mirror of https://github.com/wolfSSL/wolfssl
Unit test GCM sanity check Fips change.
This commit is contained in:
jrblixt
parent
e9f87b9f33
commit
f8e2f596d6
103
tests/api.c
103
tests/api.c
|
|
@ -6127,7 +6127,7 @@ static int test_wc_AesGcmEncryptDecrypt (void)
|
|||
0xab, 0xad, 0xda, 0xd2
|
||||
};
|
||||
byte iv[] = "1234567890a";
|
||||
byte badIV[] = "1234567890abcde";
|
||||
byte longIV[] = "1234567890abcdefghij";
|
||||
byte enc[sizeof(vector)];
|
||||
byte resultT[AES_BLOCK_SIZE];
|
||||
byte dec[sizeof(vector)];
|
||||
|
|
@ -6142,17 +6142,16 @@ static int test_wc_AesGcmEncryptDecrypt (void)
|
|||
|
||||
ret = wc_AesGcmSetKey(&aes, key32, sizeof(key32)/sizeof(byte));
|
||||
if (ret == 0) {
|
||||
ret = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
|
||||
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (ret == 0) { /* If encrypt fails, no decrypt. */
|
||||
gcmE = 0;
|
||||
ret = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
|
||||
if (gcmE == 0) { /* If encrypt fails, no decrypt. */
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(vector),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
if(ret == 0 || (XMEMCMP(vector, dec, sizeof(vector)) == 0)) {
|
||||
gcmD = 0;
|
||||
if(gcmD == 0 && (XMEMCMP(vector, dec, sizeof(vector)) != 0)) {
|
||||
gcmD = SSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
printf(testingFmt, "wc_AesGcmEncrypt()");
|
||||
|
|
@ -6172,65 +6171,61 @@ static int test_wc_AesGcmEncryptDecrypt (void)
|
|||
resultT, sizeof(resultT) - 5, a, sizeof(a));
|
||||
}
|
||||
if (gcmE == BAD_FUNC_ARG) {
|
||||
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), badIV,
|
||||
sizeof(badIV)/sizeof(byte), resultT, sizeof(resultT),
|
||||
gcmE = wc_AesGcmEncrypt(&aes, enc, vector, sizeof(vector), longIV,
|
||||
sizeof(longIV)/sizeof(byte), resultT, sizeof(resultT),
|
||||
a, sizeof(a));
|
||||
}
|
||||
#ifdef HAVE_FIPS
|
||||
if (gcmE == BAD_FUNC_ARG) {
|
||||
gcmE = 0;
|
||||
} else {
|
||||
gcmE = SSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
#ifdef HAVE_FIPS
|
||||
if (gcmE == BAD_FUNC_ARG) {
|
||||
gcmE = 0;
|
||||
} else {
|
||||
gcmE = SSL_FATAL_ERROR;
|
||||
}
|
||||
#endif
|
||||
} /* END wc_AesGcmEncrypt */
|
||||
|
||||
printf(resultFmt, gcmE == 0 ? passed : failed);
|
||||
printf(testingFmt, "wc_AesGcmDecrypt()");
|
||||
#ifdef HAVE_AES_DECRYPT
|
||||
printf(testingFmt, "wc_AesGcmDecrypt()");
|
||||
|
||||
if (gcmD == 0) {
|
||||
gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
NULL, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), NULL,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, 0, iv,
|
||||
sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT) + 1, a, sizeof(a));
|
||||
if (gcmD == 0) {
|
||||
gcmD = wc_AesGcmDecrypt(NULL, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, NULL, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, NULL, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
NULL, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), NULL,
|
||||
sizeof(resultT), a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = wc_AesGcmDecrypt(&aes, dec, enc, sizeof(enc)/sizeof(byte),
|
||||
iv, sizeof(iv)/sizeof(byte), resultT,
|
||||
sizeof(resultT) + 1, a, sizeof(a));
|
||||
}
|
||||
if (gcmD == BAD_FUNC_ARG) {
|
||||
gcmD = 0;
|
||||
} else {
|
||||
gcmD = SSL_FATAL_ERROR;
|
||||
}
|
||||
}
|
||||
} /* END wc_AesGcmDecrypt */
|
||||
|
||||
printf(resultFmt, gcmD == 0 ? passed : failed);
|
||||
} /* END wc_AesGcmDecrypt */
|
||||
|
||||
printf(resultFmt, gcmD == 0 ? passed : failed);
|
||||
#endif /* HAVE_AES_DECRYPT */
|
||||
#endif
|
||||
return 0;
|
||||
|
||||
|
|
|
|||
|
|
@ -121,8 +121,8 @@
|
|||
const byte* authIn, word32 authInSz)
|
||||
{
|
||||
if (aes == NULL || authTagSz > AES_BLOCK_SIZE
|
||||
|| ivSz != WOLFSSL_MIN_AUTH_TAG_SZ
|
||||
|| authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ) {
|
||||
|| authTagSz < WOLFSSL_MIN_AUTH_TAG_SZ ||
|
||||
ivSz > AES_BLOCK_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
|
@ -136,10 +136,9 @@
|
|||
const byte* authTag, word32 authTagSz,
|
||||
const byte* authIn, word32 authInSz)
|
||||
{
|
||||
if (aes == NULL || out == NULL || in == NULL || sz == 0
|
||||
|| iv == NULL || authTag == NULL
|
||||
|| ivSz != WOLFSSL_MIN_AUTH_TAG_SZ
|
||||
||authTagSz > AES_BLOCK_SIZE) {
|
||||
if (aes == NULL || out == NULL || in == NULL || iv == NULL
|
||||
|| authTag == NULL || authTagSz > AES_BLOCK_SIZE ||
|
||||
ivSz > AES_BLOCK_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
||||
|
|
@ -4753,7 +4752,7 @@ int wc_AesGcmDecrypt(Aes* aes, byte* out, const byte* in, word32 sz,
|
|||
#endif
|
||||
|
||||
/* argument checks */
|
||||
if (aes == NULL || out == NULL || in == NULL || sz == 0 || iv == NULL ||
|
||||
if (aes == NULL || out == NULL || in == NULL || iv == NULL ||
|
||||
authTag == NULL || authTagSz > AES_BLOCK_SIZE) {
|
||||
return BAD_FUNC_ARG;
|
||||
}
|
||||
|
|
|
|||
Loading…
Reference in New Issue