TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 412a813ad4d890528390411ae31574cae45a8cfb / . / tests / suites / test_suite_ccm.function
blob: 610f2ba467f8cd708f7c39b95c55c7f9794f9647 [file] [log] [blame]
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ccm.h"
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]7static int check_multipart(mbedtls_ccm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
20 size_t n2_add = add->len - n1_add;
21 size_t olen;
22
23 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]24 TEST_ASSERT(n1 <= input->len);
25 TEST_ASSERT(n1_add <= add->len);
26 TEST_EQUAL(input->len, expected_output->len);
27 TEST_EQUAL(0, mbedtls_ccm_starts(ctx, mode, iv->x, iv->len));
28 TEST_EQUAL(0, mbedtls_ccm_set_lengths(ctx, add->len, input->len, tag->len));
29 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x, n1_add));
30 TEST_EQUAL(0, mbedtls_ccm_update_ad(ctx, add->x + n1_add, n2_add));
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]31
32 /* Allocate a tight buffer for each update call. This way, if the function
33 * tries to write beyond the advertised required buffer size, this will
34 * count as an overflow for memory sanitizers and static checkers. */
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]35 TEST_CALLOC_OR_FAIL(output, n1);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]36 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]37 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x, n1, output, n1, &olen));
38 TEST_EQUAL(n1, olen);
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]39 TEST_BUFFERS_EQUAL(output, olen, expected_output->x, n1);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]40 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]41 output = NULL;
42
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]43 TEST_CALLOC_OR_FAIL(output, n2);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]44 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]45 TEST_EQUAL(0, mbedtls_ccm_update(ctx, input->x + n1, n2, output, n2, &olen));
46 TEST_EQUAL(n2, olen);
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]47 TEST_BUFFERS_EQUAL(output, olen, expected_output->x + n1, n2);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]48 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]49 output = NULL;
50
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]51 TEST_CALLOC_OR_FAIL(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]52 TEST_EQUAL(0, mbedtls_ccm_finish(ctx, output, tag->len));
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]53 TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]54 mbedtls_free(output);
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]55 output = NULL;
56
57 ok = 1;
58exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]59 mbedtls_free(output);
60 return ok;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]61}
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]62/* END_HEADER */
63
64/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]65 * depends_on:MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]66 * END_DEPENDENCIES
67 */
68
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]70void mbedtls_ccm_self_test()
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]71{
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]72 TEST_ASSERT(mbedtls_ccm_self_test(1) == 0);
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]73}
74/* END_CASE */
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]75
76/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]77void mbedtls_ccm_setkey(int cipher_id, int key_size, int result)
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]78{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]80 unsigned char key[32];
81 int ret;
82
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]83 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]84
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]85 memset(key, 0x2A, sizeof(key));
86 TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]87
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]88 ret = mbedtls_ccm_setkey(&ctx, cipher_id, key, key_size);
89 TEST_ASSERT(ret == result);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]90
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]91exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]92 mbedtls_ccm_free(&ctx);
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]93}
94/* END_CASE */
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]95
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]96/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]97void ccm_lengths(int msg_len, int iv_len, int add_len, int tag_len, int res)
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]98{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]100 unsigned char key[16];
101 unsigned char msg[10];
102 unsigned char iv[14];
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]103 unsigned char *add = NULL;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]104 unsigned char out[10];
105 unsigned char tag[18];
106 int decrypt_ret;
107
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]108 mbedtls_ccm_init(&ctx);
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]109
Tom Cosgrove412a8132023-07-20 16:55:14 +0100[diff] [blame^]110 TEST_CALLOC_OR_SKIP(add, add_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]111 memset(key, 0, sizeof(key));
112 memset(msg, 0, sizeof(msg));
113 memset(iv, 0, sizeof(iv));
114 memset(out, 0, sizeof(out));
115 memset(tag, 0, sizeof(tag));
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]116
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]117 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
118 key, 8 * sizeof(key)) == 0);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]119
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]120 TEST_ASSERT(mbedtls_ccm_encrypt_and_tag(&ctx, msg_len, iv, iv_len, add, add_len,
121 msg, out, tag, tag_len) == res);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]122
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]123 decrypt_ret = mbedtls_ccm_auth_decrypt(&ctx, msg_len, iv, iv_len, add, add_len,
