TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 86796bc8a59f8fc9930ba4722feb5a8aaddef9d3 / . / tests / suites / test_suite_cipher.function
blob: 0fcbd37493304fc5d79f3fa5b5827d060a27929e [file] [log] [blame]
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/cipher.h"
Manuel Pégourié-Gonnardf7ce67f2013-09-03 20:17:35 +0200[diff] [blame]3
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]4#if defined(MBEDTLS_AES_C)
5#include "mbedtls/aes.h"
6#endif
7
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]8#if defined(MBEDTLS_GCM_C)
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]9#include "mbedtls/gcm.h"
Manuel Pégourié-Gonnardf7ce67f2013-09-03 20:17:35 +0200[diff] [blame]10#endif
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]11
12#if defined(MBEDTLS_USE_PSA_CRYPTO)
Ronald Cron02c78b72020-05-27 09:22:32 +0200[diff] [blame]13#include "test/psa_crypto_helpers.h"
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]14#endif
15
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]16#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
17#define MBEDTLS_CIPHER_AUTH_CRYPT
18#endif
19
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]20#if defined(MBEDTLS_CIPHER_AUTH_CRYPT)
21/* Helper for resetting key/direction
22 *
23 * The documentation doesn't explicitly say whether calling
24 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with
25 * the default software implementation, but only by accident. It isn't
26 * guaranteed to work with new ciphers or with alternative implementations of
27 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do
28 * it, and instead start with a fresh context.
29 */
30static void cipher_reset_key( mbedtls_cipher_context_t *ctx, int cipher_id,
31 int use_psa, size_t tag_len, const data_t *key, int direction )
32{
33 mbedtls_cipher_free( ctx );
34 mbedtls_cipher_init( ctx );
35
36#if !defined(MBEDTLS_USE_PSA_CRYPTO)
37 (void) use_psa;
38 (void) tag_len;
39#else
40 if( use_psa == 1 )
41 {
42 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( ctx,
43 mbedtls_cipher_info_from_type( cipher_id ),
44 tag_len ) );
45 }
46 else
47#endif /* MBEDTLS_USE_PSA_CRYPTO */
48 {
49 TEST_ASSERT( 0 == mbedtls_cipher_setup( ctx,
50 mbedtls_cipher_info_from_type( cipher_id ) ) );
51 }
52
53 TEST_ASSERT( 0 == mbedtls_cipher_setkey( ctx, key->x, 8 * key->len,
54 direction ) );
55exit:
56 ;
57}
58#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */
59
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]60/* END_HEADER */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]61
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]62/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]63 * depends_on:MBEDTLS_CIPHER_C
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]64 * END_DEPENDENCIES
65 */
Paul Bakker5690efc2011-05-26 13:16:06 +0000[diff] [blame]66
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]67/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]68void mbedtls_cipher_list( )
Manuel Pégourié-Gonnard66dfc5a2014-03-29 16:10:55 +0100[diff] [blame]69{
70 const int *cipher_type;
71
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]72 for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ )
73 TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL );
Manuel Pégourié-Gonnard66dfc5a2014-03-29 16:10:55 +0100[diff] [blame]74}
75/* END_CASE */
76
77/* BEGIN_CASE */
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]78void cipher_invalid_param_unconditional( )
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]79{
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]80 mbedtls_cipher_context_t valid_ctx;
81 mbedtls_cipher_context_t invalid_ctx;
82 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
83 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
84 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
85 int valid_size = sizeof(valid_buffer);
86 int valid_bitlen = valid_size * 8;
87 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
88 *( mbedtls_cipher_list() ) );
89 size_t size_t_var;
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]90
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]91 (void)valid_mode; /* In some configurations this is unused */
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]92
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]93 mbedtls_cipher_init( &valid_ctx );
94 mbedtls_cipher_setup( &valid_ctx, valid_info );
95 mbedtls_cipher_init( &invalid_ctx );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]96
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]97 /* mbedtls_cipher_setup() */
98 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) ==
99 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]100
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]101 /* mbedtls_cipher_get_block_size() */
102 TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]103
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]104 /* mbedtls_cipher_get_cipher_mode() */
105 TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ==
106 MBEDTLS_MODE_NONE );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]107
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]108 /* mbedtls_cipher_get_iv_size() */
109 TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]110
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]111 /* mbedtls_cipher_get_type() */
112 TEST_ASSERT(
113 mbedtls_cipher_get_type( &invalid_ctx ) ==
114 MBEDTLS_CIPHER_NONE);
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]115
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]116 /* mbedtls_cipher_get_name() */
117 TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]118
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]119 /* mbedtls_cipher_get_key_bitlen() */
120 TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ==
121 MBEDTLS_KEY_LENGTH_NONE );
122
123 /* mbedtls_cipher_get_operation() */
124 TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) ==
125 MBEDTLS_OPERATION_NONE );
126
127 /* mbedtls_cipher_setkey() */
128 TEST_ASSERT(
129 mbedtls_cipher_setkey( &invalid_ctx,
130 valid_buffer,
131 valid_bitlen,
132 valid_operation ) ==
133 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
134
135 /* mbedtls_cipher_set_iv() */
136 TEST_ASSERT(
137 mbedtls_cipher_set_iv( &invalid_ctx,
138 valid_buffer,
139 valid_size ) ==
140 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
141
142 /* mbedtls_cipher_reset() */
143 TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) ==
