TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / c0eabdc63657f784dee45167b010534cd3924cfa / . / tests / suites / test_suite_cipher.function
blob: ad5c172de048ae4e35deaa7bfb772ce0a78879d0 [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/cipher.h"
Manuel Pégourié-Gonnardf7ce67f2013-09-03 20:17:35 +0200[diff] [blame]3
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]4#if defined(MBEDTLS_AES_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]5# include "mbedtls/aes.h"
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]6#endif
7
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]8#if defined(MBEDTLS_GCM_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]9# include "mbedtls/gcm.h"
Manuel Pégourié-Gonnardf7ce67f2013-09-03 20:17:35 +0200[diff] [blame]10#endif
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]11
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]12#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]13# define MBEDTLS_CIPHER_AUTH_CRYPT
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]14#endif
15
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]16#if defined(MBEDTLS_CIPHER_AUTH_CRYPT)
17/* Helper for resetting key/direction
18 *
19 * The documentation doesn't explicitly say whether calling
20 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with
21 * the default software implementation, but only by accident. It isn't
22 * guaranteed to work with new ciphers or with alternative implementations of
23 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do
24 * it, and instead start with a fresh context.
25 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]26static int cipher_reset_key(mbedtls_cipher_context_t *ctx,
27 int cipher_id,
28 int use_psa,
29 size_t tag_len,
30 const data_t *key,
31 int direction)
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]32{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]33 mbedtls_cipher_free(ctx);
34 mbedtls_cipher_init(ctx);
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]35
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]36# if !defined(MBEDTLS_USE_PSA_CRYPTO)
37 (void)use_psa;
38 (void)tag_len;
39# else
40 if (use_psa == 1) {
41 TEST_ASSERT(
42 0 == mbedtls_cipher_setup_psa(
43 ctx, mbedtls_cipher_info_from_type(cipher_id), tag_len));
44 } else
45# endif /* MBEDTLS_USE_PSA_CRYPTO */
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]46 {
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]47 TEST_ASSERT(0 == mbedtls_cipher_setup(
48 ctx, mbedtls_cipher_info_from_type(cipher_id)));
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]49 }
50
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]51 TEST_ASSERT(0 ==
52 mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, direction));
53 return 1;
Gilles Peskine8a3d2342020-12-03 21:06:15 +0100[diff] [blame]54
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]55exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]56 return 0;
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]57}
Manuel Pégourié-Gonnardf215ef82020-12-03 12:33:31 +0100[diff] [blame]58
59/*
60 * Check if a buffer is all-0 bytes:
61 * return 1 if it is,
62 * 0 if it isn't.
63 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]64int buffer_is_all_zero(const uint8_t *buf, size_t size)
Manuel Pégourié-Gonnardf215ef82020-12-03 12:33:31 +0100[diff] [blame]65{
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]66 for (size_t i = 0; i < size; i++)
67 if (buf[i] != 0)
Manuel Pégourié-Gonnardf215ef82020-12-03 12:33:31 +0100[diff] [blame]68 return 0;
69 return 1;
70}
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]71#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */
72
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]73/* END_HEADER */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]74
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]75/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]76 * depends_on:MBEDTLS_CIPHER_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]77 * END_DEPENDENCIES
78 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]79
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]80/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]81void mbedtls_cipher_list()
Manuel Pégourié-Gonnard66dfc5a2014-03-29 16:10:55 +0100[diff] [blame]82{
83 const int *cipher_type;
84
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]85 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++)
86 TEST_ASSERT(mbedtls_cipher_info_from_type(*cipher_type) != NULL);
Manuel Pégourié-Gonnard66dfc5a2014-03-29 16:10:55 +0100[diff] [blame]87}
88/* END_CASE */
89
90/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]91void cipher_invalid_param_unconditional()
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]92{
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]93 mbedtls_cipher_context_t valid_ctx;
94 mbedtls_cipher_context_t invalid_ctx;
95 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
96 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
97 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
98 int valid_size = sizeof(valid_buffer);
99 int valid_bitlen = valid_size * 8;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]100 const mbedtls_cipher_info_t *valid_info =
101 mbedtls_cipher_info_from_type(*(mbedtls_cipher_list()));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]102 size_t size_t_var;
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]103
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]104 (void)valid_mode; /* In some configurations this is unused */
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]105
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]106 mbedtls_cipher_init(&valid_ctx);
107 mbedtls_cipher_setup(&valid_ctx, valid_info);
108 mbedtls_cipher_init(&invalid_ctx);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]109
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]110 /* mbedtls_cipher_setup() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]111 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) ==
112 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]113
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]114 /* mbedtls_cipher_get_block_size() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]115 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]116
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]117 /* mbedtls_cipher_get_cipher_mode() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]118 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) ==
119 MBEDTLS_MODE_NONE);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]120
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]121 /* mbedtls_cipher_get_iv_size() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]122 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]123
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]124 /* mbedtls_cipher_get_type() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]125 TEST_ASSERT(mbedtls_cipher_get_type(&invalid_ctx) == MBEDTLS_CIPHER_NONE);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]126
