TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls.git / f1a7ea88d16cb3b3651a156e3b4838d8e67114e0 / . / tests / suites / test_suite_ccm.function
blob: a7ba0dea20508e8a61a0de370559efa74780dafd [file] [log] [blame]
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ccm.h"
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
7static int check_multipart( mbedtls_ccm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
20 size_t n2_add = add->len - n1_add;
21 size_t olen;
22
23 /* Sanity checks on the test data */
24 TEST_ASSERT( n1 <= input->len );
25 TEST_ASSERT( n1_add <= add->len );
26 TEST_EQUAL( input->len, expected_output->len );
27 TEST_EQUAL( 0, mbedtls_ccm_starts( ctx, mode, iv->x, iv->len ) );
28 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( ctx, add->len, input->len, tag->len ) );
29 TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x, n1_add) );
30 TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x + n1_add, n2_add ) );
31
32 /* Allocate a tight buffer for each update call. This way, if the function
33 * tries to write beyond the advertised required buffer size, this will
34 * count as an overflow for memory sanitizers and static checkers. */
35 ASSERT_ALLOC( output, n1 );
36 olen = 0xdeadbeef;
37 TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x, n1, output, n1, &olen ) );
38 TEST_EQUAL( n1, olen );
39 ASSERT_COMPARE( output, olen, expected_output->x, n1 );
40 mbedtls_free( output );
41 output = NULL;
42
43 ASSERT_ALLOC( output, n2 );
44 olen = 0xdeadbeef;
45 TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x + n1, n2, output, n2, &olen ) );
46 TEST_EQUAL( n2, olen );
47 ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 );
48 mbedtls_free( output );
49 output = NULL;
50
Mateusz Starzykc8bdf362021-07-28 15:39:51 +0200[diff] [blame]51 ASSERT_ALLOC( output, tag->len );
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]52 TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) );
53 ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
54 mbedtls_free( output );
55 output = NULL;
56
57 ok = 1;
58exit:
59 mbedtls_free( output );
60 return( ok );
61}
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]62/* END_HEADER */
63
64/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]65 * depends_on:MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]66 * END_DEPENDENCIES
67 */
68
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]70void mbedtls_ccm_self_test( )
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]71{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]72 TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 );
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]73}
74/* END_CASE */
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]75
76/* BEGIN_CASE */
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]77void mbedtls_ccm_setkey( int cipher_id, int key_size, int result )
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]78{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]80 unsigned char key[32];
81 int ret;
82
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]83 mbedtls_ccm_init( &ctx );
84
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]85 memset( key, 0x2A, sizeof( key ) );
86 TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
87
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]88 ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size );
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]89 TEST_ASSERT( ret == result );
90
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]91exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92 mbedtls_ccm_free( &ctx );
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]93}
94/* END_CASE */
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]95
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]96/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]97void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res )
98{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]100 unsigned char key[16];
101 unsigned char msg[10];
102 unsigned char iv[14];
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]103 unsigned char *add = NULL;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]104 unsigned char out[10];
105 unsigned char tag[18];
106 int decrypt_ret;
107
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]108 mbedtls_ccm_init( &ctx );
109
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]110 ASSERT_ALLOC_WEAK( add, add_len );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]111 memset( key, 0, sizeof( key ) );
112 memset( msg, 0, sizeof( msg ) );
113 memset( iv, 0, sizeof( iv ) );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]114 memset( out, 0, sizeof( out ) );
115 memset( tag, 0, sizeof( tag ) );
116
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]117 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]118 key, 8 * sizeof( key ) ) == 0 );
119
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]120 TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]121 msg, out, tag, tag_len ) == res );
122
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]123 decrypt_ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]124 msg, out, tag, tag_len );
125
126 if( res == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]128 else
129 TEST_ASSERT( decrypt_ret == res );
130
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]131exit:
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]132 mbedtls_free( add );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]133 mbedtls_ccm_free( &ctx );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]134}
135/* END_CASE */
136
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]137/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