144 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]145
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]146#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]147 /* mbedtls_cipher_update_ad() */
148 TEST_ASSERT(
149 mbedtls_cipher_update_ad( &invalid_ctx,
150 valid_buffer,
151 valid_size ) ==
152 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
153#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
154
155#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
156 /* mbedtls_cipher_set_padding_mode() */
157 TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) ==
158 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]159#endif
160
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]161 /* mbedtls_cipher_update() */
162 TEST_ASSERT(
163 mbedtls_cipher_update( &invalid_ctx,
164 valid_buffer,
165 valid_size,
166 valid_buffer,
167 &size_t_var ) ==
168 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]169
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]170 /* mbedtls_cipher_finish() */
171 TEST_ASSERT(
172 mbedtls_cipher_finish( &invalid_ctx,
173 valid_buffer,
174 &size_t_var ) ==
175 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]176
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]177#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]178 /* mbedtls_cipher_write_tag() */
179 TEST_ASSERT(
180 mbedtls_cipher_write_tag( &invalid_ctx,
181 valid_buffer,
182 valid_size ) ==
183 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]184
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]185 /* mbedtls_cipher_check_tag() */
186 TEST_ASSERT(
187 mbedtls_cipher_check_tag( &invalid_ctx,
188 valid_buffer,
189 valid_size ) ==
190 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
191#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
192
193exit:
194 mbedtls_cipher_free( &invalid_ctx );
195 mbedtls_cipher_free( &valid_ctx );
196}
197/* END_CASE */
198
199/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
200void cipher_invalid_param_conditional( )
201{
202 mbedtls_cipher_context_t valid_ctx;
203
204 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
205 mbedtls_operation_t invalid_operation = 100;
206 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
207 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
208 int valid_size = sizeof(valid_buffer);
209 int valid_bitlen = valid_size * 8;
210 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
211 *( mbedtls_cipher_list() ) );
212
213 size_t size_t_var;
214
215 (void)valid_mode; /* In some configurations this is unused */
216
217 /* mbedtls_cipher_init() */
218 TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) );
219 TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
220
221 /* mbedtls_cipher_setup() */
222 TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) );
223 TEST_INVALID_PARAM_RET(
224 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
225 mbedtls_cipher_setup( NULL, valid_info ) );
226
227 /* mbedtls_cipher_get_block_size() */
228 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) );
229
230 /* mbedtls_cipher_get_cipher_mode() */
231 TEST_INVALID_PARAM_RET(
232 MBEDTLS_MODE_NONE,
233 mbedtls_cipher_get_cipher_mode( NULL ) );
234
235 /* mbedtls_cipher_get_iv_size() */
236 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) );
237
238 /* mbedtls_cipher_get_type() */
239 TEST_INVALID_PARAM_RET(
240 MBEDTLS_CIPHER_NONE,
241 mbedtls_cipher_get_type( NULL ) );
242
243 /* mbedtls_cipher_get_name() */
244 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) );
245
246 /* mbedtls_cipher_get_key_bitlen() */
247 TEST_INVALID_PARAM_RET(
248 MBEDTLS_KEY_LENGTH_NONE,
249 mbedtls_cipher_get_key_bitlen( NULL ) );
250
251 /* mbedtls_cipher_get_operation() */
252 TEST_INVALID_PARAM_RET(
253 MBEDTLS_OPERATION_NONE,
254 mbedtls_cipher_get_operation( NULL ) );
255
256 /* mbedtls_cipher_setkey() */
257 TEST_INVALID_PARAM_RET(
258 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
259 mbedtls_cipher_setkey( NULL,
260 valid_buffer,
261 valid_bitlen,
262 valid_operation ) );
263 TEST_INVALID_PARAM_RET(
264 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
265 mbedtls_cipher_setkey( &valid_ctx,
266 NULL,
267 valid_bitlen,
268 valid_operation ) );
269 TEST_INVALID_PARAM_RET(
270 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
271 mbedtls_cipher_setkey( &valid_ctx,
272 valid_buffer,
273 valid_bitlen,
274 invalid_operation ) );
275
276 /* mbedtls_cipher_set_iv() */
277 TEST_INVALID_PARAM_RET(
278 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
279 mbedtls_cipher_set_iv( NULL,
280 valid_buffer,
281 valid_size ) );
282 TEST_INVALID_PARAM_RET(
283 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
284 mbedtls_cipher_set_iv( &valid_ctx,
285 NULL,
286 valid_size ) );
287
288 /* mbedtls_cipher_reset() */
289 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
290 mbedtls_cipher_reset( NULL ) );
291
292#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
293 /* mbedtls_cipher_update_ad() */
294 TEST_INVALID_PARAM_RET(
295 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
296 mbedtls_cipher_update_ad( NULL,
297 valid_buffer,
298 valid_size ) );
299 TEST_INVALID_PARAM_RET(
300 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
301 mbedtls_cipher_update_ad( &valid_ctx,
302 NULL,
303 valid_size ) );
304#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
305
306#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
307 /* mbedtls_cipher_set_padding_mode() */
308 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
309 mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]310#endif
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]311
312 /* mbedtls_cipher_update() */
313 TEST_INVALID_PARAM_RET(
314 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
315 mbedtls_cipher_update( NULL,
316 valid_buffer,
317 valid_size,
318 valid_buffer,
319 &size_t_var ) );
320 TEST_INVALID_PARAM_RET(
321 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
322 mbedtls_cipher_update( &valid_ctx,
323 NULL, valid_size,
324 valid_buffer,
325 &size_t_var ) );
326 TEST_INVALID_PARAM_RET(
327 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
328 mbedtls_cipher_update( &valid_ctx,
329 valid_buffer, valid_size,
330 NULL,
331 &size_t_var ) );
332 TEST_INVALID_PARAM_RET(
333 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
334 mbedtls_cipher_update( &valid_ctx,
335 valid_buffer, valid_size,
336 valid_buffer,
337 NULL ) );
338
339 /* mbedtls_cipher_finish() */
