mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-22 22:35:43 +01:00
Add parameter validation for the GCM module
This commit is contained in:
parent
54b789aa74
commit
8ffc92a1e8
@ -85,7 +85,7 @@ mbedtls_gcm_context;
|
|||||||
* cipher, nor set the key. For this purpose, use
|
* cipher, nor set the key. For this purpose, use
|
||||||
* mbedtls_gcm_setkey().
|
* mbedtls_gcm_setkey().
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context to initialize.
|
* \param ctx The GCM context to initialize. This must not be \c NULL.
|
||||||
*/
|
*/
|
||||||
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
||||||
|
|
||||||
@ -93,9 +93,10 @@ void mbedtls_gcm_init( mbedtls_gcm_context *ctx );
|
|||||||
* \brief This function associates a GCM context with a
|
* \brief This function associates a GCM context with a
|
||||||
* cipher algorithm and a key.
|
* cipher algorithm and a key.
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context to initialize.
|
* \param ctx The GCM context. This must be initialized.
|
||||||
* \param cipher The 128-bit block cipher to use.
|
* \param cipher The 128-bit block cipher to use.
|
||||||
* \param key The encryption key.
|
* \param key The encryption key. This must be a readable buffer of at
|
||||||
|
* least \p keybits bits.
|
||||||
* \param keybits The key size in bits. Valid options are:
|
* \param keybits The key size in bits. Valid options are:
|
||||||
* <ul><li>128 bits</li>
|
* <ul><li>128 bits</li>
|
||||||
* <li>192 bits</li>
|
* <li>192 bits</li>
|
||||||
@ -122,7 +123,8 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||||||
* authentic. You should use this function to perform encryption
|
* authentic. You should use this function to perform encryption
|
||||||
* only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
|
* only. For decryption, use mbedtls_gcm_auth_decrypt() instead.
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context to use for encryption or decryption.
|
* \param ctx The GCM context to use for encryption or decryption. This
|
||||||
|
* must be initialized.
|
||||||
* \param mode The operation to perform:
|
* \param mode The operation to perform:
|
||||||
* - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
|
* - #MBEDTLS_GCM_ENCRYPT to perform authenticated encryption.
|
||||||
* The ciphertext is written to \p output and the
|
* The ciphertext is written to \p output and the
|
||||||
@ -136,21 +138,28 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||||||
* calling this function in decryption mode.
|
* calling this function in decryption mode.
|
||||||
* \param length The length of the input data, which is equal to the length
|
* \param length The length of the input data, which is equal to the length
|
||||||
* of the output data.
|
* of the output data.
|
||||||
* \param iv The initialization vector.
|
* \param iv The initialization vector. This must be a readable buffer of
|
||||||
|
* at least \p iv_len Bytes.
|
||||||
* \param iv_len The length of the IV.
|
* \param iv_len The length of the IV.
|
||||||
* \param add The buffer holding the additional data.
|
* \param add The buffer holding the additional data. If \p add_len is
|
||||||
|
* greater than zero, this must be of at least that size in
|
||||||
|
* Bytes.
|
||||||
* \param add_len The length of the additional data.
|
* \param add_len The length of the additional data.
|
||||||
* \param input The buffer holding the input data. Its size is \b length.
|
* \param input The buffer holding the input data. If \p length is greater
|
||||||
* \param output The buffer for holding the output data. It must have room
|
* than zero, this must be a readable buffer of at least that
|
||||||
* for \b length bytes.
|
* size in Bytes.
|
||||||
|
* \param output The buffer for holding the output data. If \p length is greater
|
||||||
|
* than zero, this must be a writable buffer of at least that
|
||||||
|
* size in Bytes.
|
||||||
* \param tag_len The length of the tag to generate.
|
* \param tag_len The length of the tag to generate.
|
||||||
* \param tag The buffer for holding the tag.