138void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len,
139 int res )
140{
141 mbedtls_ccm_context ctx;
142 unsigned char key[16];
143 unsigned char msg[10];
144 unsigned char iv[14];
145 unsigned char add[10];
146 unsigned char out[10];
147 unsigned char tag[18];
148 int decrypt_ret;
149
150 mbedtls_ccm_init( &ctx );
151
152 memset( key, 0, sizeof( key ) );
153 memset( msg, 0, sizeof( msg ) );
154 memset( iv, 0, sizeof( iv ) );
155 memset( add, 0, sizeof( add ) );
156 memset( out, 0, sizeof( out ) );
157 memset( tag, 0, sizeof( tag ) );
158
159 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
160 key, 8 * sizeof( key ) ) == 0 );
161
162 TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
163 add, add_len, msg, out, tag, tag_len ) == res );
164
165 decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add,
166 add_len, msg, out, tag, tag_len );
167
168 if( res == 0 && tag_len != 0 )
169 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
170 else
171 TEST_ASSERT( decrypt_ret == res );
172
173exit:
174 mbedtls_ccm_free( &ctx );
175}
176/* END_CASE */
177
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]178/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]179void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
180 data_t * msg, data_t * iv,
181 data_t * add, data_t * result )
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]182{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]183 mbedtls_ccm_context ctx;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]184 size_t n1, n1_add;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]185 uint8_t* io_msg_buf = NULL;
186 uint8_t* tag_buf = NULL;
187 const size_t expected_tag_len = result->len - msg->len;
188 const uint8_t* expected_tag = result->x + msg->len;
189
190 /* Prepare input/output message buffer */
191 ASSERT_ALLOC( io_msg_buf, msg->len );
192 if( msg->len != 0 )
193 memcpy( io_msg_buf, msg->x, msg->len );
194
195 /* Prepare tag buffer */
196 ASSERT_ALLOC( tag_buf, expected_tag_len );
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]197
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]198 mbedtls_ccm_init( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]199 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]200 /* Test with input == output */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]201 TEST_EQUAL( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
202 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len ), 0);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]203
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]204 ASSERT_COMPARE( io_msg_buf, msg->len, result->x, msg->len );
205 ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]206
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]207 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]208 const data_t encrypted_expected = { .x = result->x,
209 .len = msg->len };
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]210 const data_t tag_expected = { .x = (uint8_t*) expected_tag, /* cast to conform with data_t x type */
211 .len = expected_tag_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]212
213 for( n1 = 0; n1 <= msg->len; n1 += 1 )
214 {
215 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
216 {
217 mbedtls_test_set_step( n1 * 10000 + n1_add );
218 if( !check_multipart( &ctx, MBEDTLS_CCM_ENCRYPT,
219 iv, add, msg,
220 &encrypted_expected,
221 &tag_expected,
222 n1, n1_add ) )
223 goto exit;
224 }
225 }
226
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]227exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228 mbedtls_ccm_free( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]229 mbedtls_free( io_msg_buf );
230 mbedtls_free( tag_buf );
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]231}
232/* END_CASE */
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]233
234/* BEGIN_CASE */
Mateusz Starzyked71e922021-10-21 10:04:57 +0200[diff] [blame]235void mbedtls_ccm_star_no_tag( int cipher_id, int mode, data_t * key,
236 data_t * msg, data_t * iv, data_t * result )
237{
238 mbedtls_ccm_context ctx;
239 uint8_t *output = NULL;
240 size_t olen;
241
242 mbedtls_ccm_init( &ctx );
243 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
244 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
245 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, 0 ) );
246
247 ASSERT_ALLOC( output, msg->len );
248 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
249 TEST_EQUAL( result->len, olen );
250 ASSERT_COMPARE( output, olen, result->x, result->len );
251
252 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, NULL, 0 ) );
253exit:
254 mbedtls_free(output);
255 mbedtls_ccm_free( &ctx );
256}
257/* END_CASE */
258
259/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]260void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
261 data_t * msg, data_t * iv,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]262 data_t * add, int expected_tag_len, int result,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]263 data_t * expected_msg )
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]264{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]265 mbedtls_ccm_context ctx;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]266 size_t n1, n1_add;
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]267
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]268 const size_t expected_msg_len = msg->len - expected_tag_len;
269 const uint8_t* expected_tag = msg->x + expected_msg_len;
270
271 /* Prepare input/output message buffer */
272 uint8_t* io_msg_buf = NULL;
273 ASSERT_ALLOC( io_msg_buf, expected_msg_len );
274 if( expected_msg_len )
275 memcpy( io_msg_buf, msg->x, expected_msg_len );
276