124 msg, out, tag, tag_len);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]125
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]126 if (res == 0) {
127 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
128 } else {
129 TEST_ASSERT(decrypt_ret == res);
130 }
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]131
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]132exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]133 mbedtls_free(add);
134 mbedtls_ccm_free(&ctx);
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]135}
136/* END_CASE */
137
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]138/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]139void ccm_star_lengths(int msg_len, int iv_len, int add_len, int tag_len,
140 int res)
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]141{
142 mbedtls_ccm_context ctx;
143 unsigned char key[16];
144 unsigned char msg[10];
145 unsigned char iv[14];
146 unsigned char add[10];
147 unsigned char out[10];
148 unsigned char tag[18];
149 int decrypt_ret;
150
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]151 mbedtls_ccm_init(&ctx);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]152
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]153 memset(key, 0, sizeof(key));
154 memset(msg, 0, sizeof(msg));
155 memset(iv, 0, sizeof(iv));
156 memset(add, 0, sizeof(add));
157 memset(out, 0, sizeof(out));
158 memset(tag, 0, sizeof(tag));
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]159
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]160 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
161 key, 8 * sizeof(key)) == 0);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]162
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]163 TEST_ASSERT(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg_len, iv, iv_len,
164 add, add_len, msg, out, tag, tag_len) == res);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]165
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]166 decrypt_ret = mbedtls_ccm_star_auth_decrypt(&ctx, msg_len, iv, iv_len, add,
167 add_len, msg, out, tag, tag_len);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]168
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]169 if (res == 0 && tag_len != 0) {
170 TEST_ASSERT(decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED);
171 } else {
172 TEST_ASSERT(decrypt_ret == res);
173 }
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]174
175exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]176 mbedtls_ccm_free(&ctx);
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]177}
178/* END_CASE */
179
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]180/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]181void mbedtls_ccm_encrypt_and_tag(int cipher_id, data_t *key,
182 data_t *msg, data_t *iv,
183 data_t *add, data_t *result)
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]184{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]185 mbedtls_ccm_context ctx;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]186 size_t n1, n1_add;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]187 uint8_t *io_msg_buf = NULL;
188 uint8_t *tag_buf = NULL;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]189 const size_t expected_tag_len = result->len - msg->len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]190 const uint8_t *expected_tag = result->x + msg->len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]191
192 /* Prepare input/output message buffer */
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]193 TEST_CALLOC_OR_FAIL(io_msg_buf, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]194 if (msg->len != 0) {
195 memcpy(io_msg_buf, msg->x, msg->len);
196 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]197
198 /* Prepare tag buffer */
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]199 TEST_CALLOC_OR_FAIL(tag_buf, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]200
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]201 mbedtls_ccm_init(&ctx);
202 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]203 /* Test with input == output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]204 TEST_EQUAL(mbedtls_ccm_encrypt_and_tag(&ctx, msg->len, iv->x, iv->len, add->x, add->len,
205 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len), 0);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]206
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]207 TEST_BUFFERS_EQUAL(io_msg_buf, msg->len, result->x, msg->len);
208 TEST_BUFFERS_EQUAL(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]209
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]210 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]211 const data_t encrypted_expected = { .x = result->x,
212 .len = msg->len };
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]213 const data_t tag_expected = { .x = (uint8_t *) expected_tag, /* cast to conform with data_t x type */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]214 .len = expected_tag_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]215
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]216 for (n1 = 0; n1 <= msg->len; n1 += 1) {
217 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
218 mbedtls_test_set_step(n1 * 10000 + n1_add);
219 if (!check_multipart(&ctx, MBEDTLS_CCM_ENCRYPT,
220 iv, add, msg,
221 &encrypted_expected,
222 &tag_expected,
223 n1, n1_add)) {
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]224 goto exit;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]225 }
226 }
227 }
228
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]229exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]230 mbedtls_ccm_free(&ctx);
231 mbedtls_free(io_msg_buf);
232 mbedtls_free(tag_buf);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]233}
234/* END_CASE */
235
236/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]237void mbedtls_ccm_star_no_tag(int cipher_id, int mode, data_t *key,
238 data_t *msg, data_t *iv, data_t *result)
239{
240 mbedtls_ccm_context ctx;
241 uint8_t *output = NULL;
242 size_t olen;
243
244 mbedtls_ccm_init(&ctx);
245 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
