From 7d0c61ee5c01d0efd3d488c924929f9f2f78a5d1 Mon Sep 17 00:00:00 2001 From: Paul Adelsbach Date: Thu, 5 Mar 2026 15:29:22 -0800 Subject: [PATCH] Fix aead set random IV --- debian/install-wolfprov.sh | 11 +- scripts/test-wp-cs.sh | 5 +- src/wp_aes_aead.c | 167 ++++++++++++---------- test/test_aestag.c | 279 ++++++++++++++++++++++++++++++++++++- test/unit.c | 3 +- test/unit.h | 2 + 6 files changed, 387 insertions(+), 80 deletions(-) diff --git a/debian/install-wolfprov.sh b/debian/install-wolfprov.sh index 4ff6ac57..99432df8 100755 --- a/debian/install-wolfprov.sh +++ b/debian/install-wolfprov.sh @@ -195,8 +195,14 @@ main() { work_dir=$(mktemp -d) printf "Working directory: $work_dir\n" pushd $work_dir 2>&1 > /dev/null - cp -r $REPO_ROOT . - cd $(basename $REPO_ROOT) + repo_name=$(basename "$REPO_ROOT") + if git clone --depth 1 "file://$REPO_ROOT" "$repo_name"; then + : + else + echo "Shallow clone failed, falling back to local clone" + git clone "$REPO_ROOT" "$repo_name" + fi + cd "$repo_name" wolfprov_build $fips_mode $debug_mode if [ $no_install -eq 0 ]; then @@ -218,4 +224,3 @@ main() { # Run main function with all arguments main "$@" - diff --git a/scripts/test-wp-cs.sh b/scripts/test-wp-cs.sh index 514aa0f6..99a8cf55 100755 --- a/scripts/test-wp-cs.sh +++ b/scripts/test-wp-cs.sh @@ -284,9 +284,9 @@ openssl version -a || true if [ "${AM_BWRAPPED-}" != "yes" ]; then # Perform the build only if not in the bubble printf "Cleaning up previous builds\n" - ${SCRIPT_DIR}/build-wolfprovider.sh --clean --distclean + ${SCRIPT_DIR}/build-wolfprovider.sh --clean --distclean || exit 1 printf "Building wolfProvider\n" - ${SCRIPT_DIR}/build-wolfprovider.sh + ${SCRIPT_DIR}/build-wolfprovider.sh || exit 1 printf "OPENSSL_BIN: $OPENSSL_BIN\n" $OPENSSL_BIN version -a || true @@ -321,4 +321,3 @@ else printf "$FAIL tests failed.\n" exit 1 fi - diff --git a/src/wp_aes_aead.c b/src/wp_aes_aead.c index 4d921c91..68f67088 100644 --- a/src/wp_aes_aead.c +++ b/src/wp_aes_aead.c @@ -666,8 +666,8 @@ static int wp_aead_set_ctx_params(wp_AeadCtx* ctx, const OSSL_PARAM params[]) ok = wp_aead_set_param_tls1_iv_fixed(ctx, params); } else if (ok && (ctx->mode == EVP_CIPH_GCM_MODE) && - (XMEMCMP(params->key, OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED, - sizeof(OSSL_CIPHER_PARAM_AEAD_TLS1_IV_FIXED)) == 0)) { + (XMEMCMP(params->key, OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV, + sizeof(OSSL_CIPHER_PARAM_AEAD_TLS1_SET_IV_INV)) == 0)) { ok = wp_aead_set_param_tls1_iv_rand(ctx, params); } @@ -921,11 +921,16 @@ static int wp_aesgcm_set_rand_iv(wp_AeadCtx *ctx, unsigned char *in, ok = 0; } else { -#ifndef WOLFSSL_AESGCM_STREAM - XMEMCPY(ctx->origIv, ctx->iv, ctx->ivLen); -#endif XMEMCPY(ctx->iv + ctx->ivLen - inLen, in, inLen); +#ifdef WOLFSSL_AESGCM_STREAM + /* Stream update initializes AES-GCM when IV state is buffered. */ + ctx->ivState = IV_STATE_BUFFERED; +#else + /* Non-stream path consumes origIv when IV state is COPIED. Ensure it + * includes the explicit/random bytes from SET_IV_INV. */ + XMEMCPY(ctx->origIv, ctx->iv, ctx->ivLen); ctx->ivState = IV_STATE_COPIED; +#endif } WOLFPROV_LEAVE(WP_LOG_COMP_AES, __FILE__ ":" WOLFPROV_STRINGIZE(__LINE__), ok); @@ -997,74 +1002,82 @@ static int wp_aesgcm_tls_iv_set_fixed(wp_AeadCtx* ctx, unsigned char* iv, } /** - * Initialize AES GCM cipher for encryption. - * - * Sets the parameters as well as key and IV/nonce. + * Initialize AES GCM key and IV/nonce state. * * @param [in, out] ctx AEAD context object. - * @param [in] key Private key to initialize with. May be NULL. + * @param [in] key Key to initialize with. May be NULL. * @param [in] keyLen Length of key in bytes. * @param [in] iv IV/nonce to initialize with. May be NULL. * @param [in] ivLen Length of IV/nonce in bytes. - * @param [in] params Array of parameters and values. + * @param [in] enc 1 for encryption, 0 for decryption. * @return 1 on success. * @return 0 on failure. */ -static int wp_aesgcm_einit(wp_AeadCtx* ctx, const unsigned char *key, - size_t keyLen, const unsigned char *iv, size_t ivLen, - const OSSL_PARAM params[]) +static int wp_aesgcm_init_key_iv(wp_AeadCtx* ctx, const unsigned char* key, + size_t keyLen, const unsigned char* iv, size_t ivLen, int enc) { Aes *aes = &ctx->aes; int ok = 1; + int rc; - WOLFPROV_ENTER(WP_LOG_COMP_AES, "wp_aesgcm_einit"); - - if (!wolfssl_prov_is_running()) { - ok = 0; - } - if (ok) { - WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES); - } #ifdef WOLFSSL_AESGCM_STREAM - if (ok) { - int rc; + if (iv != NULL) { + if (ivLen > 0) { + XMEMCPY(ctx->iv, iv, ivLen); + ctx->ivState = IV_STATE_BUFFERED; + ctx->ivSet = 0; + ctx->ivLen = ivLen; + } + else { + WOLFPROV_MSG_DEBUG(WP_LOG_COMP_AES, + "wp_aesgcm_init_key_iv: stream iv pointer provided with ivLen=0 " + "(enc=%d), treating as key-only reinit", enc); + } + } - if (iv != NULL) { - if (ivLen == 0) { + if (ok && (key != NULL)) { + if ((iv == NULL) || (ivLen == 0)) { + rc = wc_AesGcmSetKey(aes, key, (word32)keyLen); + if (rc != 0) { + WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, + "wc_AesGcmSetKey", rc); ok = 0; } - if (ok) { - XMEMCPY(ctx->iv, iv, ivLen); - ctx->ivState = IV_STATE_BUFFERED; - ctx->ivSet = 0; - ctx->ivLen = ivLen; - } } - if ((ivLen == 0) && (key != NULL)) { - rc = wc_AesGcmSetKey(aes, key, (word32)keyLen); + else if (enc) { + rc = wc_AesGcmEncryptInit(aes, key, (word32)keyLen, iv, + (word32)ivLen); if (rc != 0) { - WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey", rc); + WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, + "wc_AesGcmEncryptInit", rc); ok = 0; } } - else if (key != NULL) { - rc = wc_AesGcmEncryptInit(aes, key, (word32)keyLen, iv, (word32)ivLen); + else { + rc = wc_AesGcmDecryptInit(aes, key, (word32)keyLen, iv, + (word32)ivLen); if (rc != 0) { - WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmEncryptInit", rc); + WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, + "wc_AesGcmDecryptInit", rc); ok = 0; } } } #else - if (ok && (key != NULL)) { - int rc = wc_AesGcmSetKey(aes, key, (word32)keyLen); + (void)enc; + if (key != NULL) { + rc = wc_AesGcmSetKey(aes, key, (word32)keyLen); if (rc != 0) { - WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey", rc); + WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey", + rc); ok = 0; } } - if (ok && (iv != NULL)) { + if (ok && (iv != NULL) && (ivLen > 0)) { if (ivLen != ctx->ivLen) { + WOLFPROV_MSG_DEBUG(WP_LOG_COMP_AES, + "wp_aesgcm_init_key_iv: non-stream ivLen mismatch ivLen=%u " + "ctx->ivLen=%u", (unsigned)ivLen, (unsigned)ctx->ivLen); ok = 0; } if (ok) { @@ -1073,7 +1086,47 @@ static int wp_aesgcm_einit(wp_AeadCtx* ctx, const unsigned char *key, ctx->ivSet = 0; } } + else if (ok && (iv != NULL) && (ivLen == 0)) { + WOLFPROV_MSG_DEBUG(WP_LOG_COMP_AES, + "wp_aesgcm_init_key_iv: non-stream iv pointer provided with ivLen=0, " + "keeping existing IV"); + } #endif + + return ok; +} + +/** + * Initialize AES GCM cipher for encryption. + * + * Sets the parameters as well as key and IV/nonce. + * + * @param [in, out] ctx AEAD context object. + * @param [in] key Private key to initialize with. May be NULL. + * @param [in] keyLen Length of key in bytes. + * @param [in] iv IV/nonce to initialize with. May be NULL. + * @param [in] ivLen Length of IV/nonce in bytes. + * @param [in] params Array of parameters and values. + * @return 1 on success. + * @return 0 on failure. + */ +static int wp_aesgcm_einit(wp_AeadCtx* ctx, const unsigned char *key, + size_t keyLen, const unsigned char *iv, size_t ivLen, + const OSSL_PARAM params[]) +{ + int ok = 1; + + WOLFPROV_ENTER(WP_LOG_COMP_AES, "wp_aesgcm_einit"); + + if (!wolfssl_prov_is_running()) { + ok = 0; + } + if (ok) { + WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES); + } + if (ok) { + ok = wp_aesgcm_init_key_iv(ctx, key, keyLen, iv, ivLen, 1); + } if (ok) { ctx->enc = 1; ctx->keySet |= (key != NULL); @@ -1103,7 +1156,6 @@ static int wp_aesgcm_dinit(wp_AeadCtx *ctx, const unsigned char *key, size_t keyLen, const unsigned char *iv, size_t ivLen, const OSSL_PARAM params[]) { - Aes *aes = &ctx->aes; int ok = 1; WOLFPROV_ENTER(WP_LOG_COMP_AES, "wp_aesgcm_dinit"); @@ -1114,38 +1166,9 @@ static int wp_aesgcm_dinit(wp_AeadCtx *ctx, const unsigned char *key, if (ok) { WP_CHECK_FIPS_ALGO(WP_CAST_ALGO_AES); } -#ifdef WOLFSSL_AESGCM_STREAM - if (ok && key != NULL) { - int rc = wc_AesGcmDecryptInit(aes, key, (word32)keyLen, iv, (word32)ivLen); - if (rc != 0) { - WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmDecryptInit", rc); - ok = 0; - } - } if (ok) { - XMEMCPY(ctx->iv, iv, ivLen); - ctx->ivState = IV_STATE_BUFFERED; - ctx->ivSet = 0; + ok = wp_aesgcm_init_key_iv(ctx, key, keyLen, iv, ivLen, 0); } -#else - if (ok && (key != NULL)) { - int rc = wc_AesGcmSetKey(aes, key, (word32)keyLen); - if (rc != 0) { - WOLFPROV_MSG_DEBUG_RETCODE(WP_LOG_LEVEL_DEBUG, "wc_AesGcmSetKey", rc); - ok = 0; - } - } - if (ok && (iv != NULL)) { - if (ivLen != ctx->ivLen) { - ok = 0; - } - if (ok) { - XMEMCPY(ctx->iv, iv, ivLen); - ctx->ivState = IV_STATE_BUFFERED; - ctx->ivSet = 0; - } - } -#endif if (ok) { ctx->enc = 0; ctx->keySet |= (key != NULL); diff --git a/test/test_aestag.c b/test/test_aestag.c index 1515b4b2..ed8eeee0 100644 --- a/test/test_aestag.c +++ b/test/test_aestag.c @@ -669,6 +669,270 @@ static int test_aes_tag_dec_ossh_multi(const EVP_CIPHER *cipher, return err; } +static int test_aes_tag_enc_ossh_iv_params(const EVP_CIPHER *cipher, + unsigned char *key, unsigned char *iv, int ivFixedSetArg, + unsigned char *aad, unsigned char *msg, int len, unsigned char *enc, + unsigned char *tag, unsigned char *ivInv, size_t ivInvLen) +{ + int err; + EVP_CIPHER_CTX *encCtx; + unsigned int tagLen = 16; + unsigned char ivLocal[EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN]; + + memcpy(ivLocal, iv, sizeof(ivLocal)); + + err = (encCtx = EVP_CIPHER_CTX_new()) == NULL; + if (err == 0) { + err = EVP_CipherInit(encCtx, cipher, NULL, ivLocal, 1) != 1; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: EVP_CipherInit(enc=1) failed"); + } + } + if (err == 0) { + err = EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_SET_IV_FIXED, + ivFixedSetArg, ivLocal) != 1; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: SET_IV_FIXED failed arg=%d", ivFixedSetArg); + } + } + if (err == 0) { + err = EVP_CipherInit(encCtx, NULL, key, NULL, -1) != 1; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: EVP_CipherInit(key) failed"); + } + } + if (err == 0) { + err = EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_IV_GEN, (int)ivInvLen, + ivInv) != 1; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: IV_GEN failed ivInvLen=%d", (int)ivInvLen); + } + } + if (err == 0) { + err = EVP_Cipher(encCtx, NULL, aad, (int)strlen((char *)aad)) <= 0; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: AAD step failed"); + } + } + if (err == 0) { + err = EVP_Cipher(encCtx, enc, msg, len) != len; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: payload step failed len=%d", len); + } + } + if (err == 0) { + err = EVP_Cipher(encCtx, NULL, NULL, 0) < 0; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: final step failed"); + } + } + if (err == 0) { + err = EVP_CIPHER_CTX_ctrl(encCtx, EVP_CTRL_GCM_GET_TAG, tagLen, + tag) != 1; + if (err != 0) { + PRINT_ERR_MSG("enc_ossh_iv_params: GET_TAG failed"); + } + } + + EVP_CIPHER_CTX_free(encCtx); + return err; +} + +static int test_aes_tag_dec_ossh_set_iv_inv(const EVP_CIPHER *cipher, + unsigned char *key, unsigned char *iv, int ivFixedSetArg, + unsigned char *aad, unsigned char *msg, int len, unsigned char *enc, + unsigned char *tag, unsigned char *dec, unsigned char *ivInv, + size_t ivInvLen) +{ + int err; + EVP_CIPHER_CTX *decCtx; + unsigned int tagLen = 16; + unsigned char ivLocal[EVP_GCM_TLS_FIXED_IV_LEN + EVP_GCM_TLS_EXPLICIT_IV_LEN]; + + memcpy(ivLocal, iv, sizeof(ivLocal)); + + err = (decCtx = EVP_CIPHER_CTX_new()) == NULL; + if (err == 0) { + err = EVP_CipherInit(decCtx, cipher, NULL, ivLocal, 0) != 1; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: EVP_CipherInit(enc=0) failed"); + } + } + if (err == 0) { + err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_FIXED, + ivFixedSetArg, ivLocal) != 1; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: SET_IV_FIXED failed arg=%d", ivFixedSetArg); + } + } + if (err == 0) { + err = EVP_CipherInit(decCtx, NULL, key, NULL, -1) != 1; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: EVP_CipherInit(key) failed"); + } + } + if (err == 0) { + err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_IV_INV, + (int)ivInvLen, ivInv) != 1; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: SET_IV_INV failed ivInvLen=%d", (int)ivInvLen); + } + } + if (err == 0) { + err = EVP_CIPHER_CTX_ctrl(decCtx, EVP_CTRL_GCM_SET_TAG, tagLen, + tag) != 1; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: SET_TAG failed"); + } + } + if (err == 0) { + err = EVP_Cipher(decCtx, NULL, aad, (int)strlen((char *)aad)) <= 0; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: AAD step failed"); + } + } + if (err == 0) { + err = EVP_Cipher(decCtx, dec, enc, len) != len; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: payload step failed len=%d", len); + } + } + if (err == 0) { + err = EVP_Cipher(decCtx, NULL, NULL, 0) < 0; + if (err != 0) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: final step failed"); + } + } + if ((err == 0) && (dec != NULL) && (msg != NULL) && (memcmp(dec, msg, + len) != 0)) { + PRINT_ERR_MSG("dec_ossh_set_iv_inv: plaintext mismatch len=%d", len); + err = 1; + } + + EVP_CIPHER_CTX_free(decCtx); + return err; +} + +static int test_aes_tag_set_iv_inv(void *data, const char *cipher, + int keyLen) +{ + int err = 0; + unsigned char msg[] = "Test pattern"; + unsigned char key[32]; + unsigned char iv[12]; + unsigned char aad[] = "AAD"; + unsigned char enc[sizeof(msg)]; + unsigned char tag[AES_BLOCK_SIZE]; + unsigned char dec[sizeof(msg)]; + unsigned char ivInv[EVP_GCM_TLS_EXPLICIT_IV_LEN]; + EVP_CIPHER* ocipher; + EVP_CIPHER* wcipher; + + (void)data; + + ocipher = EVP_CIPHER_fetch(osslLibCtx, cipher, ""); + wcipher = EVP_CIPHER_fetch(wpLibCtx, cipher, ""); + + if (RAND_bytes(key, keyLen) == 0) { + err = 1; + } + if ((err == 0) && (RAND_bytes(iv, sizeof(iv)) == 0)) { + err = 1; + } + + if (err == 0) { + PRINT_MSG("Encrypt with OpenSSL (SET_IV_INV)"); + err = test_aes_tag_enc_ossh_iv_params(ocipher, key, iv, -1, aad, msg, + sizeof(msg), enc, tag, ivInv, + sizeof(ivInv)); + } + if (err == 0) { + PRINT_MSG("Decrypt with wolfprovider (SET_IV_INV)"); + err = test_aes_tag_dec_ossh_set_iv_inv(wcipher, key, iv, -1, aad, msg, + sizeof(msg), enc, tag, dec, + ivInv, sizeof(ivInv)); + } + if (err == 0) { + PRINT_MSG("Encrypt with wolfprovider (SET_IV_INV)"); + err = test_aes_tag_enc_ossh_iv_params(wcipher, key, iv, -1, aad, msg, + sizeof(msg), enc, tag, ivInv, + sizeof(ivInv)); + } + if (err == 0) { + PRINT_MSG("Decrypt with OpenSSL (SET_IV_INV)"); + err = test_aes_tag_dec_ossh_set_iv_inv(ocipher, key, iv, -1, aad, msg, + sizeof(msg), enc, tag, dec, + ivInv, sizeof(ivInv)); + } + + EVP_CIPHER_free(wcipher); + EVP_CIPHER_free(ocipher); + + return err; +} + +static int test_aes_tag_set_iv_fixed(void *data, const char *cipher, + int keyLen) +{ + int err = 0; + unsigned char msg[] = "Test pattern"; + unsigned char key[32]; + unsigned char iv[12]; + unsigned char aad[] = "AAD"; + unsigned char