blob: 8e56bf69a334b911e5f62ee84b7c84d3a0cef03e [file] [log] [blame]
Daniel Kingb8025c52016-05-17 14:43:01 -03001/* BEGIN_HEADER */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +02002#include "mbedtls/chachapoly.h"
Daniel Kingb8025c52016-05-17 14:43:01 -03003/* END_HEADER */
4
5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +02006 * depends_on:MBEDTLS_CHACHAPOLY_C
Daniel Kingb8025c52016-05-17 14:43:01 -03007 * END_DEPENDENCIES
8 */
9
10/* BEGIN_CASE */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +020011void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
Daniel Kingb8025c52016-05-17 14:43:01 -030012{
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020013 unsigned char key_str[32]; /* size set by the standard */
14 unsigned char nonce_str[12]; /* size set by the standard */
15 unsigned char aad_str[12]; /* max size of test data so far */
16 unsigned char input_str[265]; /* max size of binary input/output so far */
17 unsigned char output_str[265];
18 unsigned char output[265];
19 unsigned char mac_str[16]; /* size set by the standard */
20 unsigned char mac[16]; /* size set by the standard */
Daniel Kingb8025c52016-05-17 14:43:01 -030021 size_t input_len;
22 size_t output_len;
23 size_t aad_len;
24 size_t key_len;
25 size_t nonce_len;
26 size_t mac_len;
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020027 mbedtls_chachapoly_context ctx;
Daniel Kingb8025c52016-05-17 14:43:01 -030028
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020029 memset( key_str, 0x00, sizeof( key_str ) );
30 memset( nonce_str, 0x00, sizeof( nonce_str ) );
31 memset( aad_str, 0x00, sizeof( aad_str ) );
32 memset( input_str, 0x00, sizeof( input_str ) );
33 memset( output_str, 0x00, sizeof( output_str ) );
34 memset( mac_str, 0x00, sizeof( mac_str ) );
Daniel Kingb8025c52016-05-17 14:43:01 -030035
36 aad_len = unhexify( aad_str, hex_aad_string );
37 input_len = unhexify( input_str, hex_input_string );
38 output_len = unhexify( output_str, hex_output_string );
39 key_len = unhexify( key_str, hex_key_string );
40 nonce_len = unhexify( nonce_str, hex_nonce_string );
41 mac_len = unhexify( mac_str, hex_mac_string );
42
43 TEST_ASSERT( key_len == 32 );
44 TEST_ASSERT( nonce_len == 12 );
45 TEST_ASSERT( mac_len == 16 );
46
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020047 mbedtls_chachapoly_init( &ctx );
48
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +020049 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020050
Manuel Pégourié-Gonnard3dc62a02018-06-04 12:18:19 +020051 TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020052 input_len, nonce_str,
53 aad_str, aad_len,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +020054 input_str, output, mac ) == 0 );
Daniel Kingb8025c52016-05-17 14:43:01 -030055
56 TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
57 TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020058
59exit:
60 mbedtls_chachapoly_free( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -030061}
62/* END_CASE */
63
64/* BEGIN_CASE */
Manuel Pégourié-Gonnard72967712018-05-09 12:22:13 +020065void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp )
Daniel Kingb8025c52016-05-17 14:43:01 -030066{
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020067 unsigned char key_str[32]; /* size set by the standard */
68 unsigned char nonce_str[12]; /* size set by the standard */
69 unsigned char aad_str[12]; /* max size of test data so far */
70 unsigned char input_str[265]; /* max size of binary input/output so far */
71 unsigned char output_str[265];
72 unsigned char output[265];
73 unsigned char mac_str[16]; /* size set by the standard */
Daniel Kingb8025c52016-05-17 14:43:01 -030074 size_t input_len;
75 size_t output_len;
76 size_t aad_len;
77 size_t key_len;
78 size_t nonce_len;
79 size_t mac_len;
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020080 int ret;
81 mbedtls_chachapoly_context ctx;
Daniel Kingb8025c52016-05-17 14:43:01 -030082
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020083 memset( key_str, 0x00, sizeof( key_str ) );
84 memset( nonce_str, 0x00, sizeof( nonce_str ) );
85 memset( aad_str, 0x00, sizeof( aad_str ) );
86 memset( input_str, 0x00, sizeof( input_str ) );
87 memset( output_str, 0x00, sizeof( output_str ) );
88 memset( mac_str, 0x00, sizeof( mac_str ) );
Daniel Kingb8025c52016-05-17 14:43:01 -030089
90 aad_len = unhexify( aad_str, hex_aad_string );
91 input_len = unhexify( input_str, hex_input_string );
92 output_len = unhexify( output_str, hex_output_string );
93 key_len = unhexify( key_str, hex_key_string );
94 nonce_len = unhexify( nonce_str, hex_nonce_string );
95 mac_len = unhexify( mac_str, hex_mac_string );
96
97 TEST_ASSERT( key_len == 32 );
98 TEST_ASSERT( nonce_len == 12 );
99 TEST_ASSERT( mac_len == 16 );
100
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200101 mbedtls_chachapoly_init( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -0300102