340 TEST_INVALID_PARAM_RET(
341 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
342 mbedtls_cipher_finish( NULL,
343 valid_buffer,
344 &size_t_var ) );
345 TEST_INVALID_PARAM_RET(
346 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
347 mbedtls_cipher_finish( &valid_ctx,
348 NULL,
349 &size_t_var ) );
350 TEST_INVALID_PARAM_RET(
351 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
352 mbedtls_cipher_finish( &valid_ctx,
353 valid_buffer,
354 NULL ) );
355
356#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
357 /* mbedtls_cipher_write_tag() */
358 TEST_INVALID_PARAM_RET(
359 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
360 mbedtls_cipher_write_tag( NULL,
361 valid_buffer,
362 valid_size ) );
363 TEST_INVALID_PARAM_RET(
364 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
365 mbedtls_cipher_write_tag( &valid_ctx,
366 NULL,
367 valid_size ) );
368
369 /* mbedtls_cipher_check_tag() */
370 TEST_INVALID_PARAM_RET(
371 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
372 mbedtls_cipher_check_tag( NULL,
373 valid_buffer,
374 valid_size ) );
375 TEST_INVALID_PARAM_RET(
376 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
377 mbedtls_cipher_check_tag( &valid_ctx,
378 NULL,
379 valid_size ) );
380#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
381
382 /* mbedtls_cipher_crypt() */
383 TEST_INVALID_PARAM_RET(
384 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
385 mbedtls_cipher_crypt( NULL,
386 valid_buffer, valid_size,
387 valid_buffer, valid_size,
388 valid_buffer, &size_t_var ) );
389 TEST_INVALID_PARAM_RET(
390 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
391 mbedtls_cipher_crypt( &valid_ctx,
392 NULL, valid_size,
393 valid_buffer, valid_size,
394 valid_buffer, &size_t_var ) );
395 TEST_INVALID_PARAM_RET(
396 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
397 mbedtls_cipher_crypt( &valid_ctx,
398 valid_buffer, valid_size,
399 NULL, valid_size,
400 valid_buffer, &size_t_var ) );
401 TEST_INVALID_PARAM_RET(
402 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
403 mbedtls_cipher_crypt( &valid_ctx,
404 valid_buffer, valid_size,
405 valid_buffer, valid_size,
406 NULL, &size_t_var ) );
407 TEST_INVALID_PARAM_RET(
408 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
409 mbedtls_cipher_crypt( &valid_ctx,
410 valid_buffer, valid_size,
411 valid_buffer, valid_size,
412 valid_buffer, NULL ) );
413
414#if defined(MBEDTLS_CIPHER_MODE_AEAD)
415 /* mbedtls_cipher_auth_encrypt() */
416 TEST_INVALID_PARAM_RET(
417 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
418 mbedtls_cipher_auth_encrypt( NULL,
419 valid_buffer, valid_size,
420 valid_buffer, valid_size,
421 valid_buffer, valid_size,
422 valid_buffer, &size_t_var,
423 valid_buffer, valid_size ) );
424 TEST_INVALID_PARAM_RET(
425 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
426 mbedtls_cipher_auth_encrypt( &valid_ctx,
427 NULL, valid_size,
428 valid_buffer, valid_size,
429 valid_buffer, valid_size,
430 valid_buffer, &size_t_var,
431 valid_buffer, valid_size ) );
432 TEST_INVALID_PARAM_RET(
433 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
434 mbedtls_cipher_auth_encrypt( &valid_ctx,
435 valid_buffer, valid_size,
436 NULL, valid_size,
437 valid_buffer, valid_size,
438 valid_buffer, &size_t_var,
439 valid_buffer, valid_size ) );
440 TEST_INVALID_PARAM_RET(
441 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
442 mbedtls_cipher_auth_encrypt( &valid_ctx,
443 valid_buffer, valid_size,
444 valid_buffer, valid_size,
445 NULL, valid_size,
446 valid_buffer, &size_t_var,
447 valid_buffer, valid_size ) );
448 TEST_INVALID_PARAM_RET(
449 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
450 mbedtls_cipher_auth_encrypt( &valid_ctx,
451 valid_buffer, valid_size,
452 valid_buffer, valid_size,
453 valid_buffer, valid_size,
454 NULL, &size_t_var,
455 valid_buffer, valid_size ) );
456 TEST_INVALID_PARAM_RET(
457 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
458 mbedtls_cipher_auth_encrypt( &valid_ctx,
459 valid_buffer, valid_size,
460 valid_buffer, valid_size,
461 valid_buffer, valid_size,
462 valid_buffer, NULL,
463 valid_buffer, valid_size ) );
464 TEST_INVALID_PARAM_RET(
465 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
466 mbedtls_cipher_auth_encrypt( &valid_ctx,
467 valid_buffer, valid_size,
468 valid_buffer, valid_size,
469 valid_buffer, valid_size,
470 valid_buffer, &size_t_var,
471 NULL, valid_size ) );
472
473 /* mbedtls_cipher_auth_decrypt() */
474 TEST_INVALID_PARAM_RET(
475 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
476 mbedtls_cipher_auth_decrypt( NULL,
477 valid_buffer, valid_size,
478 valid_buffer, valid_size,
479 valid_buffer, valid_size,
480 valid_buffer, &size_t_var,
481 valid_buffer, valid_size ) );
482 TEST_INVALID_PARAM_RET(
483 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
484 mbedtls_cipher_auth_decrypt( &valid_ctx,
485 NULL, valid_size,
486 valid_buffer, valid_size,
487 valid_buffer, valid_size,
488 valid_buffer, &size_t_var,
489 valid_buffer, valid_size ) );
490 TEST_INVALID_PARAM_RET(
491 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
492 mbedtls_cipher_auth_decrypt( &valid_ctx,
493 valid_buffer, valid_size,
494 NULL, valid_size,
495 valid_buffer, valid_size,
496 valid_buffer, &size_t_var,
497 valid_buffer, valid_size ) );
498 TEST_INVALID_PARAM_RET(
499 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
500 mbedtls_cipher_auth_decrypt( &valid_ctx,
501 valid_buffer, valid_size,
502 valid_buffer, valid_size,
503 NULL, valid_size,
504 valid_buffer, &size_t_var,
505 valid_buffer, valid_size ) );
506 TEST_INVALID_PARAM_RET(
507 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
508 mbedtls_cipher_auth_decrypt( &valid_ctx,
509 valid_buffer, valid_size,
510 valid_buffer, valid_size,
511 valid_buffer, valid_size,
512 NULL, &size_t_var,
513 valid_buffer, valid_size ) );
514 TEST_INVALID_PARAM_RET(
515 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
516 mbedtls_cipher_auth_decrypt( &valid_ctx,
517 valid_buffer, valid_size,
518 valid_buffer, valid_size,
519 valid_buffer, valid_size,
520 valid_buffer, NULL,
521 valid_buffer, valid_size ) );
522 TEST_INVALID_PARAM_RET(
523 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
524 mbedtls_cipher_auth_decrypt( &valid_ctx,
525 valid_buffer, valid_size,
526 valid_buffer, valid_size,
527 valid_buffer, valid_size,
528 valid_buffer, &size_t_var,
529 NULL, valid_size ) );
530#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
531