246 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
247 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, 0));
248
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]249 TEST_CALLOC_OR_FAIL(output, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]250 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
251 TEST_EQUAL(result->len, olen);
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]252 TEST_BUFFERS_EQUAL(output, olen, result->x, result->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]253
254 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, NULL, 0));
255exit:
256 mbedtls_free(output);
257 mbedtls_ccm_free(&ctx);
258}
259/* END_CASE */
260
261/* BEGIN_CASE */
262void mbedtls_ccm_auth_decrypt(int cipher_id, data_t *key,
263 data_t *msg, data_t *iv,
264 data_t *add, int expected_tag_len, int result,
265 data_t *expected_msg)
266{
267 mbedtls_ccm_context ctx;
268 size_t n1, n1_add;
269
270 const size_t expected_msg_len = msg->len - expected_tag_len;
271 const uint8_t *expected_tag = msg->x + expected_msg_len;
272
273 /* Prepare input/output message buffer */
274 uint8_t *io_msg_buf = NULL;
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]275 TEST_CALLOC_OR_FAIL(io_msg_buf, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]276 if (expected_msg_len) {
277 memcpy(io_msg_buf, msg->x, expected_msg_len);
278 }
279
280 mbedtls_ccm_init(&ctx);
281 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
282 /* Test with input == output */
283 TEST_EQUAL(mbedtls_ccm_auth_decrypt(&ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
284 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len),
285 result);
286
287 if (result == 0) {
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]288 TEST_BUFFERS_EQUAL(io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]289
290 /* Prepare data_t structures for multipart testing */
291 const data_t encrypted = { .x = msg->x,
292 .len = expected_msg_len };
293
294 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
295 .len = expected_tag_len };
296
297 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
298 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
299 mbedtls_test_set_step(n1 * 10000 + n1_add);
300 if (!check_multipart(&ctx, MBEDTLS_CCM_DECRYPT,
301 iv, add, &encrypted,
302 expected_msg,
303 &tag_expected,
304 n1, n1_add)) {
305 goto exit;
306 }
307 }
308 }
309 } else {
310 size_t i;
311
312 for (i = 0; i < expected_msg_len; i++) {
313 TEST_EQUAL(io_msg_buf[i], 0);
314 }
315 }
316
317exit:
318 mbedtls_free(io_msg_buf);
319 mbedtls_ccm_free(&ctx);
320}
321/* END_CASE */
322
323/* BEGIN_CASE */
324void mbedtls_ccm_star_encrypt_and_tag(int cipher_id,
325 data_t *key, data_t *msg,
326 data_t *source_address, data_t *frame_counter,
327 int sec_level, data_t *add,
328 data_t *expected_result, int output_ret)
329{
330 unsigned char iv[13];
331 mbedtls_ccm_context ctx;
332 size_t iv_len, expected_tag_len;
333 size_t n1, n1_add;
334 uint8_t *io_msg_buf = NULL;
335 uint8_t *tag_buf = NULL;
336
337 const uint8_t *expected_tag = expected_result->x + msg->len;
338
339 /* Calculate tag length */
340 if (sec_level % 4 == 0) {
341 expected_tag_len = 0;
342 } else {
343 expected_tag_len = 1 << (sec_level % 4 + 1);
344 }
345
346 /* Prepare input/output message buffer */
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]347 TEST_CALLOC_OR_FAIL(io_msg_buf, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]348 if (msg->len) {
349 memcpy(io_msg_buf, msg->x, msg->len);
350 }
351
352 /* Prepare tag buffer */
353 if (expected_tag_len == 0) {
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]354 TEST_CALLOC_OR_FAIL(tag_buf, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]355 } else {
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]356 TEST_CALLOC_OR_FAIL(tag_buf, expected_tag_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]357 }
358
359 /* Calculate iv */
360 TEST_ASSERT(source_address->len == 8);
361 TEST_ASSERT(frame_counter->len == 4);
362 memcpy(iv, source_address->x, source_address->len);
363 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
364 iv[source_address->len + frame_counter->len] = sec_level;
365 iv_len = sizeof(iv);
366
367 mbedtls_ccm_init(&ctx);
368 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id,
369 key->x, key->len * 8), 0);
370 /* Test with input == output */
371 TEST_EQUAL(mbedtls_ccm_star_encrypt_and_tag(&ctx, msg->len, iv, iv_len,
372 add->x, add->len, io_msg_buf,
373 io_msg_buf, tag_buf, expected_tag_len), output_ret);
374
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]375 TEST_BUFFERS_EQUAL(io_msg_buf, msg->len, expected_result->x, msg->len);
376 TEST_BUFFERS_EQUAL(tag_buf, expected_tag_len, expected_tag, expected_tag_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]377
378 if (output_ret == 0) {
379 const data_t iv_data = { .x = iv,
380 .len = iv_len };
381
382 const data_t encrypted_expected = { .x = expected_result->x,
383 .len = msg->len };
384 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
385 .len = expected_tag_len };
386
387 for (n1 = 0; n1 <= msg->len; n1 += 1) {
388 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
389 mbedtls_test_set_step(n1 * 10000 + n1_add);
390 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_ENCRYPT,
391 &iv_data, add, msg,
392 &encrypted_expected,
393 &tag_expected,
394 n1, n1_add)) {
395 goto exit;
396 }
397 }
398 }
399 }
400
401exit:
402 mbedtls_ccm_free(&ctx);
403 mbedtls_free(io_msg_buf);
404 mbedtls_free(tag_buf);
405}
406/* END_CASE */
407
408/* BEGIN_CASE */
409void mbedtls_ccm_star_auth_decrypt(int cipher_id,
410 data_t *key, data_t *msg,
411 data_t *source_address, data_t *frame_counter,
412 int sec_level, data_t *add,
413 data_t *expected_result, int output_ret)
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]414{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]415 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]416 mbedtls_ccm_context ctx;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]417 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]418 size_t n1, n1_add;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]419