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200103 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200104
105 ret = mbedtls_chachapoly_auth_decrypt( &ctx,
106 input_len, nonce_str,
107 aad_str, aad_len,
108 mac_str, input_str, output );
109
Manuel Pégourié-Gonnard72967712018-05-09 12:22:13 +0200110 TEST_ASSERT( ret == ret_exp );
111 if( ret_exp == 0 )
112 {
113 TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
114 }
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200115
116exit:
117 mbedtls_chachapoly_free( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -0300118}
119/* END_CASE */
120
Hanno Beckerae2ff022018-12-11 15:14:02 +0000121/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200122void chachapoly_bad_params()
123{
124 unsigned char key[32];
125 unsigned char nonce[12];
126 unsigned char aad[1];
127 unsigned char input[1];
128 unsigned char output[1];
129 unsigned char mac[16];
130 size_t input_len = sizeof( input );
131 size_t aad_len = sizeof( aad );
132 mbedtls_chachapoly_context ctx;
133
134 memset( key, 0x00, sizeof( key ) );
135 memset( nonce, 0x00, sizeof( nonce ) );
136 memset( aad, 0x00, sizeof( aad ) );
137 memset( input, 0x00, sizeof( input ) );
138 memset( output, 0x00, sizeof( output ) );
139 memset( mac, 0x00, sizeof( mac ) );
140
Hanno Beckerae2ff022018-12-11 15:14:02 +0000141 TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
Hanno Beckera994b232018-12-12 16:44:41 +0000142 TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200143
Hanno Beckerae2ff022018-12-11 15:14:02 +0000144 /* setkey */
145 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
146 mbedtls_chachapoly_setkey( NULL, key ) );
147 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
148 mbedtls_chachapoly_setkey( &ctx, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200149
Hanno Beckerae2ff022018-12-11 15:14:02 +0000150 /* encrypt_and_tag */
151 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
152 mbedtls_chachapoly_encrypt_and_tag( NULL,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200153 0, nonce,
154 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000155 input, output, mac ) );
156 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
157 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200158 0, NULL,
159 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000160 input, output, mac ) );
161 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
162 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200163 0, nonce,
164 NULL, aad_len,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000165 input, output, mac ) );
166 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
167 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200168 input_len, nonce,
169 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000170 NULL, output, mac ) );
171 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
172 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200173 input_len, nonce,
174 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000175 input, NULL, mac ) );
176 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
177 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200178 0, nonce,
179 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000180 input, output, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200181
Hanno Beckerae2ff022018-12-11 15:14:02 +0000182 /* auth_decrypt */
183 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
184 mbedtls_chachapoly_auth_decrypt( NULL,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200185 0, nonce,
186 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000187 mac, input, output ) );
188 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
189 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200190 0, NULL,
191 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000192 mac, input, output ) );
193 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
194 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200195 0, nonce,
196 NULL, aad_len,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000197 mac, input, output ) );
198 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
199 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200200 0, nonce,
201 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000202 NULL, input, output ) );
203 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
204 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200205 input_len, nonce,
206 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000207 mac, NULL, output ) );
208 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
209 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200210 input_len, nonce,
211 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000212 mac, input, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200213
Hanno Beckerae2ff022018-12-11 15:14:02 +0000214 /* starts */