enc[sizeof(msg)]; + unsigned char tag[AES_BLOCK_SIZE]; + unsigned char dec[sizeof(msg)]; + unsigned char ivInv[EVP_GCM_TLS_EXPLICIT_IV_LEN]; + EVP_CIPHER* ocipher; + EVP_CIPHER* wcipher; + + (void)data; + + ocipher = EVP_CIPHER_fetch(osslLibCtx, cipher, ""); + wcipher = EVP_CIPHER_fetch(wpLibCtx, cipher, ""); + + if (RAND_bytes(key, keyLen) == 0) { + err = 1; + } + if ((err == 0) && (RAND_bytes(iv, sizeof(iv)) == 0)) { + err = 1; + } + + if (err == 0) { + PRINT_MSG("Encrypt with OpenSSL (TLS1_IV_FIXED)"); + err = test_aes_tag_enc_ossh_iv_params(ocipher, key, iv, + EVP_GCM_TLS_FIXED_IV_LEN, aad, + msg, sizeof(msg), enc, tag, + ivInv, sizeof(ivInv)); + } + if (err == 0) { + PRINT_MSG("Decrypt with wolfprovider (TLS1_IV_FIXED)"); + err = test_aes_tag_dec_ossh_set_iv_inv(wcipher, key, iv, + EVP_GCM_TLS_FIXED_IV_LEN, aad, + msg, sizeof(msg), enc, tag, dec, + ivInv, sizeof(ivInv)); + } + if (err == 0) { + PRINT_MSG("Encrypt with wolfprovider (TLS1_IV_FIXED)"); + err = test_aes_tag_enc_ossh_iv_params(wcipher, key, iv, + EVP_GCM_TLS_FIXED_IV_LEN, aad, + msg, sizeof(msg), enc, tag, + ivInv, sizeof(ivInv)); + } + if (err == 0) { + PRINT_MSG("Decrypt with OpenSSL (TLS1_IV_FIXED)"); + err = test_aes_tag_dec_ossh_set_iv_inv(ocipher, key, iv, + EVP_GCM_TLS_FIXED_IV_LEN, aad, + msg, sizeof(msg), enc, tag, dec, + ivInv, sizeof(ivInv)); + } + + EVP_CIPHER_free(wcipher); + EVP_CIPHER_free(ocipher); + + return err; +} + static int test_aes_tag_fixed(void *data, const char *cipher, int keyLen, int ivFixedLen, int ivLen) { @@ -1042,6 +1306,20 @@ int test_aes128_gcm_tls(void *data) EVP_GCM_TLS_FIXED_IV_LEN, 0); } +/******************************************************************************/ + +int test_aes128_gcm_set_iv_inv(void *data) +{ + return test_aes_tag_set_iv_inv(data, "AES-128-GCM", 16); +} + +/******************************************************************************/ + +int test_aes128_gcm_set_iv_fixed(void *data) +{ + return test_aes_tag_set_iv_fixed(data, "AES-128-GCM", 16); +} + #endif /* WP_HAVE_AESGCM */ /******************************************************************************/ @@ -1092,4 +1370,3 @@ int test_aes128_ccm_tls(void *data) } #endif /* WP_HAVE_AESCCM */ - diff --git a/test/unit.c b/test/unit.c index 8e67b467..c8d83ecc 100644 --- a/test/unit.c +++ b/test/unit.c @@ -266,6 +266,8 @@ TEST_CASE test_case[] = { TEST_DECL(test_aes256_gcm, NULL), TEST_DECL(test_aes128_gcm_fixed, NULL), TEST_DECL(test_aes128_gcm_tls, NULL), + TEST_DECL(test_aes128_gcm_set_iv_inv, NULL), + TEST_DECL(test_aes128_gcm_set_iv_fixed, NULL), #endif #ifdef WP_HAVE_AESCCM TEST_DECL(test_aes128_ccm, NULL), @@ -813,4 +815,3 @@ int main(int argc, char* argv[]) return err; } - diff --git a/test/unit.h b/test/unit.h index cc968fcb..bd8e9ae0 100644 --- a/test/unit.h +++ b/test/unit.h @@ -193,6 +193,8 @@ int test_aes192_gcm(void *data); int test_aes256_gcm(void *data); int test_aes128_gcm_fixed(void *data); int test_aes128_gcm_tls(void *data); +int test_aes128_gcm_set_iv_inv(void *data); +int test_aes128_gcm_set_iv_fixed(void *data); #endif /* WP_HAVE_AESGCM */