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]420 /* Calculate tag length */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]421 if (sec_level % 4 == 0) {
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]422 expected_tag_len = 0;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]423 } else {
424 expected_tag_len = 1 << (sec_level % 4 + 1);
425 }
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]426
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]427 const size_t expected_msg_len = msg->len - expected_tag_len;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]428 const uint8_t *expected_tag = msg->x + expected_msg_len;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]429
430 /* Prepare input/output message buffer */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]431 uint8_t *io_msg_buf = NULL;
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]432 TEST_CALLOC_OR_FAIL(io_msg_buf, expected_msg_len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]433 if (expected_msg_len) {
434 memcpy(io_msg_buf, msg->x, expected_msg_len);
435 }
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]436
437 /* Calculate iv */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]438 memset(iv, 0x00, sizeof(iv));
439 TEST_ASSERT(source_address->len == 8);
440 TEST_ASSERT(frame_counter->len == 4);
441 memcpy(iv, source_address->x, source_address->len);
442 memcpy(iv + source_address->len, frame_counter->x, frame_counter->len);
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]443 iv[source_address->len + frame_counter->len] = sec_level;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]444 iv_len = sizeof(iv);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]445
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]446 mbedtls_ccm_init(&ctx);
447 TEST_ASSERT(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8) == 0);
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]448 /* Test with input == output */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]449 TEST_EQUAL(mbedtls_ccm_star_auth_decrypt(&ctx, expected_msg_len, iv, iv_len,
450 add->x, add->len, io_msg_buf, io_msg_buf,
451 expected_tag, expected_tag_len), output_ret);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]452
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]453 TEST_BUFFERS_EQUAL(io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]454
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]455 if (output_ret == 0) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]456 const data_t iv_data = { .x = iv,
457 .len = iv_len };
458
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]459 const data_t encrypted = { .x = msg->x,
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]460 .len = expected_msg_len };
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]461
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]462 const data_t tag_expected = { .x = (uint8_t *) expected_tag,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]463 .len = expected_tag_len };
464
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]465 for (n1 = 0; n1 <= expected_msg_len; n1 += 1) {
466 for (n1_add = 0; n1_add <= add->len; n1_add += 1) {
467 mbedtls_test_set_step(n1 * 10000 + n1_add);
468 if (!check_multipart(&ctx, MBEDTLS_CCM_STAR_DECRYPT,
469 &iv_data, add, &encrypted,
470 expected_result,
471 &tag_expected,
472 n1, n1_add)) {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]473 goto exit;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]474 }
475 }
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]476 }
477 }
478
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]479exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]480 mbedtls_ccm_free(&ctx);
481 mbedtls_free(io_msg_buf);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]482}
483/* END_CASE */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]484
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]485/* Skip auth data, provide full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]486/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]487void mbedtls_ccm_skip_ad(int cipher_id, int mode,
488 data_t *key, data_t *msg, data_t *iv,
489 data_t *result, data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]490{
491 mbedtls_ccm_context ctx;
492 uint8_t *output = NULL;
493 size_t olen;
494
495 /* Sanity checks on the test data */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]496 TEST_EQUAL(msg->len, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]497
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]498 mbedtls_ccm_init(&ctx);
499 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
500 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
501 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, msg->len, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]502
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]503 TEST_CALLOC_OR_FAIL(output, result->len);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]504 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]505 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, result->len, &olen));
506 TEST_EQUAL(result->len, olen);
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]507 TEST_BUFFERS_EQUAL(output, olen, result->x, result->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]508 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]509 output = NULL;
510
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]511 TEST_CALLOC_OR_FAIL(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]512 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]513 TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]514 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]515 output = NULL;
516
517exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]518 mbedtls_free(output);
519 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]520}
521/* END_CASE */
522
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]523/* Provide auth data, skip full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]524/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]525void mbedtls_ccm_skip_update(int cipher_id, int mode,
526 data_t *key, data_t *iv, data_t *add,
