blob: 7baa22995694d202a1f662f67a774638e55d1a17 [file] [log] [blame]
Daniel Kingb8025c52016-05-17 14:43:01 -03001/* BEGIN_HEADER */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +02002#include "mbedtls/chachapoly.h"
Daniel Kingb8025c52016-05-17 14:43:01 -03003/* END_HEADER */
4
5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +02006 * depends_on:MBEDTLS_CHACHAPOLY_C
Daniel Kingb8025c52016-05-17 14:43:01 -03007 * END_DEPENDENCIES
8 */
9
10/* BEGIN_CASE */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +020011void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
Daniel Kingb8025c52016-05-17 14:43:01 -030012{
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020013 unsigned char key_str[32]; /* size set by the standard */
14 unsigned char nonce_str[12]; /* size set by the standard */
15 unsigned char aad_str[12]; /* max size of test data so far */
16 unsigned char input_str[265]; /* max size of binary input/output so far */
17 unsigned char output_str[265];
18 unsigned char output[265];
19 unsigned char mac_str[16]; /* size set by the standard */
20 unsigned char mac[16]; /* size set by the standard */
Daniel Kingb8025c52016-05-17 14:43:01 -030021 size_t input_len;
22 size_t output_len;
23 size_t aad_len;
24 size_t key_len;
25 size_t nonce_len;
26 size_t mac_len;
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020027 mbedtls_chachapoly_context ctx;
Daniel Kingb8025c52016-05-17 14:43:01 -030028
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020029 memset( key_str, 0x00, sizeof( key_str ) );
30 memset( nonce_str, 0x00, sizeof( nonce_str ) );
31 memset( aad_str, 0x00, sizeof( aad_str ) );
32 memset( input_str, 0x00, sizeof( input_str ) );
33 memset( output_str, 0x00, sizeof( output_str ) );
34 memset( mac_str, 0x00, sizeof( mac_str ) );
Daniel Kingb8025c52016-05-17 14:43:01 -030035
36 aad_len = unhexify( aad_str, hex_aad_string );
37 input_len = unhexify( input_str, hex_input_string );
38 output_len = unhexify( output_str, hex_output_string );
39 key_len = unhexify( key_str, hex_key_string );
40 nonce_len = unhexify( nonce_str, hex_nonce_string );
41 mac_len = unhexify( mac_str, hex_mac_string );
42
43 TEST_ASSERT( key_len == 32 );
44 TEST_ASSERT( nonce_len == 12 );
45 TEST_ASSERT( mac_len == 16 );
46
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020047 mbedtls_chachapoly_init( &ctx );
48
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +020049 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020050
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +020051 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +020052 MBEDTLS_CHACHAPOLY_ENCRYPT,
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020053 input_len, nonce_str,
54 aad_str, aad_len,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +020055 input_str, output, mac ) == 0 );
Daniel Kingb8025c52016-05-17 14:43:01 -030056
57 TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
58 TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020059
60exit:
61 mbedtls_chachapoly_free( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -030062}
63/* END_CASE */
64
65/* BEGIN_CASE */
Manuel Pégourié-Gonnard72967712018-05-09 12:22:13 +020066void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp )
Daniel Kingb8025c52016-05-17 14:43:01 -030067{
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020068 unsigned char key_str[32]; /* size set by the standard */
69 unsigned char nonce_str[12]; /* size set by the standard */
70 unsigned char aad_str[12]; /* max size of test data so far */
71 unsigned char input_str[265]; /* max size of binary input/output so far */
72 unsigned char output_str[265];
73 unsigned char output[265];
74 unsigned char mac_str[16]; /* size set by the standard */
Daniel Kingb8025c52016-05-17 14:43:01 -030075 size_t input_len;
76 size_t output_len;
77 size_t aad_len;
78 size_t key_len;
79 size_t nonce_len;
80 size_t mac_len;
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020081 int ret;
82 mbedtls_chachapoly_context ctx;
Daniel Kingb8025c52016-05-17 14:43:01 -030083
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020084 memset( key_str, 0x00, sizeof( key_str ) );
85 memset( nonce_str, 0x00, sizeof( nonce_str ) );
86 memset( aad_str, 0x00, sizeof( aad_str ) );
87 memset( input_str, 0x00, sizeof( input_str ) );
88 memset( output_str, 0x00, sizeof( output_str ) );
89 memset( mac_str, 0x00, sizeof( mac_str ) );
Daniel Kingb8025c52016-05-17 14:43:01 -030090
91 aad_len = unhexify( aad_str, hex_aad_string );
92 input_len = unhexify( input_str, hex_input_string );
93 output_len = unhexify( output_str, hex_output_string );
94 key_len = unhexify( key_str, hex_key_string );
95 nonce_len = unhexify( nonce_str, hex_nonce_string );
96 mac_len = unhexify( mac_str, hex_mac_string );
97
98 TEST_ASSERT( key_len == 32 );
99 TEST_ASSERT( nonce_len == 12 );
100 TEST_ASSERT( mac_len == 16 );
101
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200102 mbedtls_chachapoly_init( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -0300103
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200104 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200105
106 ret = mbedtls_chachapoly_auth_decrypt( &ctx,
107 input_len, nonce_str,
108 aad_str, aad_len,
109 mac_str, input_str, output );
110
Manuel Pégourié-Gonnard72967712018-05-09 12:22:13 +0200111 TEST_ASSERT( ret == ret_exp );
112 if( ret_exp == 0 )
113 {
114 TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
115 }
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200116
117exit:
118 mbedtls_chachapoly_free( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -0300119}
120/* END_CASE */
121
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200122/* BEGIN_CASE */
123void chachapoly_bad_params()
124{
125 unsigned char key[32];
126 unsigned char nonce[12];
127 unsigned char aad[1];
128 unsigned char input[1];
129 unsigned char output[1];
130 unsigned char mac[16];
131 size_t input_len = sizeof( input );
132 size_t aad_len = sizeof( aad );
133 mbedtls_chachapoly_context ctx;
134
135 memset( key, 0x00, sizeof( key ) );
136 memset( nonce, 0x00, sizeof( nonce ) );
137 memset( aad, 0x00, sizeof( aad ) );
138 memset( input, 0x00, sizeof( input ) );
139 memset( output, 0x00, sizeof( output ) );
140 memset( mac, 0x00, sizeof( mac ) );
141
142 mbedtls_chachapoly_init( NULL );
143 mbedtls_chachapoly_free( NULL );
144
145 mbedtls_chachapoly_init( &ctx );
146
147 TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200148 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200149 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200150 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200151
152 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( NULL,
153 MBEDTLS_CHACHAPOLY_ENCRYPT,
154 0, nonce,
155 aad, 0,
156 input, output, mac )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200157 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200158 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
159 MBEDTLS_CHACHAPOLY_ENCRYPT,
160 0, NULL,
161 aad, 0,
162 input, output, mac )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200163 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200164 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
165 MBEDTLS_CHACHAPOLY_ENCRYPT,
166 0, nonce,
167 NULL, aad_len,
