- Added base Galois/Counter mode (GCM) for AES

2026-01-08 15:39:22 +01:00 · 2012-03-20 13:50:09 +00:00 · 2012-03-20 13:50:09 +00:00 · 89e80c9a43
commit 89e80c9a43
parent b6ad62dd21
16 changed files with 4158 additions and 4 deletions
--- a/tests/CMakeLists.txt
+++ b/tests/CMakeLists.txt
@ -40,6 +40,8 @@ add_test_suite(debug)
 add_test_suite(des)
 add_test_suite(dhm)
 add_test_suite(error)
+add_test_suite(gcm gcm.encrypt)
+add_test_suite(gcm gcm.decrypt)
 add_test_suite(hmac_shax)
 add_test_suite(md)
 add_test_suite(mdx)
--- a/tests/Makefile
+++ b/tests/Makefile
@ -15,7 +15,8 @@ APPS =	test_suite_aes			test_suite_arc4			\
 		test_suite_cipher.des	test_suite_cipher.null	\
 		test_suite_ctr_drbg		test_suite_debug		\
 		test_suite_des			test_suite_dhm			\
-		test_suite_error		test_suite_hmac_shax	\
+		test_suite_error		test_suite_gcm.decrypt	\
+		test_suite_gcm.decrypt	test_suite_hmac_shax	\
 		test_suite_md			test_suite_mdx			\
 		test_suite_mpi			test_suite_pkcs1_v21	\
 		test_suite_rsa			test_suite_shax			\
@ -42,6 +43,14 @@ test_suite_cipher.null.c : suites/test_suite_cipher.function suites/test_suite_c
 	echo   "  Generate	$@"
 	scripts/generate_code.pl suites test_suite_cipher test_suite_cipher.null

+test_suite_gcm.decrypt.c : suites/test_suite_gcm.function suites/test_suite_gcm.decrypt.data scripts/generate_code.pl suites/helpers.function
+	echo   "  Generate	$@"
+	scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.decrypt
+
+test_suite_gcm.encrypt.c : suites/test_suite_gcm.function suites/test_suite_gcm.encrypt.data scripts/generate_code.pl suites/helpers.function
+	echo   "  Generate	$@"
+	scripts/generate_code.pl suites test_suite_gcm test_suite_gcm.encrypt
+
 %.c : suites/%.function suites/%.data scripts/generate_code.pl suites/helpers.function
 	echo   "  Generate	$@"
 	scripts/generate_code.pl suites $* $*
@ -94,6 +103,14 @@ test_suite_error: test_suite_error.c ../library/libpolarssl.a
 	echo   "  CC    	$@.c"
 	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@

+test_suite_gcm.decrypt: test_suite_gcm.decrypt.c ../library/libpolarssl.a
+	echo   "  CC    	$@.c"
+	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
+
+test_suite_gcm.encrypt: test_suite_gcm.encrypt.c ../library/libpolarssl.a
+	echo   "  CC    	$@.c"
+	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
+
 test_suite_hmac_shax: test_suite_hmac_shax.c ../library/libpolarssl.a
 	echo   "  CC    	$@.c"
 	$(CC) $(CFLAGS) $(OFLAGS) $@.c	$(LDFLAGS) -o $@
--- a/tests/scripts/gen_gcm_decrypt.pl
+++ b/tests/scripts/gen_gcm_decrypt.pl
@ -0,0 +1,94 @@
+#!/usr/bin/perl
+#
+# Based on NIST gcmDecryptxxx.rsp validation files
+# Only first 3 of every set used for compile time saving
+
+use strict;
+
+my $file = shift;
+
+open(TEST_DATA, "$file") or die "Opening test cases '$file': $!";
+
+sub get_suite_val($)
+{
+    my $name = shift;
+    my $val = "";
+
+    while(my $line = <TEST_DATA>)
+    {
+        next if ($line !~ /^\[/);
+        ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/);
+        last;
+    }
+
+    return $val;
+}
+
+sub get_val($)
+{
+    my $name = shift;
+    my $val = "";
+    my $line;
+
+    while($line = <TEST_DATA>)
+    {
+        next if($line !~ /=/);
+        last;
+    }
+
+    ($val) = ($line =~ /^$name = (\w+)/);
+
+    return $val;
+}
+
+sub get_val_or_fail($)
