6 #include "sw/device/lib/crypto/drivers/entropy.h"
7 #include "sw/device/lib/crypto/impl/aes_gcm/aes_gcm.h"
10 #include "sw/device/lib/testing/test_framework/check.h"
12 #include "sw/device/tests/crypto/aes_gcm_testutils.h"
13 #include "sw/device/tests/crypto/aes_gcm_testvectors.h"
31 static status_t test_decrypt_timing(
void) {
32 size_t tag_num_words = current_test->
tag_len /
sizeof(uint32_t);
33 TRY_CHECK(tag_num_words *
sizeof(uint32_t) == current_test->
tag_len,
34 "Tag length %d is not a multiple of the word size (%d).",
35 current_test->
tag_len,
sizeof(uint32_t));
38 current_test->tag[0]++;
39 uint32_t cycles_invalid1;
41 TRY(aes_gcm_testutils_decrypt(current_test, &valid,
false,
44 current_test->tag[0]--;
45 LOG_INFO(
"First invalid tag: %d cycles", cycles_invalid1);
48 current_test->tag[tag_num_words / 2]++;
49 uint32_t cycles_invalid2;
50 TRY(aes_gcm_testutils_decrypt(current_test, &valid,
false,
53 current_test->tag[tag_num_words / 2]--;
54 LOG_INFO(
"Second invalid tag: %d cycles", cycles_invalid2);
57 current_test->tag[tag_num_words - 1]++;
58 uint32_t cycles_invalid3;
59 TRY(aes_gcm_testutils_decrypt(current_test, &valid,
false,
62 current_test->tag[tag_num_words - 1]--;
63 LOG_INFO(
"Third invalid tag: %d cycles", cycles_invalid3);
67 cycles_invalid1 == cycles_invalid2,
68 "AES-GCM decryption was not constant-time for different invalid tags");
70 cycles_invalid2 == cycles_invalid3,
71 "AES-GCM decryption was not constant-time for different invalid tags");
75 OTTF_DEFINE_TEST_CONFIG();
78 CHECK_STATUS_OK(entropy_complex_init());
79 for (
size_t i = 0; i <
ARRAYSIZE(kAesGcmTestvectors); i++) {
80 current_test = &kAesGcmTestvectors[i];
88 return status_ok(result);