|
* \param tag The buffer for holding the tag. This must be a readable
|
||||||
|
* buffer of at least \p tag_len Bytes.
|
||||||
*
|
*
|
||||||
* \return \c 0 if the encryption or decryption was performed
|
* \return \c 0 if the encryption or decryption was performed
|
||||||
* successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
|
* successfully. Note that in #MBEDTLS_GCM_DECRYPT mode,
|
||||||
* this does not indicate that the data is authentic.
|
* this does not indicate that the data is authentic.
|
||||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or
|
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
|
||||||
* a cipher-specific error code if the encryption
|
* not valid or a cipher-specific error code if the encryption
|
||||||
* or decryption failed.
|
* or decryption failed.
|
||||||
*/
|
*/
|
||||||
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
||||||
@ -173,23 +182,31 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||||||
* input buffer. If the buffers overlap, the output buffer
|
* input buffer. If the buffers overlap, the output buffer
|
||||||
* must trail at least 8 Bytes behind the input buffer.
|
* must trail at least 8 Bytes behind the input buffer.
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context.
|
* \param ctx The GCM context. This must be initialized.
|
||||||
* \param length The length of the ciphertext to decrypt, which is also
|
* \param length The length of the ciphertext to decrypt, which is also
|
||||||
* the length of the decrypted plaintext.
|
* the length of the decrypted plaintext.
|
||||||
* \param iv The initialization vector.
|
* \param iv The initialization vector. This must be a readable buffer
|
||||||
|
* of at least \p iv_len Bytes.
|
||||||
* \param iv_len The length of the IV.
|
* \param iv_len The length of the IV.
|
||||||
* \param add The buffer holding the additional data.
|
* \param add The buffer holding the additional data. If \p add_len is
|
||||||
|
* greater than zero, this must be of at least that size in
|
||||||
|
* Bytes.
|
||||||
* \param add_len The length of the additional data.
|
* \param add_len The length of the additional data.
|
||||||
* \param tag The buffer holding the tag to verify.
|
* \param tag The buffer holding the tag to verify. This must be a
|
||||||
|
* readable buffer of at least \p tag_len Bytes.
|
||||||
* \param tag_len The length of the tag to verify.
|
* \param tag_len The length of the tag to verify.
|
||||||
* \param input The buffer holding the ciphertext. Its size is \b length.
|
* \param input The buffer holding the ciphertext. If \p length is greater
|
||||||
* \param output The buffer for holding the decrypted plaintext. It must
|
* than zero, this must be a readable buffer of at least that
|
||||||
* have room for \b length bytes.
|
* size.
|
||||||
|
* \param output The buffer for holding the decrypted plaintext. If \p length
|
||||||
|
* is greater than zero, this must be a writable buffer of at
|
||||||
|
* least that size.
|
||||||
*
|
*
|
||||||
* \return \c 0 if successful and authenticated.
|
* \return \c 0 if successful and authenticated.
|
||||||
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
|
* \return #MBEDTLS_ERR_GCM_AUTH_FAILED if the tag does not match.
|
||||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths are not valid or
|
* \return #MBEDTLS_ERR_GCM_BAD_INPUT if the lengths or pointers are
|
||||||
* a cipher-specific error code if the decryption failed.
|
* not valid or a cipher-specific error code if the decryption
|
||||||
|
* failed.
|
||||||
*/
|
*/
|
||||||
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
||||||
size_t length,
|
size_t length,
|
||||||
@ -206,15 +223,16 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||||||
* \brief This function starts a GCM encryption or decryption
|
* \brief This function starts a GCM encryption or decryption
|
||||||
* operation.
|
* operation.