+{
+    my $name = shift;
+    my $val = "FAIL";
+    my $line;
+
+    while($line = <TEST_DATA>)
+    {
+        next if($line !~ /=/ && $line !~ /FAIL/);
+        last;
+    }
+
+    ($val) = ($line =~ /^$name = (\w+)/) if ($line =~ /=/);
+
+    return $val;
+}
+
+my $cnt = 1;;
+while (my $line = <TEST_DATA>)
+{
+    my $key_len = get_suite_val("Keylen");
+    next if ($key_len !~ /\d+/);
+    my $iv_len = get_suite_val("IVlen");
+    my $pt_len = get_suite_val("PTlen");
+    my $add_len = get_suite_val("AADlen");
+    my $tag_len = get_suite_val("Taglen");
+
+    for ($cnt = 0; $cnt < 3; $cnt++)
+    {
+        my $Count = get_val("Count");
+        my $key = get_val("Key");
+        my $iv = get_val("IV");
+        my $ct = get_val("CT");
+        my $add = get_val("AAD");
+        my $tag = get_val("Tag");
+        my $pt = get_val_or_fail("PT");
+
+        print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n");
+        print("gcm_decrypt_and_verify");
+        print(":\"$key\"");
+        print(":\"$ct\"");
+        print(":\"$iv\"");
+        print(":\"$add\"");
+        print(":$tag_len");
+        print(":\"$tag\"");
+        print(":\"$pt\"");
+        print(":0");
+        print("\n\n");
+    }
+}
+close(TEST_DATA);
--- a/tests/scripts/gen_gcm_encrypt.pl
+++ b/tests/scripts/gen_gcm_encrypt.pl
@ -0,0 +1,77 @@
+#!/usr/bin/perl
+#
+# Based on NIST gcmEncryptIntIVxxx.rsp validation files
+# Only first 3 of every set used for compile time saving
+
+use strict;
+
+my $file = shift;
+
+open(TEST_DATA, "$file") or die "Opening test cases '$file': $!";
+
+sub get_suite_val($)
+{
+    my $name = shift;
+    my $val = "";
+
+    while(my $line = <TEST_DATA>)
+    {
+        next if ($line !~ /^\[/);
+        ($val) = ($line =~ /\[$name\s\=\s(\w+)\]/);
+        last;
+    }
+
+    return $val;
+}
+
+sub get_val($)
+{
+    my $name = shift;
+    my $val = "";
+    my $line;
+
+    while($line = <TEST_DATA>)
+    {
+        next if($line !~ /=/);
+        last;
+    }
+
+    ($val) = ($line =~ /^$name = (\w+)/);
+
+    return $val;
+}
+
+my $cnt = 1;;
+while (my $line = <TEST_DATA>)
+{
+    my $key_len = get_suite_val("Keylen");
+    next if ($key_len !~ /\d+/);
+    my $iv_len = get_suite_val("IVlen");
+    my $pt_len = get_suite_val("PTlen");
+    my $add_len = get_suite_val("AADlen");
+    my $tag_len = get_suite_val("Taglen");
+
+    for ($cnt = 0; $cnt < 3; $cnt++)
+    {
+        my $Count = get_val("Count");
+        my $key = get_val("Key");
+        my $pt = get_val("PT");
+        my $add = get_val("AAD");
+        my $iv = get_val("IV");
+        my $ct = get_val("CT");
+        my $tag = get_val("Tag");
+
+        print("GCM NIST Validation (AES-$key_len,$iv_len,$pt_len,$add_len,$tag_len) #$Count\n");
+        print("gcm_encrypt_and_tag");
+        print(":\"$key\"");
+        print(":\"$pt\"");
+        print(":\"$iv\"");
+        print(":\"$add\"");
+        print(":\"$ct\"");
+        print(":$tag_len");
+        print(":\"$tag\"");
+        print(":0");
+        print("\n\n");
+    }
+}
+close(TEST_DATA);
--- a/tests/suites/test_suite_gcm.decrypt.data
+++ b/tests/suites/test_suite_gcm.decrypt.data
--- a/tests/suites/test_suite_gcm.encrypt.data
+++ b/tests/suites/test_suite_gcm.encrypt.data
--- a/tests/suites/test_suite_gcm.function