Manuel Pégourié-Gonnard86796bc2020-12-03 11:29:22 +0100[diff] [blame^]532#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C)
533 /* mbedtls_cipher_auth_encrypt_ext */
534 TEST_INVALID_PARAM_RET(
535 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
536 mbedtls_cipher_auth_encrypt_ext( NULL,
537 valid_buffer, valid_size,
538 valid_buffer, valid_size,
539 valid_buffer, valid_size,
540 valid_buffer, valid_size, &size_t_var,
541 valid_size ) );
542 TEST_INVALID_PARAM_RET(
543 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
544 mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
545 NULL, valid_size,
546 valid_buffer, valid_size,
547 valid_buffer, valid_size,
548 valid_buffer, valid_size, &size_t_var,
549 valid_size ) );
550 TEST_INVALID_PARAM_RET(
551 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
552 mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
553 valid_buffer, valid_size,
554 NULL, valid_size,
555 valid_buffer, valid_size,
556 valid_buffer, valid_size, &size_t_var,
557 valid_size ) );
558 TEST_INVALID_PARAM_RET(
559 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
560 mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
561 valid_buffer, valid_size,
562 valid_buffer, valid_size,
563 NULL, valid_size,
564 valid_buffer, valid_size, &size_t_var,
565 valid_size ) );
566 TEST_INVALID_PARAM_RET(
567 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
568 mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
569 valid_buffer, valid_size,
570 valid_buffer, valid_size,
571 valid_buffer, valid_size,
572 NULL, valid_size, &size_t_var,
573 valid_size ) );
574 TEST_INVALID_PARAM_RET(
575 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
576 mbedtls_cipher_auth_encrypt_ext( &valid_ctx,
577 valid_buffer, valid_size,
578 valid_buffer, valid_size,
579 valid_buffer, valid_size,
580 valid_buffer, valid_size, NULL,
581 valid_size ) );
582
583 /* mbedtls_cipher_auth_decrypt_ext */
584 TEST_INVALID_PARAM_RET(
585 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
586 mbedtls_cipher_auth_decrypt_ext( NULL,
587 valid_buffer, valid_size,
588 valid_buffer, valid_size,
589 valid_buffer, valid_size,
590 valid_buffer, valid_size, &size_t_var,
591 valid_size ) );
592 TEST_INVALID_PARAM_RET(
593 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
594 mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
595 NULL, valid_size,
596 valid_buffer, valid_size,
597 valid_buffer, valid_size,
598 valid_buffer, valid_size, &size_t_var,
599 valid_size ) );
600 TEST_INVALID_PARAM_RET(
601 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
602 mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
603 valid_buffer, valid_size,
604 NULL, valid_size,
605 valid_buffer, valid_size,
606 valid_buffer, valid_size, &size_t_var,
607 valid_size ) );
608 TEST_INVALID_PARAM_RET(
609 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
610 mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
611 valid_buffer, valid_size,
612 valid_buffer, valid_size,
613 NULL, valid_size,
614 valid_buffer, valid_size, &size_t_var,
615 valid_size ) );
616 TEST_INVALID_PARAM_RET(
617 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
618 mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
619 valid_buffer, valid_size,
620 valid_buffer, valid_size,
621 valid_buffer, valid_size,
622 NULL, valid_size, &size_t_var,
623 valid_size ) );
624 TEST_INVALID_PARAM_RET(
625 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
626 mbedtls_cipher_auth_decrypt_ext( &valid_ctx,
627 valid_buffer, valid_size,
628 valid_buffer, valid_size,
629 valid_buffer, valid_size,
630 valid_buffer, valid_size, NULL,
631 valid_size ) );
632#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */
633
Andrzej Kurekc470b6b2019-01-31 08:20:20 -0500[diff] [blame]634 /* mbedtls_cipher_free() */
635 TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );
636exit:
637 TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) );
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]638}
639/* END_CASE */
640
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]641/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]642void cipher_special_behaviours( )
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]643{
644 const mbedtls_cipher_info_t *cipher_info;
645 mbedtls_cipher_context_t ctx;
646 unsigned char input[32];
647 unsigned char output[32];
Ron Eldor6f90ed82017-09-26 12:08:54 +0300[diff] [blame]648#if defined (MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]649 unsigned char iv[32];
Ron Eldor6f90ed82017-09-26 12:08:54 +0300[diff] [blame]650#endif
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]651 size_t olen = 0;
652
653 mbedtls_cipher_init( &ctx );
654 memset( input, 0, sizeof( input ) );
655 memset( output, 0, sizeof( output ) );
Ron Eldorbb4bbbb2017-10-01 17:04:54 +0300[diff] [blame]656#if defined(MBEDTLS_CIPHER_MODE_CBC)
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]657 memset( iv, 0, sizeof( iv ) );
658
659 /* Check and get info structures */
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]660 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]661 TEST_ASSERT( NULL != cipher_info );
662
663 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
664
665 /* IV too big */
666 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 )
667 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
668
669 /* IV too small */
670 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 )
671 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
672
Ron Eldor4e64e0b2017-09-25 18:22:32 +0300[diff] [blame]673 mbedtls_cipher_free( &ctx );
Ron Eldorbb4bbbb2017-10-01 17:04:54 +0300[diff] [blame]674 mbedtls_cipher_init( &ctx );
Ron Eldor6f90ed82017-09-26 12:08:54 +0300[diff] [blame]675#endif /* MBEDTLS_CIPHER_MODE_CBC */
Ron Eldor4e64e0b2017-09-25 18:22:32 +0300[diff] [blame]676 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]677 TEST_ASSERT( NULL != cipher_info );
678
679 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
680
Paul Bakker6a9c7252016-07-14 13:46:10 +0100[diff] [blame]681 /* Update ECB with partial block */
682 TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen )
683 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
684
685exit:
686 mbedtls_cipher_free( &ctx );
687}
688/* END_CASE */
689
Manuel Pégourié-Gonnard5e7693f2014-06-13 16:08:07 +0200[diff] [blame]690/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]691void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]692 int length_val, int pad_mode )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]693{