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context.
|
* \param ctx The GCM context. This must be initialized.
|
||||||
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
* \param mode The operation to perform: #MBEDTLS_GCM_ENCRYPT or
|
||||||
* #MBEDTLS_GCM_DECRYPT.
|
* #MBEDTLS_GCM_DECRYPT.
|
||||||
* \param iv The initialization vector.
|
* \param iv The initialization vector. This must be a readable buffer of
|
||||||
|
* at least \p iv_len Bytes.
|
||||||
* \param iv_len The length of the IV.
|
* \param iv_len The length of the IV.
|
||||||
* \param add The buffer holding the additional data, or NULL
|
* \param add The buffer holding the additional data, or NULL
|
||||||
* if \p add_len is 0.
|
* if \p add_len is 0.
|
||||||
* \param add_len The length of the additional data. If 0,
|
* \param add_len The length of the additional data. If 0,
|
||||||
* \p add is NULL.
|
* \p add may be NULL.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
*/
|
*/
|
||||||
@ -237,11 +255,15 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||||||
* input buffer. If the buffers overlap, the output buffer
|
* input buffer. If the buffers overlap, the output buffer
|
||||||
* must trail at least 8 Bytes behind the input buffer.
|
* must trail at least 8 Bytes behind the input buffer.
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context.
|
* \param ctx The GCM context. This must be initialized.
|
||||||
* \param length The length of the input data. This must be a multiple of
|
* \param length The length of the input data. This must be a multiple of
|
||||||
* 16 except in the last call before mbedtls_gcm_finish().
|
* 16 except in the last call before mbedtls_gcm_finish().
|
||||||
* \param input The buffer holding the input data.
|
* \param input The buffer holding the input data. If \p length is greater
|
||||||
* \param output The buffer for holding the output data.
|
* than zero, this must be a readable buffer of at least that
|
||||||
|
* size in Bytes.
|
||||||
|
* \param output The buffer for holding the output data. If \p length is
|
||||||
|
* greater than zero, this must be a writable buffer of at
|
||||||
|
* least that size in Bytes.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||||
@ -258,9 +280,11 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||||||
* It wraps up the GCM stream, and generates the
|
* It wraps up the GCM stream, and generates the
|
||||||
* tag. The tag can have a maximum length of 16 Bytes.
|
* tag. The tag can have a maximum length of 16 Bytes.
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context.
|
* \param ctx The GCM context. This must be initialized.
|
||||||
* \param tag The buffer for holding the tag.
|
* \param tag The buffer for holding the tag. This must be a readable
|
||||||
* \param tag_len The length of the tag to generate. Must be at least four.
|
* buffer of at least \p tag_len Bytes.
|
||||||
|
* \param tag_len The length of the tag to generate. This must be at least
|
||||||
|
* four.
|
||||||
*
|
*
|
||||||
* \return \c 0 on success.
|
* \return \c 0 on success.
|
||||||
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
* \return #MBEDTLS_ERR_GCM_BAD_INPUT on failure.
|
||||||
@ -273,7 +297,8 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
|||||||
* \brief This function clears a GCM context and the underlying
|
* \brief This function clears a GCM context and the underlying
|
||||||
* cipher sub-context.
|
* cipher sub-context.
|
||||||
*
|
*
|
||||||
* \param ctx The GCM context to clear.
|
* \param ctx The GCM context to clear. If this is \c NULL, the call has
|
||||||
|
* no effect.