527 data_t *tag)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]528{
529 mbedtls_ccm_context ctx;
530 uint8_t *output = NULL;
531
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]532 mbedtls_ccm_init(&ctx);
533 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
534 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
535 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, tag->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]536
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]537 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]538
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]539 TEST_CALLOC_OR_FAIL(output, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]540 TEST_EQUAL(0, mbedtls_ccm_finish(&ctx, output, tag->len));
Tom Cosgrove65cd8512023-07-20 16:46:01 +0100[diff] [blame]541 TEST_BUFFERS_EQUAL(output, tag->len, tag->x, tag->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]542 mbedtls_free(output);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]543 output = NULL;
544
545exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]546 mbedtls_free(output);
547 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]548}
549/* END_CASE */
550
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]551/* Provide too much auth data */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]552/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]553void mbedtls_ccm_overflow_ad(int cipher_id, int mode,
554 data_t *key, data_t *iv,
555 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]556{
557 mbedtls_ccm_context ctx;
558
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]559 mbedtls_ccm_init(&ctx);
560 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
561 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]562 // use hardcoded values for msg length and tag length. They are not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]563 // subtract 1 from configured auth data length to provoke an overflow
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]564 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len - 1, 16, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]565
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]566 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]567exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]568 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]569}
570/* END_CASE */
571
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]572/* Provide unexpected auth data */
573/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]574void mbedtls_ccm_unexpected_ad(int cipher_id, int mode,
575 data_t *key, data_t *iv,
576 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]577{
578 mbedtls_ccm_context ctx;
579
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]580 mbedtls_ccm_init(&ctx);
581 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
582 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]583 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]584 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 0, 16, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]585
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]586 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]587exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]588 mbedtls_ccm_free(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]589}
590/* END_CASE */
591
592/* Provide unexpected plaintext/ciphertext data */
593/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]594void mbedtls_ccm_unexpected_text(int cipher_id, int mode,
595 data_t *key, data_t *msg, data_t *iv,
596 data_t *add)
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]597{
598 mbedtls_ccm_context ctx;
599 uint8_t *output = NULL;
600 size_t olen;
601
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]602 mbedtls_ccm_init(&ctx);
603 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
604 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]605 // use hardcoded value for tag length. It is not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]606 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]607
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]608 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]609
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]610 TEST_CALLOC_OR_FAIL(output, msg->len);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]611 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]612 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT,
613 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]614exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]615 mbedtls_free(output);
616 mbedtls_ccm_free(&ctx);
Mateusz Starzyk83e4c122021-09-03 14:07:21 +0200[diff] [blame]617}
618/* END_CASE */
619
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]620/* Provide incomplete auth data and finish */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]621/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]622void mbedtls_ccm_incomplete_ad(int cipher_id, int mode,
623 data_t *key, data_t *iv, data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]624{
625 mbedtls_ccm_context ctx;
626 uint8_t *output = NULL;
627
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]628 mbedtls_ccm_init(&ctx);
629 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
630 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]631 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]632 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 0, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]633
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]634 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]635
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]636 TEST_CALLOC_OR_FAIL(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]637 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]638
639exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]640 mbedtls_free(output);
641 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]642}
643/* END_CASE */
644
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]645/* Provide complete auth data on first update_ad.