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]694 size_t length = length_val, outlen, total_len, i, block_size;
Jaeden Amerod906b812018-06-08 11:03:16 +0100[diff] [blame]695 unsigned char key[64];
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]696 unsigned char iv[16];
Manuel Pégourié-Gonnard9241be72013-08-31 17:31:03 +0200[diff] [blame]697 unsigned char ad[13];
698 unsigned char tag[16];
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]699 unsigned char inbuf[64];
700 unsigned char encbuf[64];
701 unsigned char decbuf[64];
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]702
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]703 const mbedtls_cipher_info_t *cipher_info;
704 mbedtls_cipher_context_t ctx_dec;
705 mbedtls_cipher_context_t ctx_enc;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]706
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]707 /*
708 * Prepare contexts
709 */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]710 mbedtls_cipher_init( &ctx_dec );
711 mbedtls_cipher_init( &ctx_enc );
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]712
713 memset( key, 0x2a, sizeof( key ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]714
715 /* Check and get info structures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]716 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]717 TEST_ASSERT( NULL != cipher_info );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]718 TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]719
720 /* Initialise enc and dec contexts */
Manuel Pégourié-Gonnard8473f872015-05-14 13:51:45 +0200[diff] [blame]721 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
722 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]723
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]724 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
725 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]726
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]727#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]728 if( -1 != pad_mode )
Manuel Pégourié-Gonnard6c978992013-07-26 13:20:42 +0200[diff] [blame]729 {
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]730 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
731 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
Manuel Pégourié-Gonnard6c978992013-07-26 13:20:42 +0200[diff] [blame]732 }
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]733#else
734 (void) pad_mode;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]735#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
Manuel Pégourié-Gonnard6c978992013-07-26 13:20:42 +0200[diff] [blame]736
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]737 /*
738 * Do a few encode/decode cycles
739 */
740 for( i = 0; i < 3; i++ )
741 {
742 memset( iv , 0x00 + i, sizeof( iv ) );
743 memset( ad, 0x10 + i, sizeof( ad ) );
744 memset( inbuf, 0x20 + i, sizeof( inbuf ) );
745
746 memset( encbuf, 0, sizeof( encbuf ) );
747 memset( decbuf, 0, sizeof( decbuf ) );
748 memset( tag, 0, sizeof( tag ) );
749
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]750 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) );
751 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) );
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]752
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]753 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
754 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]755
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]756#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]757 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
758 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]759#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]760
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]761 block_size = mbedtls_cipher_get_block_size( &ctx_enc );
762 TEST_ASSERT( block_size != 0 );
763
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]764 /* encode length number of bytes from inbuf */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]765 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]766 total_len = outlen;
767
768 TEST_ASSERT( total_len == length ||
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]769 ( total_len % block_size == 0 &&
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]770 total_len < length &&
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]771 total_len + block_size > length ) );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]772
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]773 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]774 total_len += outlen;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]775
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]776#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]777 TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]778#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]779
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]780 TEST_ASSERT( total_len == length ||
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]781 ( total_len % block_size == 0 &&
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]782 total_len > length &&
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]783 total_len <= length + block_size ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]784
785 /* decode the previously encoded string */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]786 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, total_len, decbuf, &outlen ) );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]787 total_len = outlen;
788
789 TEST_ASSERT( total_len == length ||
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]790 ( total_len % block_size == 0 &&
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]791 total_len < length &&
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]792 total_len + block_size >= length ) );
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]793
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]794 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]795 total_len += outlen;
Paul Bakker343a8702011-06-09 14:27:58 +0000[diff] [blame]796
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]797#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]798 TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]799#endif
Manuel Pégourié-Gonnardaa9ffc52013-09-03 16:19:22 +0200[diff] [blame]800