|
||||||
*/
|
*/
|
||||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
void mbedtls_gcm_free( mbedtls_gcm_context *ctx );
|
||||||
|
|
||||||
|
@ -57,6 +57,12 @@
|
|||||||
|
|
||||||
#if !defined(MBEDTLS_GCM_ALT)
|
#if !defined(MBEDTLS_GCM_ALT)
|
||||||
|
|
||||||
|
/* Parameter validation macros */
|
||||||
|
#define GCM_VALIDATE_RET( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE_RET( cond, MBEDTLS_ERR_GCM_BAD_INPUT )
|
||||||
|
#define GCM_VALIDATE( cond ) \
|
||||||
|
MBEDTLS_INTERNAL_VALIDATE( cond )
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* 32-bit integer manipulation macros (big endian)
|
* 32-bit integer manipulation macros (big endian)
|
||||||
*/
|
*/
|
||||||
@ -85,6 +91,7 @@
|
|||||||
*/
|
*/
|
||||||
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
|
void mbedtls_gcm_init( mbedtls_gcm_context *ctx )
|
||||||
{
|
{
|
||||||
|
GCM_VALIDATE( ctx != NULL );
|
||||||
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
|
memset( ctx, 0, sizeof( mbedtls_gcm_context ) );
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -164,6 +171,10 @@ int mbedtls_gcm_setkey( mbedtls_gcm_context *ctx,
|
|||||||
int ret;
|
int ret;
|
||||||
const mbedtls_cipher_info_t *cipher_info;
|
const mbedtls_cipher_info_t *cipher_info;
|
||||||
|
|
||||||
|
GCM_VALIDATE_RET( ctx != NULL );
|
||||||
|
GCM_VALIDATE_RET( key != NULL );
|
||||||
|
GCM_VALIDATE_RET( keybits == 128 || keybits == 192 || keybits == 256 );
|
||||||
|
|
||||||
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
|
cipher_info = mbedtls_cipher_info_from_values( cipher, keybits, MBEDTLS_MODE_ECB );
|
||||||
if( cipher_info == NULL )
|
if( cipher_info == NULL )
|
||||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
@ -274,6 +285,10 @@ int mbedtls_gcm_starts( mbedtls_gcm_context *ctx,
|
|||||||
const unsigned char *p;
|
const unsigned char *p;
|
||||||
size_t use_len, olen = 0;
|
size_t use_len, olen = 0;
|
||||||
|
|
||||||
|
GCM_VALIDATE_RET( ctx != NULL );
|
||||||
|
GCM_VALIDATE_RET( iv != NULL );
|
||||||
|
GCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||||
|
|
||||||
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
|
/* IV and AD are limited to 2^64 bits, so 2^61 bytes */
|
||||||
/* IV is not allowed to be zero length */
|
/* IV is not allowed to be zero length */
|
||||||
if( iv_len == 0 ||
|
if( iv_len == 0 ||
|
||||||
@ -356,6 +371,10 @@ int mbedtls_gcm_update( mbedtls_gcm_context *ctx,
|
|||||||
unsigned char *out_p = output;
|
unsigned char *out_p = output;
|
||||||
size_t use_len, olen = 0;
|
size_t use_len, olen = 0;
|
||||||
|
|
||||||
|
GCM_VALIDATE_RET( ctx != NULL );
|
||||||
|
GCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||||
|
GCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||||
|
|
||||||
if( output > input && (size_t) ( output - input ) < length )
|
if( output > input && (size_t) ( output - input ) < length )
|
||||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
|
|
||||||
@ -409,8 +428,14 @@ int mbedtls_gcm_finish( mbedtls_gcm_context *ctx,
|
|||||||
{
|
{
|
||||||
unsigned char work_buf[16];
|
unsigned char work_buf[16];
|
||||||
size_t i;
|
size_t i;
|
||||||
uint64_t orig_len = ctx->len * 8;
|
uint64_t orig_len;
|
||||||
uint64_t orig_add_len = ctx->add_len * 8;
|
uint64_t orig_add_len;
|
||||||
|
|
||||||
|
GCM_VALIDATE_RET( ctx != NULL );
|
||||||
|
GCM_VALIDATE_RET( tag != NULL );
|
||||||
|
|
||||||
|
orig_len = ctx->len * 8;
|
||||||
|
orig_add_len = ctx->add_len * 8;
|
||||||
|
|
||||||
if( tag_len > 16 || tag_len < 4 )
|
if( tag_len > 16 || tag_len < 4 )
|
||||||
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