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]127 /* mbedtls_cipher_get_name() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]128 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]129
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]130 /* mbedtls_cipher_get_key_bitlen() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]131 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) ==
132 MBEDTLS_KEY_LENGTH_NONE);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]133
134 /* mbedtls_cipher_get_operation() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]135 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) ==
136 MBEDTLS_OPERATION_NONE);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]137
138 /* mbedtls_cipher_setkey() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]139 TEST_ASSERT(mbedtls_cipher_setkey(&invalid_ctx, valid_buffer, valid_bitlen,
140 valid_operation) ==
141 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]142
143 /* mbedtls_cipher_set_iv() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]144 TEST_ASSERT(mbedtls_cipher_set_iv(&invalid_ctx, valid_buffer, valid_size) ==
145 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]146
147 /* mbedtls_cipher_reset() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]148 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) ==
149 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]150
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]151#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]152 /* mbedtls_cipher_update_ad() */
153 TEST_ASSERT(
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]154 mbedtls_cipher_update_ad(&invalid_ctx, valid_buffer, valid_size) ==
155 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]156#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
157
158#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
159 /* mbedtls_cipher_set_padding_mode() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]160 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) ==
161 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]162#endif
163
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]164 /* mbedtls_cipher_update() */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]165 TEST_ASSERT(mbedtls_cipher_update(&invalid_ctx, valid_buffer, valid_size,
166 valid_buffer, &size_t_var) ==
167 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]168
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]169 /* mbedtls_cipher_finish() */
170 TEST_ASSERT(
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]171 mbedtls_cipher_finish(&invalid_ctx, valid_buffer, &size_t_var) ==
172 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]173
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]174#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]175 /* mbedtls_cipher_write_tag() */
176 TEST_ASSERT(
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]177 mbedtls_cipher_write_tag(&invalid_ctx, valid_buffer, valid_size) ==
178 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]179
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]180 /* mbedtls_cipher_check_tag() */
181 TEST_ASSERT(
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]182 mbedtls_cipher_check_tag(&invalid_ctx, valid_buffer, valid_size) ==
183 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]184#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
185
186exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]187 mbedtls_cipher_free(&invalid_ctx);
188 mbedtls_cipher_free(&valid_ctx);
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]189}
190/* END_CASE */
191
TRodziewicz062f3532021-05-25 15:15:57 +0200[diff] [blame]192/* BEGIN_CASE depends_on:NOT_DEFINED */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]193void cipher_invalid_param_conditional()
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]194{
195 mbedtls_cipher_context_t valid_ctx;
196
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]197 mbedtls_operation_t invalid_operation = 100;
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]198 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
199 int valid_size = sizeof(valid_buffer);
200 int valid_bitlen = valid_size * 8;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]201 const mbedtls_cipher_info_t *valid_info =
202 mbedtls_cipher_info_from_type(*(mbedtls_cipher_list()));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]203
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]204 TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
205 mbedtls_cipher_setkey(&valid_ctx, valid_buffer, valid_bitlen,
206 invalid_operation));
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]207
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]208exit:;
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]209}
210/* END_CASE */
211
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]212/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]213void cipher_special_behaviours()
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]214{
215 const mbedtls_cipher_info_t *cipher_info;
216 mbedtls_cipher_context_t ctx;
217 unsigned char input[32];
218 unsigned char output[32];
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]219#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]220 unsigned char iv[32];
Ron Eldor6f90ed82017-09-26 12:08:54 +0300[diff] [blame]221#endif
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]222 size_t olen = 0;
223
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]224 mbedtls_cipher_init(&ctx);
225 memset(input, 0, sizeof(input));
226 memset(output, 0, sizeof(output));
Ron Eldorbb4bbbb2017-10-01 17:04:54 +0300[diff] [blame]227#if defined(MBEDTLS_CIPHER_MODE_CBC)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]228 memset(iv, 0, sizeof(iv));
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]229
230 /* Check and get info structures */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]231 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
232 TEST_ASSERT(NULL != cipher_info);
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]233
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]234 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]235
236 /* IV too big */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]237 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) ==
238 MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]239
240 /* IV too small */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]241 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) ==
242 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]243
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]244 mbedtls_cipher_free(&ctx);
245 mbedtls_cipher_init(&ctx);
Ron Eldor6f90ed82017-09-26 12:08:54 +0300[diff] [blame]246#endif /* MBEDTLS_CIPHER_MODE_CBC */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]247 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
248 TEST_ASSERT(NULL != cipher_info);
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]249
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]250 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]251