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]801 /* check result */
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]802 TEST_ASSERT( total_len == length );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]803 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]804 }
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]805
Manuel Pégourié-Gonnard1af50a22013-09-05 10:30:32 +0200[diff] [blame]806 /*
807 * Done
808 */
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]809exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]810 mbedtls_cipher_free( &ctx_dec );
811 mbedtls_cipher_free( &ctx_enc );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]812}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]813/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]814
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]815/* BEGIN_CASE */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]816void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val,
817 int ret )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]818{
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]819 size_t length = length_val;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]820 unsigned char key[32];
821 unsigned char iv[16];
822
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]823 const mbedtls_cipher_info_t *cipher_info;
824 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]825
826 unsigned char inbuf[64];
827 unsigned char encbuf[64];
828
829 size_t outlen = 0;
830
831 memset( key, 0, 32 );
832 memset( iv , 0, 16 );
833
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]834 mbedtls_cipher_init( &ctx );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]835
836 memset( inbuf, 5, 64 );
837 memset( encbuf, 0, 64 );
838
839 /* Check and get info structures */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]840 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]841 TEST_ASSERT( NULL != cipher_info );
842
843 /* Initialise context */
Manuel Pégourié-Gonnard8473f872015-05-14 13:51:45 +0200[diff] [blame]844 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]845 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, key_len, MBEDTLS_ENCRYPT ) );
846#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
847 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]848#else
849 (void) pad_mode;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]850#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
851 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) );
852 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]853#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]854 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]855#endif
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]856
857 /* encode length number of bytes from inbuf */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]858 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
859 TEST_ASSERT( ret == mbedtls_cipher_finish( &ctx, encbuf + outlen, &outlen ) );
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]860
861 /* done */
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]862exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]863 mbedtls_cipher_free( &ctx );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]864}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]865/* END_CASE */
Manuel Pégourié-Gonnardebdc4132013-07-26 16:50:44 +0200[diff] [blame]866
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]867/* BEGIN_CASE */
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]868void dec_empty_buf( int cipher,
869 int expected_update_ret,
870 int expected_finish_ret )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]871{
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]872 unsigned char key[32];
873 unsigned char iv[16];
874
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]875 mbedtls_cipher_context_t ctx_dec;
876 const mbedtls_cipher_info_t *cipher_info;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]877
878 unsigned char encbuf[64];
879 unsigned char decbuf[64];
880
Paul Bakkerf4a3f302011-04-24 15:53:29 +0000[diff] [blame]881 size_t outlen = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]882
883 memset( key, 0, 32 );
884 memset( iv , 0, 16 );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]885
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]886 mbedtls_cipher_init( &ctx_dec );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]887
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]888 memset( encbuf, 0, 64 );
889 memset( decbuf, 0, 64 );
890
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]891 /* Initialise context */
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]892 cipher_info = mbedtls_cipher_info_from_type( cipher );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]893 TEST_ASSERT( NULL != cipher_info);
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]894 TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]895
Manuel Pégourié-Gonnard8473f872015-05-14 13:51:45 +0200[diff] [blame]896 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]897
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]898 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec,
899 key, cipher_info->key_bitlen,
900 MBEDTLS_DECRYPT ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]901
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]902 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]903
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]904 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]905
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]906#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]907 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]908#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]909
910 /* decode 0-byte string */
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]911 TEST_ASSERT( expected_update_ret ==
912 mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]913 TEST_ASSERT( 0 == outlen );
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]914
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]915 if ( expected_finish_ret == 0 &&
916 ( cipher_info->mode == MBEDTLS_MODE_CBC ||
917 cipher_info->mode == MBEDTLS_MODE_ECB ) )
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]918 {
919 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
920 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]921 * decrypting an empty buffer.
