Skip to content

Commit fd4d8fb

Browse files
karel-mkarel-m
committed
add tag validation to gcm_memory in decrypt mode
1 parent 27c4726 commit fd4d8fb

File tree

2 files changed

+21
-9
lines changed

2 files changed

+21
-9
lines changed

src/encauth/gcm/gcm_memory.c

Lines changed: 18 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -93,7 +93,24 @@ int gcm_memory( int cipher,
9393
if ((err = gcm_process(gcm, pt, ptlen, ct, direction)) != CRYPT_OK) {
9494
goto LTC_ERR;
9595
}
96-
err = gcm_done(gcm, tag, taglen);
96+
if (direction == GCM_ENCRYPT) {
97+
if ((err = gcm_done(gcm, tag, taglen)) != CRYPT_OK) {
98+
goto LTC_ERR;
99+
}
100+
}
101+
else if (direction == GCM_DECRYPT) {
102+
unsigned char buf[MAXBLOCKSIZE];
103+
unsigned long buflen = sizeof(buf);
104+
if ((err = gcm_done(gcm, buf, &buflen)) != CRYPT_OK) {
105+
goto LTC_ERR;
106+
}
107+
if (buflen != *taglen || XMEM_NEQ(buf, tag, buflen) != 0) {
108+
err = CRYPT_ERROR;
109+
}
110+
}
111+
else {
112+
err = CRYPT_INVALID_ARG;
113+
}
97114
LTC_ERR:
98115
XFREE(orig);
99116
return err;

src/encauth/gcm/gcm_test.c

Lines changed: 3 additions & 8 deletions
Original file line numberDiff line numberDiff line change
@@ -363,6 +363,7 @@ int gcm_test(void)
363363
}
364364

365365
y = sizeof(T[1]);
366+
XMEMCPY(T[1], tests[x].T, 16);
366367
if ((err = gcm_memory(idx, tests[x].K, tests[x].keylen,
367368
tests[x].IV, tests[x].IVlen,
368369
tests[x].A, tests[x].alen,
@@ -374,11 +375,6 @@ int gcm_test(void)
374375
if (compare_testvector(out[1], tests[x].ptlen, tests[x].P, tests[x].ptlen, "GCM PT", x)) {
375376
return CRYPT_FAIL_TESTVECTOR;
376377
}
377-
378-
if (compare_testvector(T[1], y, tests[x].T, 16, "GCM Decrypt Tag", x)) {
379-
return CRYPT_FAIL_TESTVECTOR;
380-
}
381-
382378
}
383379

384380
/* wycheproof failing test - https://github.com/libtom/libtomcrypt/pull/451 */
@@ -395,7 +391,7 @@ int gcm_test(void)
395391
/* VALID tag */
396392
taglen = sizeof(valid_tag);
397393
err = gcm_memory(idx, key, sizeof(key), iv, sizeof(iv), NULL, 0,
398-
pt, sizeof(ct), ct, invalid_tag, &taglen, GCM_DECRYPT);
394+
pt, sizeof(ct), ct, valid_tag, &taglen, GCM_DECRYPT);
399395
if ((err != CRYPT_OK) || (XMEMCMP(msg, pt, sizeof(msg)) != 0)) {
400396
return CRYPT_FAIL_TESTVECTOR;
401397
}
@@ -405,8 +401,7 @@ int gcm_test(void)
405401
err = gcm_memory(idx, key, sizeof(key), iv, sizeof(iv), NULL, 0,
406402
pt, sizeof(ct), ct, invalid_tag, &taglen, GCM_DECRYPT);
407403
if (err == CRYPT_OK) {
408-
fprintf(stderr, "XXX-FIXME gcm_memory should reject invalid tag\n");
409-
/* return CRYPT_FAIL_TESTVECTOR; */
404+
return CRYPT_FAIL_TESTVECTOR; /* should fail */
410405
}
411406
}
412407

0 commit comments

Comments
 (0)