tv[i].should_fail)
+ if (tv[i].wrong_taglen || tv[i].bad_tag)
{
fail ("aes-gcm, negative test succeeded %d\n", i);
gcry_cipher_close (hde);
More information about the Gcrypt-devel
mailing list