kopia lustrzana https://github.com/espressif/esp-idf
ci(mbedtls/gcm): Added test to verify software fallback for non-AES cipher GCM operations
harshal.patil
rodzic
2c85399da0
commit
77ffead00a
|
|
@ -0,0 +1,144 @@
|
|||
/*
|
||||
* SPDX-FileCopyrightText: 2023 Espressif Systems (Shanghai) CO LTD
|
||||
*
|
||||
* SPDX-License-Identifier: Unlicense OR CC0-1.0
|
||||
*/
|
||||
#include <stdio.h>
|
||||
#include <string.h>
|
||||
#include "sys/param.h"
|
||||
#include "esp_heap_caps.h"
|
||||
#include "mbedtls/gcm.h"
|
||||
#include "sdkconfig.h"
|
||||
#include "unity.h"
|
||||
|
||||
|
||||
#if CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER
|
||||
|
||||
typedef struct {
|
||||
uint8_t *plaintext;
|
||||
size_t plaintext_length;
|
||||
uint8_t *aad_buf;
|
||||
size_t aad_length;
|
||||
uint8_t *iv;
|
||||
size_t iv_length;
|
||||
uint8_t *key;
|
||||
size_t key_bits;
|
||||
size_t tag_len;
|
||||
} gcm_test_cfg_t;
|
||||
|
||||
typedef struct {
|
||||
const uint8_t *expected_tag;
|
||||
const uint8_t *ciphertext_last_block; // Last block of the ciphertext
|
||||
} gcm_test_expected_res_t;
|
||||
|
||||
typedef enum {
|
||||
GCM_TEST_CRYPT_N_TAG,
|
||||
GCM_TEST_START_UPDATE_FINISH,
|
||||
} gcm_test_type_t;
|
||||
|
||||
static void gcm_test(gcm_test_cfg_t *cfg, gcm_test_expected_res_t *res, gcm_test_type_t gcm_type)
|
||||
{
|
||||
mbedtls_gcm_context ctx;
|
||||
mbedtls_cipher_id_t cipher = MBEDTLS_CIPHER_ID_ARIA;
|
||||
|
||||
uint8_t tag_buf_encrypt[16] = {};
|
||||
uint8_t tag_buf_decrypt[16] = {};
|
||||
uint8_t iv_buf[16] = {};
|
||||
uint8_t *ciphertext = malloc(cfg->plaintext_length);
|
||||
uint8_t *output = malloc(cfg->plaintext_length);
|
||||
size_t olen;
|
||||
|
||||
if (cfg->plaintext_length != 0) {
|
||||
TEST_ASSERT_NOT_NULL(ciphertext);
|
||||
TEST_ASSERT_NOT_NULL(output);
|
||||
}
|
||||
|
||||
memset(ciphertext, 0, cfg->plaintext_length);
|
||||
memset(output, 0, cfg->plaintext_length);
|
||||
memcpy(iv_buf, cfg->iv, cfg->iv_length);
|
||||
|
||||
mbedtls_gcm_init(&ctx);
|
||||
TEST_ASSERT(mbedtls_gcm_setkey(&ctx, cipher, cfg->key, cfg->key_bits) == 0);
|
||||
|
||||
if (gcm_type == GCM_TEST_CRYPT_N_TAG) {
|
||||
mbedtls_gcm_crypt_and_tag(&ctx, MBEDTLS_GCM_ENCRYPT, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->aad_buf, cfg->aad_length, cfg->plaintext, ciphertext, cfg->tag_len, tag_buf_encrypt);
|
||||
} else if (gcm_type == GCM_TEST_START_UPDATE_FINISH) {
|
||||
TEST_ASSERT(mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_ENCRYPT, iv_buf, cfg->iv_length) == 0);
|
||||
TEST_ASSERT(mbedtls_gcm_update_ad(&ctx, cfg->aad_buf, cfg->aad_length) == 0);
|
||||
TEST_ASSERT(mbedtls_gcm_update(&ctx, cfg->plaintext, cfg->plaintext_length, ciphertext, cfg->plaintext_length, &olen) == 0);
|
||||
TEST_ASSERT(mbedtls_gcm_finish(&ctx, ciphertext, cfg->plaintext_length, &olen, tag_buf_encrypt, cfg->tag_len) == 0);
|
||||
}
|
||||
|
||||