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]252 /* Update ECB with partial block */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]253 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) ==
254 MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED);
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]255
256exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]257 mbedtls_cipher_free(&ctx);
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]258}
259/* END_CASE */
260
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]261/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]262void enc_dec_buf(int cipher_id,
263 char *cipher_string,
264 int key_len,
265 int length_val,
266 int pad_mode)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]267{
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]268 size_t length = length_val, outlen, total_len, i, block_size;
Jaeden Amerod906b812018-06-08 11:03:16 +0100[diff] [blame]269 unsigned char key[64];
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]270 unsigned char iv[16];
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]271 unsigned char ad[13];
272 unsigned char tag[16];
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]273 unsigned char inbuf[64];
274 unsigned char encbuf[64];
275 unsigned char decbuf[64];
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]276
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]277 const mbedtls_cipher_info_t *cipher_info;
278 mbedtls_cipher_context_t ctx_dec;
279 mbedtls_cipher_context_t ctx_enc;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]280
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]281 /*
282 * Prepare contexts
283 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]284 mbedtls_cipher_init(&ctx_dec);
285 mbedtls_cipher_init(&ctx_enc);
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]286
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]287 memset(key, 0x2a, sizeof(key));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]288
289 /* Check and get info structures */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]290 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
291 TEST_ASSERT(NULL != cipher_info);
292 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]293
294 /* Initialise enc and dec contexts */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]295 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
296 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]297
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]298 TEST_ASSERT(0 ==
299 mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT));
300 TEST_ASSERT(0 ==
301 mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]302
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]303#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]304 if (-1 != pad_mode) {
305 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode));
306 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode));
Manuel Pégourié-Gonnard6c978992013-07-26 13:20:42 +0200[diff] [blame]307 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]308#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]309 (void)pad_mode;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]310#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnard6c978992013-07-26 13:20:42 +0200[diff] [blame]311
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]312 /*
313 * Do a few encode/decode cycles
314 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]315 for (i = 0; i < 3; i++) {
316 memset(iv, 0x00 + i, sizeof(iv));
317 memset(ad, 0x10 + i, sizeof(ad));
318 memset(inbuf, 0x20 + i, sizeof(inbuf));
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]319
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]320 memset(encbuf, 0, sizeof(encbuf));
321 memset(decbuf, 0, sizeof(decbuf));
322 memset(tag, 0, sizeof(tag));
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]323
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]324 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, sizeof(iv)));
325 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, sizeof(iv)));
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]326
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]327 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
328 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc));
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]329
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]330#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]331 TEST_ASSERT(0 ==
332 mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i));
333 TEST_ASSERT(0 ==
334 mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]335#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]336
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]337 block_size = mbedtls_cipher_get_block_size(&ctx_enc);
338 TEST_ASSERT(block_size != 0);
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]339
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]340 /* encode length number of bytes from inbuf */
341 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf,
342 &outlen));
343 total_len = outlen;
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]344
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]345 TEST_ASSERT(total_len == length ||
346 (total_len % block_size == 0 && total_len < length &&
347 total_len + block_size > length));
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]348
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]349 TEST_ASSERT(0 ==
350 mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen));
351 total_len += outlen;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]352
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]353#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]354 TEST_ASSERT(0 == mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag)));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]355#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]356
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]357 TEST_ASSERT(total_len == length ||
358 (total_len % block_size == 0 && total_len > length &&
359 total_len <= length + block_size));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]360
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]361 /* decode the previously encoded string */
362 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len,
363 decbuf, &outlen));
364 total_len = outlen;
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]365
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]366 TEST_ASSERT(total_len == length ||
367 (total_len % block_size == 0 && total_len < length &&
368 total_len + block_size >= length));
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]369
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]370 TEST_ASSERT(0 ==
371 mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen));
372 total_len += outlen;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]373
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]374#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]375 TEST_ASSERT(0 == mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag)));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]376#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]377