+++ b/tests/suites/test_suite_gcm.function
@ -0,0 +1,104 @@
+BEGIN_HEADER
+#include <polarssl/gcm.h>
+END_HEADER
+
+BEGIN_DEPENDENCIES
+depends_on:POLARSSL_GCM_C
+END_DEPENDENCIES
+
+BEGIN_CASE
+gcm_encrypt_and_tag:hex_key_string:hex_src_string:hex_iv_string:hex_add_string:hex_dst_string:tag_len:hex_tag_string:init_result
+{
+    unsigned char key_str[128];
+    unsigned char src_str[128];
+    unsigned char dst_str[257];
+    unsigned char iv_str[128];
+    unsigned char add_str[128];
+    unsigned char tag_str[128];
+    unsigned char output[128];
+    unsigned char tag_output[16];
+    gcm_context ctx;
+    unsigned int key_len;
+    size_t pt_len, iv_len, add_len, tag_len = {tag_len} / 8;
+
+    memset(key_str, 0x00, 128);
+    memset(src_str, 0x00, 128);
+    memset(dst_str, 0x00, 256);
+    memset(iv_str, 0x00, 128);
+    memset(add_str, 0x00, 128);
+    memset(tag_str, 0x00, 128);
+    memset(output, 0x00, 128);
+    memset(tag_output, 0x00, 16);
+
+    key_len = unhexify( key_str, {hex_key_string} );
+    pt_len = unhexify( src_str, {hex_src_string} );
+    iv_len = unhexify( iv_str, {hex_iv_string} );
+    add_len = unhexify( add_str, {hex_add_string} );
+
+    TEST_ASSERT( gcm_init( &ctx, key_str, key_len * 8 ) == {init_result} );
+    if( {init_result} == 0 )
+    {
+        TEST_ASSERT( gcm_crypt_and_tag( &ctx, GCM_ENCRYPT, pt_len, iv_str, iv_len, add_str, add_len, src_str, output, tag_len, tag_output ) == 0 );
+        hexify( dst_str, output, pt_len );
+        hexify( tag_str, tag_output, tag_len );
+
+        TEST_ASSERT( strcmp( (char *) dst_str, {hex_dst_string} ) == 0 );
+        TEST_ASSERT( strcmp( (char *) tag_str, {hex_tag_string} ) == 0 );
+    }
+}
+END_CASE
+
+BEGIN_CASE
+gcm_decrypt_and_verify:hex_key_string:hex_src_string:hex_iv_string:hex_add_string:tag_len:hex_tag_string:pt_result:init_result
+{
+    unsigned char key_str[128];
+    unsigned char src_str[128];
+    unsigned char dst_str[257];
+    unsigned char iv_str[128];
+    unsigned char add_str[128];
+    unsigned char tag_str[128];
+    unsigned char output[128];
+    gcm_context ctx;
+    unsigned int key_len;
+    size_t pt_len, iv_len, add_len, tag_len = {tag_len} / 8;
+    int ret;
+
+    memset(key_str, 0x00, 128);
+    memset(src_str, 0x00, 128);
+    memset(dst_str, 0x00, 256);
+    memset(iv_str, 0x00, 128);
+    memset(add_str, 0x00, 128);
+    memset(tag_str, 0x00, 128);
+    memset(output, 0x00, 128);
+
+    key_len = unhexify( key_str, {hex_key_string} );
+    pt_len = unhexify( src_str, {hex_src_string} );
+    iv_len = unhexify( iv_str, {hex_iv_string} );
+    add_len = unhexify( add_str, {hex_add_string} );
+    unhexify( tag_str, {hex_tag_string} );
+
+    TEST_ASSERT( gcm_init( &ctx, key_str, key_len * 8 ) == {init_result} );
+    if( {init_result} == 0 )
+    {
+        ret = gcm_auth_decrypt( &ctx, pt_len, iv_str, iv_len, add_str, add_len, tag_str, tag_len, src_str, output );
+
+        if( strcmp( "FAIL", {pt_result} ) == 0 )
+        {
+            TEST_ASSERT( ret == POLARSSL_ERR_GCM_AUTH_FAILED );
+        }
+        else
+        {
+            hexify( dst_str, output, pt_len );
+
+            TEST_ASSERT( strcmp( (char *) dst_str, {pt_result} ) == 0 );
+        }
+    }
+}
+END_CASE
+
+BEGIN_CASE
+gcm_selftest:
+{
+    TEST_ASSERT( gcm_self_test( 0 ) == 0 );
+}
+END_CASE