168 input, output, mac )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200169 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200170 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
171 MBEDTLS_CHACHAPOLY_ENCRYPT,
172 input_len, nonce,
173 aad, 0,
174 NULL, output, mac )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200175 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200176 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
177 MBEDTLS_CHACHAPOLY_ENCRYPT,
178 input_len, nonce,
179 aad, 0,
180 input, NULL, mac )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200181 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200182 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
183 MBEDTLS_CHACHAPOLY_ENCRYPT,
184 0, nonce,
185 aad, 0,
186 input, output, NULL )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200187 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200188
189 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL,
190 0, nonce,
191 aad, 0,
192 mac, input, output )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200193 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200194 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
195 0, NULL,
196 aad, 0,
197 mac, input, output )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200198 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200199 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
200 0, nonce,
201 NULL, aad_len,
202 mac, input, output )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200203 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200204 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
205 0, nonce,
206 aad, 0,
207 NULL, input, output )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200208 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200209 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
210 input_len, nonce,
211 aad, 0,
212 mac, NULL, output )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200213 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200214 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
215 input_len, nonce,
216 aad, 0,
217 mac, input, NULL )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200218 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200219
220 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
221 MBEDTLS_CHACHAPOLY_ENCRYPT,
222 0, nonce,
223 aad, aad_len,
224 NULL, NULL, mac )
225 == 0 );
226 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
227 0, nonce,
228 aad, aad_len,
229 mac, NULL, NULL )
230 == 0 );
231
232 TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx,
233 MBEDTLS_CHACHAPOLY_ENCRYPT,
234 input_len, nonce,
235 NULL, 0,
236 input, output, mac )
237 == 0 );
238 TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
239 input_len, nonce,
240 NULL, 0,
241 mac, input, output )
242 == 0 );
243
244 TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200245 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200246 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200247 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200248
249 TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200250 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200251 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200252 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200253
254 TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200255 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200256 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200257 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200258 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200259 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200260
261 TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200262 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200263 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL )
Manuel Pégourié-Gonnard3798b6b2018-05-24 13:27:45 +0200264 == MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200265
266exit:
267 mbedtls_chachapoly_free( &ctx );
268}
269/* END_CASE */
270
Manuel Pégourié-Gonnardceb12252018-05-10 11:41:00 +0200271/* BEGIN_CASE */
272void chachapoly_state()
273{
274 unsigned char key[32];
275 unsigned char nonce[12];
276 unsigned char aad[1];
277 unsigned char input[1];
278 unsigned char output[1];
279 unsigned char mac[16];
280 size_t input_len = sizeof( input );
281 size_t aad_len = sizeof( aad );
282 mbedtls_chachapoly_context ctx;
283
284 memset( key, 0x00, sizeof( key ) );
285 memset( nonce, 0x00, sizeof( nonce ) );
286 memset( aad, 0x00, sizeof( aad ) );
287 memset( input, 0x00, sizeof( input ) );
288 memset( output, 0x00, sizeof( output ) );
289 memset( mac, 0x00, sizeof( mac ) );
290
291 /* Initial state: finish, update, update_aad forbidden */
292 mbedtls_chachapoly_init( &ctx );
293
294 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
295 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
296 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
297 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
298 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
299 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
300
301 /* Still initial state: finish, update, update_aad forbidden */
302 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
303 == 0 );
304
305 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
306 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
307 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
308 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
309 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
310 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
311
312 /* Starts -> finish OK */
313 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
314 == 0 );
315 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
316 == 0 );
317
318 /* After finish: update, update_aad forbidden */
319 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
320 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
321 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
322 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
323
324 /* Starts -> update* OK */
325 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
326 == 0 );
327 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
328 == 0 );
329 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
330 == 0 );
331
332 /* After update: update_aad forbidden */
333 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
334 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
335
336 /* Starts -> update_aad* -> finish OK */
337 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
338 == 0 );
339 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
340 == 0 );
341 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
342 == 0 );
343 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
344 == 0 );
345
346exit:
347 mbedtls_chachapoly_free( &ctx );
348}
349/* END_CASE */
350
Daniel Kingb8025c52016-05-17 14:43:01 -0300351/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200352void chachapoly_selftest()
Daniel Kingb8025c52016-05-17 14:43:01 -0300353{
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200354 TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
Daniel Kingb8025c52016-05-17 14:43:01 -0300355}
356/* END_CASE */