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]277 mbedtls_ccm_init( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]278 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]279 /* Test with input == output */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]280 TEST_EQUAL( mbedtls_ccm_auth_decrypt( &ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
281 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len ), result );
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]282
Mohammad Azim Khancfd83422018-06-26 18:15:18 +0100[diff] [blame]283 if( result == 0 )
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]284 {
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]285 ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len );
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]286
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]287 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]288 const data_t encrypted = { .x = msg->x,
289 .len = expected_msg_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]290
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]291 const data_t tag_expected = { .x = (uint8_t*) expected_tag,
292 .len = expected_tag_len };
293
294 for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]295 {
296 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
297 {
298 mbedtls_test_set_step( n1 * 10000 + n1_add );
299 if( !check_multipart( &ctx, MBEDTLS_CCM_DECRYPT,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]300 iv, add, &encrypted,
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]301 expected_msg,
302 &tag_expected,
303 n1, n1_add ) )
304 goto exit;
305 }
306 }
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]307 }
308 else
309 {
310 size_t i;
311
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]312 for( i = 0; i < expected_msg_len; i++ )
313 TEST_EQUAL( io_msg_buf[i], 0 );
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]314 }
315
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]316exit:
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]317 mbedtls_free(io_msg_buf);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]318 mbedtls_ccm_free( &ctx );
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]319}
320/* END_CASE */
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]321
322/* BEGIN_CASE */
323void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]324 data_t *key, data_t *msg,
325 data_t *source_address, data_t *frame_counter,
326 int sec_level, data_t *add,
327 data_t *expected_result, int output_ret )
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]328{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]329 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]330 mbedtls_ccm_context ctx;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]331 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]332 size_t n1, n1_add;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]333 uint8_t* io_msg_buf = NULL;
334 uint8_t* tag_buf = NULL;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]335
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]336 const uint8_t* expected_tag = expected_result->x + msg->len;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]337
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]338 /* Calculate tag length */
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]339 if( sec_level % 4 == 0)
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]340 expected_tag_len = 0;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]341 else
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]342 expected_tag_len = 1 << ( sec_level % 4 + 1);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]343
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]344 /* Prepare input/output message buffer */
345 ASSERT_ALLOC( io_msg_buf, msg->len );
346 if( msg->len )
347 memcpy( io_msg_buf, msg->x, msg->len );
348
349 /* Prepare tag buffer */
350 if( expected_tag_len == 0 )
351 ASSERT_ALLOC( tag_buf, 16 );
352 else
353 ASSERT_ALLOC( tag_buf, expected_tag_len );
354
355 /* Calculate iv */
Gilles Peskineb168c0d2021-02-09 12:00:13 +0100[diff] [blame]356 TEST_ASSERT( source_address->len == 8 );
357 TEST_ASSERT( frame_counter->len == 4 );
358 memcpy( iv, source_address->x, source_address->len );
359 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]360 iv[source_address->len + frame_counter->len] = sec_level;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]361 iv_len = sizeof( iv );
362
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]363 mbedtls_ccm_init( &ctx );
364 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id,
365 key->x, key->len * 8 ), 0 );
366 /* Test with input == output */
367 TEST_EQUAL( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len,
368 add->x, add->len, io_msg_buf,
369 io_msg_buf, tag_buf, expected_tag_len), output_ret );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]370
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]371 ASSERT_COMPARE( io_msg_buf, msg->len, expected_result->x, msg->len );
372 ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]373
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]374 if( output_ret == 0 )
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]375 {
376 const data_t iv_data = { .x = iv,
377 .len = iv_len };
378
379 const data_t encrypted_expected = { .x = expected_result->x,
380 .len = msg->len };
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]381 const data_t tag_expected = { .x = (uint8_t*)expected_tag,
382 .len = expected_tag_len };
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]383
384 for( n1 = 0; n1 <= msg->len; n1 += 1 )
385 {
386 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
387 {
388 mbedtls_test_set_step( n1 * 10000 + n1_add );
389 if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_ENCRYPT,