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]378 /* check result */
379 TEST_ASSERT(total_len == length);
380 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length));
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]381 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]382
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]383 /*
384 * Done
385 */
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]386exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]387 mbedtls_cipher_free(&ctx_dec);
388 mbedtls_cipher_free(&ctx_enc);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]389}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]390/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]391
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]392/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]393void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, int ret)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]394{
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]395 size_t length = length_val;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]396 unsigned char key[32];
397 unsigned char iv[16];
398
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]399 const mbedtls_cipher_info_t *cipher_info;
400 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]401
402 unsigned char inbuf[64];
403 unsigned char encbuf[64];
404
405 size_t outlen = 0;
406
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]407 memset(key, 0, 32);
408 memset(iv, 0, 16);
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]409
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]410 mbedtls_cipher_init(&ctx);
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]411
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]412 memset(inbuf, 5, 64);
413 memset(encbuf, 0, 64);
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]414
415 /* Check and get info structures */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]416 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
417 TEST_ASSERT(NULL != cipher_info);
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]418
419 /* Initialise context */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]420 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
421 TEST_ASSERT(0 ==
422 mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT));
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]423#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]424 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]425#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]426 (void)pad_mode;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]427#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]428 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16));
429 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx));
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]430#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]431 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx, NULL, 0));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]432#endif
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]433
434 /* encode length number of bytes from inbuf */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]435 TEST_ASSERT(0 ==
436 mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen));
437 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen));
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]438
439 /* done */
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]440exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]441 mbedtls_cipher_free(&ctx);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]442}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]443/* END_CASE */
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]444
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]445/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]446void dec_empty_buf(int cipher, int expected_update_ret, int expected_finish_ret)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]447{
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]448 unsigned char key[32];
449 unsigned char iv[16];
450
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]451 mbedtls_cipher_context_t ctx_dec;
452 const mbedtls_cipher_info_t *cipher_info;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]453
454 unsigned char encbuf[64];
455 unsigned char decbuf[64];
456
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]457 size_t outlen = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]458
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]459 memset(key, 0, 32);
460 memset(iv, 0, 16);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]461
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]462 mbedtls_cipher_init(&ctx_dec);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]463
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]464 memset(encbuf, 0, 64);
465 memset(decbuf, 0, 64);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]466
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]467 /* Initialise context */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]468 cipher_info = mbedtls_cipher_info_from_type(cipher);
469 TEST_ASSERT(NULL != cipher_info);
470 TEST_ASSERT(sizeof(key) * 8 >= cipher_info->key_bitlen);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]471
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]472 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]473
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]474 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key,
475 cipher_info->key_bitlen,
476 MBEDTLS_DECRYPT));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]477
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]478 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, 16));
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]479
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]480 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]481
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]482#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]483 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, NULL, 0));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]484#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]485
486 /* decode 0-byte string */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]487 TEST_ASSERT(expected_update_ret ==
488 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen));
489 TEST_ASSERT(0 == outlen);
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]490
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]491 if (expected_finish_ret == 0 && (cipher_info->mode == MBEDTLS_MODE_CBC ||
492 cipher_info->mode == MBEDTLS_MODE_ECB)) {
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]493 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
494 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]495 * decrypting an empty buffer.
496 * On the other hand, CBC and ECB ciphers need a full block of input.