646 * Provide unexpected auth data on second update_ad */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]647/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]648void mbedtls_ccm_full_ad_and_overflow(int cipher_id, int mode,
649 data_t *key, data_t *iv,
650 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]651{
652 mbedtls_ccm_context ctx;
653
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]654 mbedtls_ccm_init(&ctx);
655 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
656 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]657 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]658 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]659
660 // pass full auth data
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]661 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]662 // pass 1 extra byte
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]663 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add->x, 1));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]664exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]665 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]666}
667/* END_CASE */
668
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]669/* Provide incomplete auth data on first update_ad.
670 * Provide too much auth data on second update_ad */
671/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]672void mbedtls_ccm_incomplete_ad_and_overflow(int cipher_id, int mode,
673 data_t *key, data_t *iv,
674 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]675{
676 mbedtls_ccm_context ctx;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]677 uint8_t add_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]678
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]679 add_second_buffer[0] = add->x[add->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]680 add_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]681
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]682 mbedtls_ccm_init(&ctx);
683 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
684 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]685 // use hardcoded values for msg length and tag length. They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]686 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, 16, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]687
688 // pass incomplete auth data
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]689 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len - 1));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]690 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]691 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad(&ctx, add_second_buffer, 2));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]692exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]693 mbedtls_ccm_free(&ctx);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]694}
695/* END_CASE */
696
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]697/* Provide too much plaintext/ciphertext */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]698/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]699void mbedtls_ccm_overflow_update(int cipher_id, int mode,
700 data_t *key, data_t *msg, data_t *iv,
701 data_t *add)
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]702{
703 mbedtls_ccm_context ctx;
704 uint8_t *output = NULL;
705 size_t olen;
706
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]707 mbedtls_ccm_init(&ctx);
708 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
709 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]710 // use hardcoded value for tag length. It is a not a part of this test
Mateusz Starzyk3050f052021-09-02 12:38:51 +0200[diff] [blame]711 // subtract 1 from configured msg length to provoke an overflow
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]712 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len - 1, 16));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]713
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]714 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]715
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]716 TEST_CALLOC_OR_FAIL(output, msg->len);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]717 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
718 mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]719exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]720 mbedtls_free(output);
721 mbedtls_ccm_free(&ctx);
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]722}
723/* END_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]724
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]725/* Provide incomplete plaintext/ciphertext and finish */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]726/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]727void mbedtls_ccm_incomplete_update(int cipher_id, int mode,
728 data_t *key, data_t *msg, data_t *iv,
729 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]730{
731 mbedtls_ccm_context ctx;
732 uint8_t *output = NULL;
733 size_t olen;
734
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]735 mbedtls_ccm_init(&ctx);
736 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
737 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]738 // use hardcoded value for tag length. It is not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]739 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]740
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]741 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]742
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]743 TEST_CALLOC_OR_FAIL(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]744 olen = 0xdeadbeef;
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]745 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len, &olen));
746 mbedtls_free(output);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]747 output = NULL;
748
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]749 TEST_CALLOC_OR_FAIL(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]750 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]751
752exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]753 mbedtls_free(output);
754 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]755}
756/* END_CASE */
757
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame]758/* Provide full plaintext/ciphertext of first update
759 * Provide unexpected plaintext/ciphertext on second update */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]760/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]761void mbedtls_ccm_full_update_and_overflow(int cipher_id, int mode,
762 data_t *key, data_t *msg, data_t *iv,
763 data_t *add)
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]764{
765 mbedtls_ccm_context ctx;
766 uint8_t *output = NULL;
767 size_t olen;
768
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]769 mbedtls_ccm_init(&ctx);
770 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
771 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]772 // use hardcoded value for tag length. It is a not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]773 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]774
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]775 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]776
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]777 TEST_CALLOC_OR_FAIL(output, msg->len);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]778 // pass full text
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]779 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len, output, msg->len, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]780 // pass 1 extra byte
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]781 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
782 mbedtls_ccm_update(&ctx, msg->x, 1, output, 1, &olen));
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]783exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]784 mbedtls_free(output);
785 mbedtls_ccm_free(&ctx);
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]786}
787/* END_CASE */
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]788
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]789/* Provide incomplete plaintext/ciphertext of first update
790 * Provide too much plaintext/ciphertext on second update */
791/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]792void mbedtls_ccm_incomplete_update_overflow(int cipher_id, int mode,
793 data_t *key, data_t *msg, data_t *iv,
794 data_t *add)
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]795{
796 mbedtls_ccm_context ctx;
797 uint8_t *output = NULL;
798 size_t olen;
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]799 uint8_t msg_second_buffer[2];
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]800
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]801 msg_second_buffer[0] = msg->x[msg->len - 1];
Ronald Cron133740b2021-09-17 09:38:07 +0200[diff] [blame]802 msg_second_buffer[1] = 0xAB; // some magic value
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]803
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]804 mbedtls_ccm_init(&ctx);
805 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
806 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]807 // use hardcoded value for tag length. It is a not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]808 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, add->len, msg->len, 16));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]809
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]810 TEST_EQUAL(0, mbedtls_ccm_update_ad(&ctx, add->x, add->len));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]811
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]812 TEST_CALLOC_OR_FAIL(output, msg->len + 1);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]813 // pass incomplete text
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]814 TEST_EQUAL(0, mbedtls_ccm_update(&ctx, msg->x, msg->len - 1, output, msg->len + 1, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]815 // pass 2 extra bytes (1 missing byte from previous incomplete pass, and 1 unexpected byte)
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]816 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, \
817 mbedtls_ccm_update(&ctx, msg_second_buffer, 2, output + msg->len - 1, 2, &olen));
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]818exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]819 mbedtls_free(output);
820 mbedtls_ccm_free(&ctx);
Mateusz Starzykcd975e42021-09-02 13:25:19 +0200[diff] [blame]821}
822/* END_CASE */
823
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]824/* Finish without passing any auth data or plaintext/ciphertext input */
825/* BEGIN_CASE */
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]826void mbedtls_ccm_instant_finish(int cipher_id, int mode,
827 data_t *key, data_t *iv)
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]828{
829 mbedtls_ccm_context ctx;
830 uint8_t *output = NULL;
831
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]832 mbedtls_ccm_init(&ctx);
833 TEST_EQUAL(mbedtls_ccm_setkey(&ctx, cipher_id, key->x, key->len * 8), 0);
834 TEST_EQUAL(0, mbedtls_ccm_starts(&ctx, mode, iv->x, iv->len));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]835 // use hardcoded values for add length, msg length and tag length.
836 // They are not a part of this test
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]837 TEST_EQUAL(0, mbedtls_ccm_set_lengths(&ctx, 16, 16, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]838
Tom Cosgrovef9ffd112023-07-20 16:48:18 +0100[diff] [blame]839 TEST_CALLOC_OR_FAIL(output, 16);
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]840 TEST_EQUAL(MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_finish(&ctx, output, 16));
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]841
842exit:
Gilles Peskine449bd832023-01-11 14:50:10 +0100[diff] [blame]843 mbedtls_free(output);
844 mbedtls_ccm_free(&ctx);
Mateusz Starzyke0f52272021-08-10 13:55:47 +0200[diff] [blame]845}
846/* END_CASE */