aes_gcm: Add counter test for max input/output length.

briansmith · briansmith · commit b35ad22fd763 · 2025-03-06T11:03:22.000-08:00
For *ring* 0.17.12, both of these tests pass for default release mode,
release mode with overflow-checks=true, and debug mode.

For prior releases, `test_aes_gcm_counter_blocks_max_minus_one` passes
in all three modes.

For prior releases, `test_aes_gcm_counter_blocks_max` passes in default
release mode:
```
$ cargo test --lib test_aes_gcm_counter_blocks --release
[snip]
test aead::aes::aes_gcm_tests::test_aes_gcm_counter_blocks_max ... ok
test aead::aes::aes_gcm_tests::test_aes_gcm_counter_blocks_max_minus_one ... ok
```
But fails when overflow checks are enabled (including debug mode):

```
$ RUSTFLAGS="-C overflow-checks=true" cargo test --lib test_aes_gcm_counter_blocks
[snip]
test aead::aes::aes_gcm_tests::test_aes_gcm_counter_blocks_max_minus_one ... ok
test aead::aes::aes_gcm_tests::test_aes_gcm_counter_blocks_max ... FAILED
```
diff --git a/src/aead/aes.rs b/src/aead/aes.rs
@@ -236,3 +236,41 @@ mod tests {
         Key::new(key, cpu::features()).unwrap()
     }
 }
+
+// These AES-GCM-specific tests are here instead of in `aes_gcm` because
+// `Counter`'s API isn't visible (enough) to aes_gcm.
+#[cfg(test)]
+mod aes_gcm_tests {
+    use super::{super::aes_gcm::MAX_IN_OUT_LEN, *};
+    use core::num::NonZeroU32;
+
+    #[test]
+    fn test_aes_gcm_counter_blocks_max() {
+        test_aes_gcm_counter_blocks(MAX_IN_OUT_LEN, &[0, 0, 0, 0]);
+    }
+
+    #[test]
+    fn test_aes_gcm_counter_blocks_max_minus_one() {
+        test_aes_gcm_counter_blocks(MAX_IN_OUT_LEN - BLOCK_LEN, &[0xff, 0xff, 0xff, 0xff]);
+    }
+
+    fn test_aes_gcm_counter_blocks(in_out_len: usize, expected_final_counter: &[u8; 4]) {
+        fn ctr32(ctr: &Counter) -> &[u8; 4] {
+            (&ctr.0[12..]).try_into().unwrap()
+        }
+
+        assert_eq!(in_out_len % BLOCK_LEN, 0);
+        let blocks = u32::try_from(in_out_len / BLOCK_LEN)
+            .ok()
+            .and_then(NonZeroU32::new)
+            .unwrap();
+
+        let nonce = Nonce::assume_unique_for_key([1; 12]);
+        let mut ctr = Counter::one(nonce);
+        assert_eq!(ctr32(&ctr), &[0, 0, 0, 1]);
+        let _tag_iv = ctr.increment();
+        assert_eq!(ctr32(&ctr), &[0, 0, 0, 2]);
+        ctr.increment_by_less_safe(blocks);
+        assert_eq!(ctr32(&ctr), expected_final_counter);
+    }
+}
