wycheproof failing test - invalid/modified tag

karel-m · karel-m · commit 2599618ca640 · 2018-10-29T07:28:18.000+01:00
diff --git a/src/encauth/gcm/gcm_test.c b/src/encauth/gcm/gcm_test.c
@@ -380,6 +380,36 @@ int gcm_test(void)
        }
 
    }
+
+   /* wycheproof failing test - https://github.com/libtom/libtomcrypt/pull/451 */
+   {
+      unsigned char key[] = { 0x00,0x01,0x02,0x03,0x04,0x05,0x06,0x07,0x08,0x09,0x0a,0x0b,0x0c,0x0d,0x0e,0x0f };
+      unsigned char iv[]  = { 0x50,0x51,0x52,0x53,0x54,0x55,0x56,0x57,0x58,0x59,0x5a,0x5b };
+      unsigned char valid_tag[]   = { 0xd8,0x84,0x7d,0xbc,0x32,0x6a,0x06,0xe9,0x88,0xc7,0x7a,0xd3,0x86,0x3e,0x60,0x83 };
+      unsigned char invalid_tag[] = { 0xd9,0x84,0x7d,0xbc,0x32,0x6a,0x06,0xe9,0x88,0xc7,0x7a,0xd3,0x86,0x3e,0x60,0x83 };
+      unsigned char msg[] = { 0x20,0x21,0x22,0x23,0x24,0x25,0x26,0x27,0x28,0x29,0x2a,0x2b,0x2c,0x2d,0x2e,0x2f };
+      unsigned char ct[]  = { 0xeb,0x15,0x6d,0x08,0x1e,0xd6,0xb6,0xb5,0x5f,0x46,0x12,0xf0,0x21,0xd8,0x7b,0x39 };
+      unsigned char pt[20] = { 0 };
+      unsigned long taglen;
+
+      /* VALID tag */
+      taglen = sizeof(valid_tag);
+      err = gcm_memory(idx, key, sizeof(key), iv, sizeof(iv), NULL, 0,
+                       pt, sizeof(ct), ct, invalid_tag, &taglen, GCM_DECRYPT);
+      if ((err != CRYPT_OK) || (XMEMCMP(msg, pt, sizeof(msg)) != 0)) {
+         return CRYPT_FAIL_TESTVECTOR;
+      }
+
+      /* INVALID tag */
+      taglen = sizeof(invalid_tag);
+      err = gcm_memory(idx, key, sizeof(key), iv, sizeof(iv), NULL, 0,
+                       pt, sizeof(ct), ct, invalid_tag, &taglen, GCM_DECRYPT);
+      if (err == CRYPT_OK) {
+         fprintf(stderr, "XXX-FIXME gcm_memory should reject invalid tag\n");
+         /* return CRYPT_FAIL_TESTVECTOR; */
+      }
+   }
+
    return CRYPT_OK;
 #endif
 }