return( MBEDTLS_ERR_GCM_BAD_INPUT );
|
||||||
@ -452,6 +477,13 @@ int mbedtls_gcm_crypt_and_tag( mbedtls_gcm_context *ctx,
|
|||||||
{
|
{
|
||||||
int ret;
|
int ret;
|
||||||
|
|
||||||
|
GCM_VALIDATE_RET( ctx != NULL );
|
||||||
|
GCM_VALIDATE_RET( iv != NULL );
|
||||||
|
GCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||||
|
GCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||||
|
GCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||||
|
GCM_VALIDATE_RET( tag != NULL );
|
||||||
|
|
||||||
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
|
if( ( ret = mbedtls_gcm_starts( ctx, mode, iv, iv_len, add, add_len ) ) != 0 )
|
||||||
return( ret );
|
return( ret );
|
||||||
|
|
||||||
@ -480,6 +512,13 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||||||
size_t i;
|
size_t i;
|
||||||
int diff;
|
int diff;
|
||||||
|
|
||||||
|
GCM_VALIDATE_RET( ctx != NULL );
|
||||||
|
GCM_VALIDATE_RET( iv != NULL );
|
||||||
|
GCM_VALIDATE_RET( add_len == 0 || add != NULL );
|
||||||
|
GCM_VALIDATE_RET( tag != NULL );
|
||||||
|
GCM_VALIDATE_RET( length == 0 || input != NULL );
|
||||||
|
GCM_VALIDATE_RET( length == 0 || output != NULL );
|
||||||
|
|
||||||
if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
|
if( ( ret = mbedtls_gcm_crypt_and_tag( ctx, MBEDTLS_GCM_DECRYPT, length,
|
||||||
iv, iv_len, add, add_len,
|
iv, iv_len, add, add_len,
|
||||||
input, output, tag_len, check_tag ) ) != 0 )
|
input, output, tag_len, check_tag ) ) != 0 )
|
||||||
@ -502,6 +541,9 @@ int mbedtls_gcm_auth_decrypt( mbedtls_gcm_context *ctx,
|
|||||||
|
|
||||||
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
|
void mbedtls_gcm_free( mbedtls_gcm_context *ctx )
|
||||||
{
|
{
|
||||||
|
if( ctx == NULL ) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
mbedtls_cipher_free( &ctx->cipher_ctx );
|
mbedtls_cipher_free( &ctx->cipher_ctx );
|
||||||
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
|
mbedtls_platform_zeroize( ctx, sizeof( mbedtls_gcm_context ) );
|
||||||
}
|
}
|
||||||
|
@ -92,6 +92,7 @@ add_test_suite(gcm gcm.aes128_de)
|
|||||||
add_test_suite(gcm gcm.aes192_de)
|
add_test_suite(gcm gcm.aes192_de)
|
||||||
add_test_suite(gcm gcm.aes256_de)
|
add_test_suite(gcm gcm.aes256_de)
|
||||||
add_test_suite(gcm gcm.camellia)
|
add_test_suite(gcm gcm.camellia)
|
||||||
|
add_test_suite(gcm gcm.misc)
|
||||||
add_test_suite(hkdf)
|
add_test_suite(hkdf)
|
||||||
add_test_suite(hmac_drbg hmac_drbg.misc)
|
add_test_suite(hmac_drbg hmac_drbg.misc)
|
||||||
add_test_suite(hmac_drbg hmac_drbg.no_reseed)
|
add_test_suite(hmac_drbg hmac_drbg.no_reseed)
|
||||||
|
@ -632,4 +632,3 @@ int hexcmp( uint8_t * a, uint8_t * b, uint32_t a_len, uint32_t b_len )
|
|||||||
}
|
}
|
||||||
return ret;
|
return ret;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -103,6 +103,166 @@ exit:
|
|||||||
}
|
}
|
||||||
/* END_CASE */
|
/* END_CASE */
|
||||||
|
|
||||||
|
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
||||||
|
void gcm_invalid_param( )
|
||||||
|
{
|
||||||
|
mbedtls_gcm_context ctx;
|
||||||
|
unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 };
|
||||||
|
mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES;
|
||||||
|
int valid_mode = MBEDTLS_GCM_ENCRYPT;
|
||||||
|
int valid_len = sizeof(valid_buffer);
|
||||||
|
int valid_bitlen = 128, invalid_bitlen = 1;
|
||||||
|
|
||||||
|
mbedtls_gcm_init( &ctx );
|
||||||
|
|
||||||
|
/* mbedtls_gcm_init() */
|
||||||
|
TEST_INVALID_PARAM( mbedtls_gcm_init( NULL ) );
|
||||||
|
|
||||||
|
/* mbedtls_gcm_setkey */
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_setkey( &ctx, valid_cipher, valid_buffer, invalid_bitlen ) );