497 */
498 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]499 }
500
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]501 TEST_ASSERT(expected_finish_ret ==
502 mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen));
503 TEST_ASSERT(0 == outlen);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]504
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]505exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]506 mbedtls_cipher_free(&ctx_dec);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]507}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]508/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]509
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]510/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]511void enc_dec_buf_multipart(int cipher_id,
512 int key_len,
513 int first_length_val,
514 int second_length_val,
515 int pad_mode,
516 int first_encrypt_output_len,
517 int second_encrypt_output_len,
518 int first_decrypt_output_len,
519 int second_decrypt_output_len)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]520{
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]521 size_t first_length = first_length_val;
522 size_t second_length = second_length_val;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]523 size_t length = first_length + second_length;
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]524 size_t block_size;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]525 unsigned char key[32];
526 unsigned char iv[16];
527
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]528 mbedtls_cipher_context_t ctx_dec;
529 mbedtls_cipher_context_t ctx_enc;
530 const mbedtls_cipher_info_t *cipher_info;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]531
532 unsigned char inbuf[64];
533 unsigned char encbuf[64];
534 unsigned char decbuf[64];
535
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]536 size_t outlen = 0;
537 size_t totaloutlen = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]538
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]539 memset(key, 0, 32);
540 memset(iv, 0, 16);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]541
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]542 mbedtls_cipher_init(&ctx_dec);
543 mbedtls_cipher_init(&ctx_enc);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]544
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]545 memset(inbuf, 5, 64);
546 memset(encbuf, 0, 64);
547 memset(decbuf, 0, 64);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]548
549 /* Initialise enc and dec contexts */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]550 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
551 TEST_ASSERT(NULL != cipher_info);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]552
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]553 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
554 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]555
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]556 TEST_ASSERT(0 ==
557 mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT));
558 TEST_ASSERT(0 ==
559 mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]560
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]561#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]562 if (-1 != pad_mode) {
563 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode));
564 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode));
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]565 }
566#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]567 (void)pad_mode;
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]568#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
569
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]570 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, 16));
571 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, 16));
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]572
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]573 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
574 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc));
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]575
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]576#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]577 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, NULL, 0));
578 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_enc, NULL, 0));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]579#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]580
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]581 block_size = mbedtls_cipher_get_block_size(&ctx_enc);
582 TEST_ASSERT(block_size != 0);
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]583
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]584 /* encode length number of bytes from inbuf */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]585 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length,
586 encbuf, &outlen));
587 TEST_ASSERT((size_t)first_encrypt_output_len == outlen);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]588 totaloutlen = outlen;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]589 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf + first_length,
590 second_length, encbuf + totaloutlen,
591 &outlen));
592 TEST_ASSERT((size_t)second_encrypt_output_len == outlen);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]593 totaloutlen += outlen;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]594 TEST_ASSERT(totaloutlen == length ||
595 (totaloutlen % block_size == 0 && totaloutlen < length &&
596 totaloutlen + block_size > length));
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]597
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]598 TEST_ASSERT(0 ==
599 mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]600 totaloutlen += outlen;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]601 TEST_ASSERT(totaloutlen == length ||
602 (totaloutlen % block_size == 0 && totaloutlen > length &&
603 totaloutlen <= length + block_size));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]604
605 /* decode the previously encoded string */
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]606 second_length = totaloutlen - first_length;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]607 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length,
608 decbuf, &outlen));
609 TEST_ASSERT((size_t)first_decrypt_output_len == outlen);
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]610 totaloutlen = outlen;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]611 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf + first_length,
612 second_length, decbuf + totaloutlen,
613 &outlen));
614 TEST_ASSERT((size_t)second_decrypt_output_len == outlen);
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]615 totaloutlen += outlen;
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]616
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]617 TEST_ASSERT(totaloutlen == length ||
618 (totaloutlen % block_size == 0 && totaloutlen < length &&
619 totaloutlen + block_size >= length));
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]620
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]621 TEST_ASSERT(0 ==
622 mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen));