215 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
216 mbedtls_chachapoly_starts( NULL, nonce,
217 MBEDTLS_CHACHAPOLY_ENCRYPT ) );
218 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
219 mbedtls_chachapoly_starts( &ctx, NULL,
220 MBEDTLS_CHACHAPOLY_ENCRYPT ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200221
Hanno Beckerae2ff022018-12-11 15:14:02 +0000222 /* update_aad */
223 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
224 mbedtls_chachapoly_update_aad( NULL, aad,
225 aad_len ) );
226 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
227 mbedtls_chachapoly_update_aad( &ctx, NULL,
228 aad_len ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200229
Hanno Beckerae2ff022018-12-11 15:14:02 +0000230 /* update */
231 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
232 mbedtls_chachapoly_update( NULL, input_len,
233 input, output ) );
234 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
235 mbedtls_chachapoly_update( &ctx, input_len,
236 NULL, output ) );
237 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
238 mbedtls_chachapoly_update( &ctx, input_len,
239 input, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200240
Hanno Beckerae2ff022018-12-11 15:14:02 +0000241 /* finish */
242 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
243 mbedtls_chachapoly_finish( NULL, mac ) );
244 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
245 mbedtls_chachapoly_finish( &ctx, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200246
247exit:
Hanno Beckerae2ff022018-12-11 15:14:02 +0000248 return;
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200249}
250/* END_CASE */
251
Manuel Pégourié-Gonnardceb12252018-05-10 11:41:00 +0200252/* BEGIN_CASE */
253void chachapoly_state()
254{
255 unsigned char key[32];
256 unsigned char nonce[12];
257 unsigned char aad[1];
258 unsigned char input[1];
259 unsigned char output[1];
260 unsigned char mac[16];
261 size_t input_len = sizeof( input );
262 size_t aad_len = sizeof( aad );
263 mbedtls_chachapoly_context ctx;
264
265 memset( key, 0x00, sizeof( key ) );
266 memset( nonce, 0x00, sizeof( nonce ) );
267 memset( aad, 0x00, sizeof( aad ) );
268 memset( input, 0x00, sizeof( input ) );
269 memset( output, 0x00, sizeof( output ) );
270 memset( mac, 0x00, sizeof( mac ) );
271
272 /* Initial state: finish, update, update_aad forbidden */
273 mbedtls_chachapoly_init( &ctx );
274
275 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
276 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
277 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
278 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
279 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
280 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
281
282 /* Still initial state: finish, update, update_aad forbidden */
283 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
284 == 0 );
285
286 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
287 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
288 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
289 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
290 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
291 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
292
293 /* Starts -> finish OK */
294 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
295 == 0 );
296 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
297 == 0 );
298
299 /* After finish: update, update_aad forbidden */
300 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
301 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
302 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
303 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
304
305 /* Starts -> update* OK */
306 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
307 == 0 );
308 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
309 == 0 );
310 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
311 == 0 );
312
313 /* After update: update_aad forbidden */
314 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
315 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
316
317 /* Starts -> update_aad* -> finish OK */
318 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
319 == 0 );
320 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
321 == 0 );
322 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
323 == 0 );
324 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
325 == 0 );
326
327exit:
328 mbedtls_chachapoly_free( &ctx );
329}
330/* END_CASE */
331
Daniel Kingb8025c52016-05-17 14:43:01 -0300332/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200333void chachapoly_selftest()
Daniel Kingb8025c52016-05-17 14:43:01 -0300334{
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200335 TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
Daniel Kingb8025c52016-05-17 14:43:01 -0300336}
337/* END_CASE */