|
||||||
|
|
||||||
|
/* mbedtls_gcm_crypt_and_tag() */
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_crypt_and_tag( NULL, valid_mode, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_buffer,
|
||||||
|
valid_len, valid_buffer ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
|
||||||
|
NULL, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_buffer,
|
||||||
|
valid_len, valid_buffer ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
NULL, valid_len,
|
||||||
|
valid_buffer, valid_buffer,
|
||||||
|
valid_len, valid_buffer ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
NULL, valid_buffer,
|
||||||
|
valid_len, valid_buffer ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, NULL,
|
||||||
|
valid_len, valid_buffer ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_crypt_and_tag( &ctx, valid_mode, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_buffer,
|
||||||
|
valid_len, NULL ) );
|
||||||
|
|
||||||
|
/* mbedtls_gcm_auth_decrypt() */
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_auth_decrypt( NULL, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_buffer) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_auth_decrypt( &ctx, valid_len,
|
||||||
|
NULL, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_buffer) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_auth_decrypt( &ctx, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
NULL, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_buffer) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_auth_decrypt( &ctx, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
NULL, valid_len,
|
||||||
|
valid_buffer, valid_buffer) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_auth_decrypt( &ctx, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
NULL, valid_buffer) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_auth_decrypt( &ctx, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, NULL) );
|
||||||
|
|
||||||
|
/* mbedtls_gcm_starts() */
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_starts( NULL, valid_mode,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
valid_buffer, valid_len ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_starts( &ctx, valid_mode,
|
||||||
|
NULL, valid_len,
|
||||||
|
valid_buffer, valid_len ) );
|
||||||
|
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_starts( &ctx, valid_mode,
|
||||||
|
valid_buffer, valid_len,
|
||||||
|
NULL, valid_len ) );
|
||||||
|
|
||||||
|
/* mbedtls_gcm_update() */
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_update( NULL, valid_len,
|
||||||
|
valid_buffer, valid_buffer ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_update( &ctx, valid_len,
|
||||||
|
NULL, valid_buffer ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_update( &ctx, valid_len,
|
||||||
|
valid_buffer, NULL ) );
|
||||||
|
|
||||||
|
/* mbedtls_gcm_finish() */
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_finish( NULL, valid_buffer, valid_len ) );
|
||||||
|
TEST_INVALID_PARAM_RET(
|
||||||
|
MBEDTLS_ERR_GCM_BAD_INPUT,
|
||||||
|
mbedtls_gcm_finish( &ctx, NULL, valid_len ) );
|
||||||
|
|
||||||
|
exit:
|
||||||
|
mbedtls_gcm_free( &ctx );
|
||||||
|
}
|
||||||
|
/* END_CASE */
|
||||||
|
|
||||||
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
||||||
void gcm_selftest( )
|
void gcm_selftest( )
|
||||||
{
|
{
|
||||||
|
2
tests/suites/test_suite_gcm.misc.data
Normal file
2
tests/suites/test_suite_gcm.misc.data
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
GCM - Invalid parameters
|
||||||
|
gcm_invalid_param:
|
Loading…
Reference in New Issue
Block a user