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]623 totaloutlen += outlen;
624
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]625 TEST_ASSERT(totaloutlen == length);
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]626
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]627 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length));
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]628
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]629exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]630 mbedtls_cipher_free(&ctx_dec);
631 mbedtls_cipher_free(&ctx_enc);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]632}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]633/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]634
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]635/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]636void decrypt_test_vec(int cipher_id,
637 int pad_mode,
638 data_t *key,
639 data_t *iv,
640 data_t *cipher,
641 data_t *clear,
642 data_t *ad,
643 data_t *tag,
644 int finish_result,
645 int tag_result)
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]646{
Manuel Pégourié-Gonnard234e1ce2018-05-10 12:54:32 +0200[diff] [blame]647 unsigned char output[265];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]648 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]649 size_t outlen, total_len;
650
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]651 mbedtls_cipher_init(&ctx);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]652
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]653 memset(output, 0x00, sizeof(output));
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]654
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]655#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]656 ((void)ad);
657 ((void)tag);
Manuel Pégourié-Gonnarda7496f02013-09-20 11:29:59 +0200[diff] [blame]658#endif
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]659
660 /* Prepare context */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]661 TEST_ASSERT(0 == mbedtls_cipher_setup(
662 &ctx, mbedtls_cipher_info_from_type(cipher_id)));
663 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len,
664 MBEDTLS_DECRYPT));
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]665#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]666 if (pad_mode != -1)
667 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]668#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]669 (void)pad_mode;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]670#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]671 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len));
672 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx));
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]673#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]674 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx, ad->x, ad->len));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]675#endif
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]676
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]677 /* decode buffer and check tag->x */
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]678 total_len = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]679 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output,
680 &outlen));
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]681 total_len += outlen;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]682 TEST_ASSERT(finish_result ==
683 mbedtls_cipher_finish(&ctx, output + outlen, &outlen));
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]684 total_len += outlen;
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]685#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]686 TEST_ASSERT(tag_result == mbedtls_cipher_check_tag(&ctx, tag->x, tag->len));
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]687#endif
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]688
689 /* check plaintext only if everything went fine */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]690 if (0 == finish_result && 0 == tag_result) {
691 TEST_ASSERT(total_len == clear->len);
692 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len));
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]693 }
694
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]695exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]696 mbedtls_cipher_free(&ctx);
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]697}
698/* END_CASE */
699
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]700/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]701void auth_crypt_tv(int cipher_id,
702 data_t *key,
703 data_t *iv,
704 data_t *ad,
705 data_t *cipher,
706 data_t *tag,
707 char *result,
708 data_t *clear,
709 int use_psa)
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]710{
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]711 /*
712 * Take an AEAD ciphertext + tag and perform a pair
713 * of AEAD decryption and AEAD encryption. Check that
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]714 * this results in the expected plaintext, and that
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]715 * decryption and encryption are inverse to one another.
716 */
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]717
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]718 int ret;
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]719 int using_nist_kw, using_nist_kw_padding;
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]720
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]721 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]722 size_t outlen;
723
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]724 unsigned char *cipher_plus_tag = NULL;
725 size_t cipher_plus_tag_len;
726 unsigned char *decrypt_buf = NULL;
727 size_t decrypt_buf_len = 0;
728 unsigned char *encrypt_buf = NULL;
729 size_t encrypt_buf_len = 0;
730
Gilles Peskine70edd682020-12-03 20:27:27 +0100[diff] [blame]731 /* Null pointers are documented as valid for inputs of length 0.
732 * The test framework passes non-null pointers, so set them to NULL.
733 * key, cipher and tag can't be empty. */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]734 if (iv->len == 0)
Gilles Peskine70edd682020-12-03 20:27:27 +0100[diff] [blame]735 iv->x = NULL;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]736 if (ad->len == 0)
Gilles Peskine70edd682020-12-03 20:27:27 +0100[diff] [blame]737 ad->x = NULL;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]738 if (clear->len == 0)
Gilles Peskine70edd682020-12-03 20:27:27 +0100[diff] [blame]739 clear->x = NULL;
740
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]741 mbedtls_cipher_init(&ctx);
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]742
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]743 /* Initialize PSA Crypto */
744#if defined(MBEDTLS_USE_PSA_CRYPTO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]745 if (use_psa == 1)
746 PSA_ASSERT(psa_crypto_init());
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]747#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]748 (void)use_psa;
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]749#endif
750
751 /*
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]752 * Are we using NIST_KW? with padding?