size_t offset = cfg->plaintext_length > 16 ? cfg->plaintext_length - 16 : 0;
|
||||
/* Sanity check: make sure the last ciphertext block matches what we expect to see. */
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(res->ciphertext_last_block, ciphertext + offset, MIN(16, cfg->plaintext_length));
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(res->expected_tag, tag_buf_encrypt, cfg->tag_len);
|
||||
|
||||
|
||||
if (gcm_type == GCM_TEST_CRYPT_N_TAG) {
|
||||
TEST_ASSERT(mbedtls_gcm_auth_decrypt(&ctx, cfg->plaintext_length, iv_buf, cfg->iv_length, cfg->aad_buf, cfg->aad_length, res->expected_tag, cfg->tag_len, ciphertext, output) == 0);
|
||||
} else if (gcm_type == GCM_TEST_START_UPDATE_FINISH) {
|
||||
TEST_ASSERT(mbedtls_gcm_starts(&ctx, MBEDTLS_GCM_DECRYPT, iv_buf, cfg->iv_length) == 0);
|
||||
TEST_ASSERT(mbedtls_gcm_update_ad(&ctx, cfg->aad_buf, cfg->aad_length) == 0);
|
||||
TEST_ASSERT(mbedtls_gcm_update(&ctx, ciphertext, cfg->plaintext_length, output, cfg->plaintext_length, &olen) == 0);
|
||||
TEST_ASSERT(mbedtls_gcm_finish(&ctx, output, cfg->plaintext_length, &olen, tag_buf_decrypt, cfg->tag_len) == 0);
|
||||
|
||||
/* mbedtls_gcm_auth_decrypt already checks tag so only needed for GCM_TEST_START_UPDATE_FINISH */
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(res->expected_tag, tag_buf_decrypt, cfg->tag_len);
|
||||
}
|
||||
|
||||
TEST_ASSERT_EQUAL_HEX8_ARRAY(cfg->plaintext, output, cfg->plaintext_length);
|
||||
|
||||
mbedtls_gcm_free(&ctx);
|
||||
free(ciphertext);
|
||||
free(output);
|
||||
}
|
||||
|
||||
|
||||
TEST_CASE("mbedtls ARIA GCM test", "[gcm]")
|
||||
{
|
||||
const unsigned SZ = 1600;
|
||||
uint8_t aad[16];
|
||||
uint8_t iv[16];
|
||||
uint8_t key[16];
|
||||
|
||||
const uint8_t expected_last_block[] = {
|
||||
0xbe, 0x96, 0xf1, 0x57, 0x34, 0x07, 0x3f, 0x9d,
|
||||
0x87, 0x6b, 0x39, 0x22, 0xe4, 0xef, 0xff, 0xf0,
|
||||
};
|
||||
const uint8_t expected_tag[] = {
|
||||
0xef, 0x4e, 0xa8, 0x24, 0x07, 0x65, 0x36, 0x12,
|
||||
0xb1, 0xde, 0x7e, 0x23, 0xda, 0xea, 0x7c, 0x6b,
|
||||
};
|
||||
|
||||
uint8_t *plaintext = malloc(SZ);
|
||||
TEST_ASSERT_NOT_NULL(plaintext);
|
||||
|
||||
memset(plaintext, 0xAA, SZ);
|
||||
memset(iv, 0xEE, 16);
|
||||
memset(key, 0x44, 16);
|
||||
memset(aad, 0x76, 16);
|
||||
|
||||
gcm_test_cfg_t cfg = {
|
||||
.plaintext = plaintext,
|
||||
.plaintext_length = SZ,
|
||||
.iv = iv,
|
||||
.iv_length = sizeof(iv),
|
||||
.key = key,
|
||||
.key_bits = 8 * sizeof(key),
|
||||
.aad_buf = aad,
|
||||
.aad_length = sizeof(aad),
|
||||
.tag_len = 16
|
||||
};
|
||||
|
||||
gcm_test_expected_res_t res = {
|
||||
.expected_tag = expected_tag,
|
||||
.ciphertext_last_block = expected_last_block,
|
||||
};
|
||||
|
||||
gcm_test(&cfg, &res, GCM_TEST_CRYPT_N_TAG);
|
||||
gcm_test(&cfg, &res, GCM_TEST_START_UPDATE_FINISH);
|
||||
free(plaintext);
|
||||
}
|
||||
|
||||
#endif /* CONFIG_MBEDTLS_GCM_SUPPORT_NON_AES_CIPHER */
|
||||
Ładowanie…
Reference in New Issue