922 * On the other hand, CBC and ECB ciphers need a full block of input.
923 */
924 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
Jaeden Amero5ab80ef2019-06-05 15:35:08 +0100[diff] [blame]925 }
926
k-stachowiakd8727232019-07-29 17:46:29 +0200[diff] [blame]927 TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish(
928 &ctx_dec, decbuf + outlen, &outlen ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]929 TEST_ASSERT( 0 == outlen );
930
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]931exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]932 mbedtls_cipher_free( &ctx_dec );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]933}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]934/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]935
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]936/* BEGIN_CASE */
937void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]938 int second_length_val, int pad_mode,
939 int first_encrypt_output_len, int second_encrypt_output_len,
940 int first_decrypt_output_len, int second_decrypt_output_len )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]941{
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]942 size_t first_length = first_length_val;
943 size_t second_length = second_length_val;
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]944 size_t length = first_length + second_length;
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]945 size_t block_size;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]946 unsigned char key[32];
947 unsigned char iv[16];
948
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]949 mbedtls_cipher_context_t ctx_dec;
950 mbedtls_cipher_context_t ctx_enc;
951 const mbedtls_cipher_info_t *cipher_info;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]952
953 unsigned char inbuf[64];
954 unsigned char encbuf[64];
955 unsigned char decbuf[64];
956
Paul Bakker23986e52011-04-24 08:57:21 +0000[diff] [blame]957 size_t outlen = 0;
958 size_t totaloutlen = 0;
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]959
960 memset( key, 0, 32 );
961 memset( iv , 0, 16 );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]962
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]963 mbedtls_cipher_init( &ctx_dec );
964 mbedtls_cipher_init( &ctx_enc );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]965
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]966 memset( inbuf, 5, 64 );
967 memset( encbuf, 0, 64 );
968 memset( decbuf, 0, 64 );
969
970 /* Initialise enc and dec contexts */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]971 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]972 TEST_ASSERT( NULL != cipher_info);
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]973
Manuel Pégourié-Gonnard8473f872015-05-14 13:51:45 +0200[diff] [blame]974 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
975 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]976
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]977 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
978 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]979
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]980#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
981 if( -1 != pad_mode )
982 {
983 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
984 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
985 }
986#else
987 (void) pad_mode;
988#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
989
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]990 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
991 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) );
Manuel Pégourié-Gonnard9c853b92013-09-03 13:04:44 +0200[diff] [blame]992
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]993 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
994 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
Manuel Pégourié-Gonnard2adc40c2013-09-03 13:54:12 +0200[diff] [blame]995
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]996#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]997 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
998 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]999#endif
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1000
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]1001 block_size = mbedtls_cipher_get_block_size( &ctx_enc );
1002 TEST_ASSERT( block_size != 0 );
1003
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1004 /* encode length number of bytes from inbuf */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1005 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]1006 TEST_ASSERT( (size_t)first_encrypt_output_len == outlen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1007 totaloutlen = outlen;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1008 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) );
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]1009 TEST_ASSERT( (size_t)second_encrypt_output_len == outlen );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1010 totaloutlen += outlen;
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1011 TEST_ASSERT( totaloutlen == length ||
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]1012 ( totaloutlen % block_size == 0 &&
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1013 totaloutlen < length &&
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]1014 totaloutlen + block_size > length ) );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1015
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1016 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + totaloutlen, &outlen ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1017 totaloutlen += outlen;
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1018 TEST_ASSERT( totaloutlen == length ||
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]1019 ( totaloutlen % block_size == 0 &&
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1020 totaloutlen > length &&
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]1021 totaloutlen <= length + block_size ) );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1022
1023 /* decode the previously encoded string */
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]1024 second_length = totaloutlen - first_length;
1025 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) );
1026 TEST_ASSERT( (size_t)first_decrypt_output_len == outlen );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1027 totaloutlen = outlen;
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]1028 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) );
1029 TEST_ASSERT( (size_t)second_decrypt_output_len == outlen );
1030 totaloutlen += outlen;
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1031
1032 TEST_ASSERT( totaloutlen == length ||
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]1033 ( totaloutlen % block_size == 0 &&
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1034 totaloutlen < length &&
Manuel Pégourié-Gonnardac5361f2015-06-24 01:08:09 +0200[diff] [blame]1035 totaloutlen + block_size >= length ) );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1036
Jethro Beekman6c563fa2018-03-27 19:16:17 -0700[diff] [blame]1037 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) );
Manuel Pégourié-Gonnard725680f2013-07-25 15:26:54 +0200[diff] [blame]1038 totaloutlen += outlen;
1039
1040 TEST_ASSERT( totaloutlen == length );