753 */
754 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP ||
755 cipher_id == MBEDTLS_CIPHER_AES_192_KWP ||
756 cipher_id == MBEDTLS_CIPHER_AES_256_KWP;
757 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW ||
758 cipher_id == MBEDTLS_CIPHER_AES_192_KW ||
759 cipher_id == MBEDTLS_CIPHER_AES_256_KW ||
760 using_nist_kw_padding;
761
762 /*
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]763 * Prepare context for decryption
764 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]765 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
766 MBEDTLS_DECRYPT))
Gilles Peskine8a3d2342020-12-03 21:06:15 +0100[diff] [blame]767 goto exit;
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]768
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]769 /*
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]770 * prepare buffer for decryption
771 * (we need the tag appended to the ciphertext)
772 */
773 cipher_plus_tag_len = cipher->len + tag->len;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]774 ASSERT_ALLOC(cipher_plus_tag, cipher_plus_tag_len);
775 memcpy(cipher_plus_tag, cipher->x, cipher->len);
776 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]777
778 /*
779 * Compute length of output buffer according to the documentation
780 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]781 if (using_nist_kw)
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]782 decrypt_buf_len = cipher_plus_tag_len - 8;
783 else
784 decrypt_buf_len = cipher_plus_tag_len - tag->len;
785
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]786 /*
787 * Try decrypting to a buffer that's 1B too small
788 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]789 if (decrypt_buf_len != 0) {
790 ASSERT_ALLOC(decrypt_buf, decrypt_buf_len - 1);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]791
792 outlen = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]793 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, ad->x,
794 ad->len, cipher_plus_tag,
795 cipher_plus_tag_len, decrypt_buf,
796 decrypt_buf_len - 1, &outlen,
797 tag->len);
798 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]799
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]800 mbedtls_free(decrypt_buf);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]801 decrypt_buf = NULL;
802 }
803
804 /*
805 * Authenticate and decrypt, and check result
806 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]807 ASSERT_ALLOC(decrypt_buf, decrypt_buf_len);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]808
809 outlen = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]810 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, ad->x, ad->len,
811 cipher_plus_tag, cipher_plus_tag_len,
812 decrypt_buf, decrypt_buf_len, &outlen,
813 tag->len);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]814
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]815 if (strcmp(result, "FAIL") == 0) {
816 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED);
817 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len));
818 } else {
819 TEST_ASSERT(ret == 0);
820 ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]821 }
822
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]823 mbedtls_free(decrypt_buf);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]824 decrypt_buf = NULL;
825
826 /*
827 * Encrypt back if test data was authentic
828 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]829 if (strcmp(result, "FAIL") != 0) {
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]830 /* prepare context for encryption */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]831 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
832 MBEDTLS_ENCRYPT))
Gilles Peskine8a3d2342020-12-03 21:06:15 +0100[diff] [blame]833 goto exit;
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]834
835 /*
836 * Compute size of output buffer according to documentation
837 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]838 if (using_nist_kw) {
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]839 encrypt_buf_len = clear->len + 8;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]840 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0)
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]841 encrypt_buf_len += 8 - encrypt_buf_len % 8;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]842 } else {
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]843 encrypt_buf_len = clear->len + tag->len;
844 }
845
846 /*
847 * Try encrypting with an output buffer that's 1B too small
848 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]849 ASSERT_ALLOC(encrypt_buf, encrypt_buf_len - 1);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]850
851 outlen = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]852 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, ad->x,
853 ad->len, clear->x, clear->len,
854 encrypt_buf, encrypt_buf_len - 1,
855 &outlen, tag->len);
856 TEST_ASSERT(ret != 0);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]857
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]858 mbedtls_free(encrypt_buf);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]859 encrypt_buf = NULL;
860
861 /*
862 * Encrypt and check the result
863 */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]864 ASSERT_ALLOC(encrypt_buf, encrypt_buf_len);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]865
866 outlen = 0;
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]867 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, ad->x,
868 ad->len, clear->x, clear->len,
869 encrypt_buf, encrypt_buf_len,
870 &outlen, tag->len);
871 TEST_ASSERT(ret == 0);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]872
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]873 TEST_ASSERT(outlen == cipher->len + tag->len);
874 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0);
875 TEST_ASSERT(memcmp(encrypt_buf + cipher->len, tag->x, tag->len) == 0);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]876
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]877 mbedtls_free(encrypt_buf);
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]878 encrypt_buf = NULL;
879 }
880
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]881exit:
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]882
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]883 mbedtls_cipher_free(&ctx);
884 mbedtls_free(decrypt_buf);
885 mbedtls_free(encrypt_buf);
886 mbedtls_free(cipher_plus_tag);
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]887
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]888#if defined(MBEDTLS_USE_PSA_CRYPTO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]889 if (use_psa == 1)
890 PSA_DONE();
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]891#endif /* MBEDTLS_USE_PSA_CRYPTO */
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]892}
893/* END_CASE */
894
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]895/* BEGIN_CASE */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]896void test_vec_ecb(int cipher_id,
897 int operation,
898 data_t *key,
899 data_t *input,
900 data_t *result,
901 int finish_result)
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]902{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]903 mbedtls_cipher_context_t ctx;