390 &iv_data, add, msg,
391 &encrypted_expected,
392 &tag_expected,
393 n1, n1_add ) )
394 goto exit;
395 }
396 }
397 }
398
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]399exit:
400 mbedtls_ccm_free( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]401 mbedtls_free( io_msg_buf );
402 mbedtls_free( tag_buf );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]403}
404/* END_CASE */
405
406/* BEGIN_CASE */
407void mbedtls_ccm_star_auth_decrypt( int cipher_id,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]408 data_t *key, data_t *msg,
409 data_t *source_address, data_t *frame_counter,
410 int sec_level, data_t *add,
411 data_t *expected_result, int output_ret )
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]412{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]413 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]414 mbedtls_ccm_context ctx;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]415 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]416 size_t n1, n1_add;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]417
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]418 /* Calculate tag length */
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]419 if( sec_level % 4 == 0)
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]420 expected_tag_len = 0;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]421 else
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]422 expected_tag_len = 1 << ( sec_level % 4 + 1);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]423
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]424 const size_t expected_msg_len = msg->len - expected_tag_len;
425 const uint8_t* expected_tag = msg->x + expected_msg_len;
426
427 /* Prepare input/output message buffer */
428 uint8_t* io_msg_buf = NULL;
429 ASSERT_ALLOC( io_msg_buf, expected_msg_len );
430 if( expected_msg_len )
431 memcpy( io_msg_buf, msg->x, expected_msg_len );
432
433 /* Calculate iv */
434 memset( iv, 0x00, sizeof( iv ) );
Gilles Peskineb168c0d2021-02-09 12:00:13 +0100[diff] [blame]435 TEST_ASSERT( source_address->len == 8 );
436 TEST_ASSERT( frame_counter->len == 4 );
437 memcpy( iv, source_address->x, source_address->len );
438 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]439 iv[source_address->len + frame_counter->len] = sec_level;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]440 iv_len = sizeof( iv );
441
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]442 mbedtls_ccm_init( &ctx );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]443 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]444 /* Test with input == output */
445 TEST_EQUAL( mbedtls_ccm_star_auth_decrypt( &ctx, expected_msg_len, iv, iv_len,
446 add->x, add->len, io_msg_buf, io_msg_buf,
447 expected_tag, expected_tag_len ), output_ret );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]448
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]449 ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]450
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]451 if( output_ret == 0 )
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]452 {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]453 const data_t iv_data = { .x = iv,
454 .len = iv_len };
455
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]456 const data_t encrypted = { .x = msg->x,
457 .len = expected_msg_len} ;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]458
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]459 const data_t tag_expected = { .x = (uint8_t*) expected_tag,
460 .len = expected_tag_len };
461
462 for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]463 {
464 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
465 {
466 mbedtls_test_set_step( n1 * 10000 + n1_add );
467 if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_DECRYPT,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]468 &iv_data, add, &encrypted,
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]469 expected_result,
470 &tag_expected,
471 n1, n1_add ) )
472 goto exit;
473 }
474 }
475 }
476
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]477exit:
478 mbedtls_ccm_free( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]479 mbedtls_free( io_msg_buf );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]480}
481/* END_CASE */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]482
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]483/* Skip auth data, provide full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]484/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]485void mbedtls_ccm_skip_ad( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]486 data_t * key, data_t * msg, data_t * iv,
487 data_t * result, data_t * tag )
488{
489 mbedtls_ccm_context ctx;
490 uint8_t *output = NULL;
491 size_t olen;
492
493 /* Sanity checks on the test data */
494 TEST_EQUAL( msg->len, result->len );
495
496 mbedtls_ccm_init( &ctx );
497 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
498 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
499 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, tag->len ) );
500
501 ASSERT_ALLOC( output, result->len );
502 olen = 0xdeadbeef;
503 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, result->len, &olen ) );
504 TEST_EQUAL( result->len, olen );
505 ASSERT_COMPARE( output, olen, result->x, result->len );
506 mbedtls_free( output );
507 output = NULL;
508
509 ASSERT_ALLOC( output, tag->len );
510 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
511 ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
512 mbedtls_free( output );
513 output = NULL;
514
515exit:
516 mbedtls_free( output );
517 mbedtls_ccm_free( &ctx );
518}
519/* END_CASE */
520