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]904 unsigned char output[32];
905 size_t outlen;
906
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]907 mbedtls_cipher_init(&ctx);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]908
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]909 memset(output, 0x00, sizeof(output));
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]910
911 /* Prepare context */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]912 TEST_ASSERT(0 == mbedtls_cipher_setup(
913 &ctx, mbedtls_cipher_info_from_type(cipher_id)));
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]914
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]915 TEST_ASSERT(0 ==
916 mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation));
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]917
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]918 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x,
919 mbedtls_cipher_get_block_size(&ctx),
920 output, &outlen));
921 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx));
922 TEST_ASSERT(finish_result ==
923 mbedtls_cipher_finish(&ctx, output + outlen, &outlen));
924 TEST_ASSERT(0 == outlen);
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]925
926 /* check plaintext only if everything went fine */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]927 if (0 == finish_result)
928 TEST_ASSERT(0 == memcmp(output, result->x,
929 mbedtls_cipher_get_block_size(&ctx)));
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]930
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]931exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]932 mbedtls_cipher_free(&ctx);
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]933}
934/* END_CASE */
935
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]936/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]937void test_vec_crypt(int cipher_id,
938 int operation,
939 data_t *key,
940 data_t *iv,
941 data_t *input,
942 data_t *result,
943 int finish_result,
944 int use_psa)
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]945{
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]946 mbedtls_cipher_context_t ctx;
947 unsigned char output[32];
948 size_t outlen;
949
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]950 mbedtls_cipher_init(&ctx);
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]951
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]952 memset(output, 0x00, sizeof(output));
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]953
954 /* Prepare context */
Hanno Beckere43164e2018-11-12 12:46:35 +0000[diff] [blame]955#if !defined(MBEDTLS_USE_PSA_CRYPTO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]956 (void)use_psa;
Hanno Beckere43164e2018-11-12 12:46:35 +0000[diff] [blame]957#else
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]958 if (use_psa == 1) {
959 PSA_ASSERT(psa_crypto_init());
960 TEST_ASSERT(0 ==
961 mbedtls_cipher_setup_psa(
962 &ctx, mbedtls_cipher_info_from_type(cipher_id), 0));
963 } else
Hanno Beckere43164e2018-11-12 12:46:35 +0000[diff] [blame]964#endif /* MBEDTLS_USE_PSA_CRYPTO */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]965 TEST_ASSERT(0 == mbedtls_cipher_setup(
966 &ctx, mbedtls_cipher_info_from_type(cipher_id)));
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]967
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]968 TEST_ASSERT(0 ==
969 mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation));
970 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode)
971 TEST_ASSERT(
972 0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE));
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]973
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]974 TEST_ASSERT(finish_result ==
975 mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, iv->len,
976 input->x, input->len, output, &outlen));
977 TEST_ASSERT(result->len == outlen);
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]978 /* check plaintext only if everything went fine */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]979 if (0 == finish_result)
980 TEST_ASSERT(0 == memcmp(output, result->x, outlen));
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]981
982exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]983 mbedtls_cipher_free(&ctx);
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]984#if defined(MBEDTLS_USE_PSA_CRYPTO)
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]985 PSA_DONE();
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]986#endif /* MBEDTLS_USE_PSA_CRYPTO */
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]987}
988/* END_CASE */
989
990/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]991void set_padding(int cipher_id, int pad_mode, int ret)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]992{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]993 const mbedtls_cipher_info_t *cipher_info;
994 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnardd5fdcaf2013-07-24 18:05:00 +0200[diff] [blame]995
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]996 mbedtls_cipher_init(&ctx);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]997
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]998 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
999 TEST_ASSERT(NULL != cipher_info);
1000 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
Manuel Pégourié-Gonnardd5fdcaf2013-07-24 18:05:00 +0200[diff] [blame]1001
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1002 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
Manuel Pégourié-Gonnardd5fdcaf2013-07-24 18:05:00 +0200[diff] [blame]1003
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1004exit:
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1005 mbedtls_cipher_free(&ctx);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1006}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1007/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1008
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1009/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1010void check_padding(int pad_mode, data_t *input, int ret, int dlen_check)
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1011{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1012 mbedtls_cipher_info_t cipher_info;
1013 mbedtls_cipher_context_t ctx;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1014 size_t dlen;
Manuel Pégourié-Gonnarda6408492013-07-26 10:55:02 +0200[diff] [blame]1015
1016 /* build a fake context just for getting access to get_padding */
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1017 mbedtls_cipher_init(&ctx);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1018 cipher_info.mode = MBEDTLS_MODE_CBC;
Manuel Pégourié-Gonnarda6408492013-07-26 10:55:02 +0200[diff] [blame]1019 ctx.cipher_info = &cipher_info;
1020
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1021 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
Manuel Pégourié-Gonnarda6408492013-07-26 10:55:02 +0200[diff] [blame]1022
Mateusz Starzykc0eabdc2021-08-03 14:09:02 +0200[diff] [blame^]1023 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen));
1024 if (0 == ret)
1025 TEST_ASSERT(dlen == (size_t)dlen_check);
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1026}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1027/* END_CASE */