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]521/* Provide auth data, skip full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]522/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]523void mbedtls_ccm_skip_update( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]524 data_t * key, data_t * iv, data_t* add,
525 data_t * tag )
526{
527 mbedtls_ccm_context ctx;
528 uint8_t *output = NULL;
529
530 mbedtls_ccm_init( &ctx );
531 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
532 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
533 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, tag->len ) );
534
535 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
536
537 ASSERT_ALLOC( output, tag->len );
538 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
539 ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
540 mbedtls_free( output );
541 output = NULL;
542
543exit:
544 mbedtls_free( output );
545 mbedtls_ccm_free( &ctx );
546}
547/* END_CASE */
548
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]549/* Provide too much auth data */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]550/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]551void mbedtls_ccm_overflow_ad( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]552 data_t * key, data_t * iv,
553 data_t * add )
554{
555 mbedtls_ccm_context ctx;
556
557 mbedtls_ccm_init( &ctx );
558 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
559 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
560 // use hardcoded values for msg length and tag length. They are not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]561 // subtract 1 from configured auth data length to provoke an overflow
562 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len - 1, 16, 16 ) );
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]563
564 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
565exit:
566 mbedtls_ccm_free( &ctx );
567}
568/* END_CASE */
569
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]570/* Provide unexpected auth data */
571/* BEGIN_CASE */
572void mbedtls_ccm_unexpected_ad( int cipher_id, int mode,
573 data_t * key, data_t * iv,
574 data_t * add )
575{
576 mbedtls_ccm_context ctx;
577
578 mbedtls_ccm_init( &ctx );
579 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
580 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
581 // use hardcoded values for msg length and tag length. They are not a part of this test
582 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, 16, 16 ) );
583
584 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
585exit:
586 mbedtls_ccm_free( &ctx );
587}
588/* END_CASE */
589
590/* Provide unexpected plaintext/ciphertext data */
591/* BEGIN_CASE */
592void mbedtls_ccm_unexpected_text( int cipher_id, int mode,
593 data_t * key, data_t * msg, data_t * iv,
594 data_t * add )
595{
596 mbedtls_ccm_context ctx;
597 uint8_t *output = NULL;
598 size_t olen;
599
600 mbedtls_ccm_init( &ctx );
601 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
602 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
603 // use hardcoded value for tag length. It is not a part of this test
604 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) );
605
606 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
607
608 ASSERT_ALLOC( output, msg->len );
609 olen = 0xdeadbeef;
610 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
611exit:
612 mbedtls_free( output );
613 mbedtls_ccm_free( &ctx );
614}
615/* END_CASE */
616
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]617/* Provide incomplete auth data and finish */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]618/* BEGIN_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]619void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,
620 data_t * key, data_t * iv, data_t* add )
621{
622 mbedtls_ccm_context ctx;
623 uint8_t *output = NULL;
624
625 mbedtls_ccm_init( &ctx );
626 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
627 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
628 // use hardcoded values for msg length and tag length. They are not a part of this test
629 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) );
630
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]631 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) );
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]632
633 ASSERT_ALLOC( output, 16 );
Mateusz Starzyk7251eda2021-09-01 13:26:44 +0200[diff] [blame]634 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) );
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]635
636exit:
637 mbedtls_free( output );
638 mbedtls_ccm_free( &ctx );
639}
640/* END_CASE */
641
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]642/* Provide complete auth data on first update_ad.
643 * Provide unexpected auth data on second update_ad */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]644/* BEGIN_CASE */
645void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode,
646 data_t * key, data_t * iv,
647 data_t * add )
648{
649 mbedtls_ccm_context ctx;
650
651 mbedtls_ccm_init( &ctx );
652 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
653 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
654 // use hardcoded values for msg length and tag length. They are not a part of this test
655 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) );
656
657 // pass full auth data
658 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
659 // pass 1 extra byte
Mateusz Starzyk7251eda2021-09-01 13:26:44 +0200[diff] [blame]660 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, 1) );
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]661exit:
662 mbedtls_ccm_free( &ctx );
663}
664/* END_CASE */
665
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]666/* Provide incomplete auth data on first update_ad.
667 * Provide too much auth data on second update_ad */
668/* BEGIN_CASE */
669void mbedtls_ccm_incomplete_ad_and_overflow( int cipher_id, int mode,
670 data_t * key, data_t * iv,
671 data_t * add )
672{
673 mbedtls_ccm_context ctx;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]674 uint8_t add_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]675
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]676 add_second_buffer[0] = add->x[ add->len - 1 ];
677 add_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]678
679 mbedtls_ccm_init( &ctx );
680 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
681 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
682 // use hardcoded values for msg length and tag length. They are not a part of this test
683 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) );
684
685 // pass incomplete auth data
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]686 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len - 1) );
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]687 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]688 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add_second_buffer, 2) );
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]689exit:
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]690 mbedtls_ccm_free( &ctx );
691}
692/* END_CASE */
693
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]694/* Provide too much plaintext/ciphertext */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]695/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]696void mbedtls_ccm_overflow_update( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]697 data_t * key, data_t * msg, data_t * iv,
698 data_t * add )
699{
700 mbedtls_ccm_context ctx;
701 uint8_t *output = NULL;
702 size_t olen;
703
704 mbedtls_ccm_init( &ctx );
705 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
706 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
707 // use hardcoded value for tag length. It is a not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]708 // subtract 1 from configured msg length to provoke an overflow
709 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len - 1, 16 ) );
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]710
711 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
712
713 ASSERT_ALLOC( output, msg->len );
714 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
715 mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
716exit:
717 mbedtls_free( output );
718 mbedtls_ccm_free( &ctx );
719}
720/* END_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]721
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]722/* Provide incomplete plaintext/ciphertext and finish */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]723/* BEGIN_CASE */
724void mbedtls_ccm_incomplete_update( int cipher_id, int mode,
725 data_t * key, data_t * msg, data_t * iv,
726 data_t * add )
727{
728 mbedtls_ccm_context ctx;
729 uint8_t *output = NULL;
730 size_t olen;
731
732 mbedtls_ccm_init( &ctx );
733 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
734 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
735 // use hardcoded value for tag length. It is not a part of this test
736 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
737
738 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
739
740 ASSERT_ALLOC( output, msg->len );
741 olen = 0xdeadbeef;
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]742 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len, &olen ) );
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]743 mbedtls_free( output );
744 output = NULL;
745
746 ASSERT_ALLOC( output, 16 );
Mateusz Starzyk7251eda2021-09-01 13:26:44 +0200[diff] [blame]747 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) );
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]748
749exit:
750 mbedtls_free( output );
751 mbedtls_ccm_free( &ctx );
752}
753/* END_CASE */
754
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]755/* Provide full plaintext/ciphertext of first update
756 * Provide unexpected plaintext/ciphertext on second update */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]757/* BEGIN_CASE */
758void mbedtls_ccm_full_update_and_overflow( int cipher_id, int mode,
759 data_t * key, data_t * msg, data_t * iv,
760 data_t * add )
761{
762 mbedtls_ccm_context ctx;
763 uint8_t *output = NULL;
764 size_t olen;
765
766 mbedtls_ccm_init( &ctx );
767 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
768 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
769 // use hardcoded value for tag length. It is a not a part of this test
770 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
771
772 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
773
774 ASSERT_ALLOC( output, msg->len );
775 // pass full text
776 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
777 // pass 1 extra byte
778 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
779 mbedtls_ccm_update( &ctx, msg->x, 1, output, 1, &olen ) );
780exit:
781 mbedtls_free( output );
782 mbedtls_ccm_free( &ctx );
783}
784/* END_CASE */
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]785
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]786/* Provide incomplete plaintext/ciphertext of first update
787 * Provide too much plaintext/ciphertext on second update */
788/* BEGIN_CASE */
789void mbedtls_ccm_incomplete_update_overflow( int cipher_id, int mode,
790 data_t * key, data_t * msg, data_t * iv,
791 data_t * add )
792{
793 mbedtls_ccm_context ctx;
794 uint8_t *output = NULL;
795 size_t olen;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]796 uint8_t msg_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]797
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]798 msg_second_buffer[0] = msg->x[ msg->len - 1 ];
799 msg_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]800
801 mbedtls_ccm_init( &ctx );
802 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
803 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
804 // use hardcoded value for tag length. It is a not a part of this test
805 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
806
807 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
808
809 ASSERT_ALLOC( output, msg->len + 1 );
810 // pass incomplete text
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]811 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen ) );
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]812 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
813 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]814 mbedtls_ccm_update( &ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen ) );
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]815exit:
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]816 mbedtls_free( output );
817 mbedtls_ccm_free( &ctx );
818}
819/* END_CASE */
820
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]821/* Finish without passing any auth data or plaintext/ciphertext input */
822/* BEGIN_CASE */
823void mbedtls_ccm_instant_finish( int cipher_id, int mode,
824 data_t * key, data_t * iv )
825{
826 mbedtls_ccm_context ctx;
827 uint8_t *output = NULL;
828
829 mbedtls_ccm_init( &ctx );
830 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
831 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
832 // use hardcoded values for add length, msg length and tag length.
833 // They are not a part of this test
834 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 16, 16, 16 ) );
835
836 ASSERT_ALLOC( output, 16 );
Mateusz Starzyk7251eda2021-09-01 13:26:44 +0200[diff] [blame]837 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish( &ctx, output, 16 ) );
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]838
839exit:
840 mbedtls_free( output );
841 mbedtls_ccm_free( &ctx );
842}
843/* END_CASE */