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1041
1042 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
1043
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1044exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1045 mbedtls_cipher_free( &ctx_dec );
1046 mbedtls_cipher_free( &ctx_enc );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1047}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1048/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1049
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1050/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1051void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key,
1052 data_t * iv, data_t * cipher,
1053 data_t * clear, data_t * ad, data_t * tag,
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1054 int finish_result, int tag_result )
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1055{
Manuel Pégourié-Gonnard234e1ce2018-05-10 12:54:32 +0200[diff] [blame]1056 unsigned char output[265];
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1057 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1058 size_t outlen, total_len;
1059
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1060 mbedtls_cipher_init( &ctx );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]1061
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1062 memset( output, 0x00, sizeof( output ) );
1063
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1064#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
Mohammad Azim Khancf32c452017-06-13 14:55:58 +0100[diff] [blame]1065 ((void) ad);
1066 ((void) tag);
Manuel Pégourié-Gonnarda7496f02013-09-20 11:29:59 +0200[diff] [blame]1067#endif
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1068
1069 /* Prepare context */
Manuel Pégourié-Gonnard8473f872015-05-14 13:51:45 +0200[diff] [blame]1070 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1071 mbedtls_cipher_info_from_type( cipher_id ) ) );
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1072 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1073#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1074 if( pad_mode != -1 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1075 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
Manuel Pégourié-Gonnard989ed382013-09-13 14:41:45 +0200[diff] [blame]1076#else
1077 (void) pad_mode;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1078#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1079 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1080 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]1081#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1082 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]1083#endif
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1084
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1085 /* decode buffer and check tag->x */
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1086 total_len = 0;
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1087 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) );
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1088 total_len += outlen;
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1089 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1090 &outlen ) );
1091 total_len += outlen;
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200[diff] [blame]1092#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1093 TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) );
Manuel Pégourié-Gonnard8f625632014-06-24 15:26:28 +0200[diff] [blame]1094#endif
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1095
1096 /* check plaintext only if everything went fine */
1097 if( 0 == finish_result && 0 == tag_result )
1098 {
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1099 TEST_ASSERT( total_len == clear->len );
1100 TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) );
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1101 }
1102
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1103exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1104 mbedtls_cipher_free( &ctx );
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1105}
1106/* END_CASE */
1107
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1108/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1109void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
1110 data_t * ad, data_t * cipher, data_t * tag,
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1111 char * result, data_t * clear, int use_psa )
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1112{
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1113 /*
1114 * Take an AEAD ciphertext + tag and perform a pair
1115 * of AEAD decryption and AEAD encryption. Check that
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1116 * this results in the expected plaintext, and that
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1117 * decryption and encryption are inverse to one another.
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1118 *
1119 * Do that twice:
1120 * - once with legacy functions auth_decrypt/auth_encrypt
1121 * - once with new functions auth_decrypt_ext/auth_encrypt_ext
1122 * This allows testing both without duplicating test cases.
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1123 */
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1124
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1125 int ret;
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1126 int using_nist_kw, using_nist_kw_padding;
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1127
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1128 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1129 size_t outlen;
1130
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1131 unsigned char *cipher_plus_tag = NULL;
1132 size_t cipher_plus_tag_len;
1133 unsigned char *decrypt_buf = NULL;
1134 size_t decrypt_buf_len = 0;
1135 unsigned char *encrypt_buf = NULL;
1136 size_t encrypt_buf_len = 0;
1137
Manuel Pégourié-Gonnard513c2432020-12-01 10:34:57 +0100[diff] [blame]1138#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
1139 !defined(MBEDTLS_DEPRECATED_REMOVED)
Manuel Pégourié-Gonnard513c2432020-12-01 10:34:57 +0100[diff] [blame]1140 unsigned char *tmp_tag = NULL;
1141 unsigned char *tmp_cipher = NULL;
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1142 unsigned char *tag_buf = NULL;
Manuel Pégourié-Gonnard513c2432020-12-01 10:34:57 +0100[diff] [blame]1143#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
1144
1145 mbedtls_cipher_init( &ctx );
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1146
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1147 /* Initialize PSA Crypto */
1148#if defined(MBEDTLS_USE_PSA_CRYPTO)
1149 if( use_psa == 1 )
1150 PSA_ASSERT( psa_crypto_init( ) );
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1151#else
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1152 (void) use_psa;
1153#endif
1154
1155 /*
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1156 * Are we using NIST_KW? with padding?
1157 */
1158 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP ||
1159 cipher_id == MBEDTLS_CIPHER_AES_192_KWP ||
1160 cipher_id == MBEDTLS_CIPHER_AES_256_KWP;
1161 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW ||
1162 cipher_id == MBEDTLS_CIPHER_AES_192_KW ||
1163 cipher_id == MBEDTLS_CIPHER_AES_256_KW ||
1164 using_nist_kw_padding;
1165
Manuel Pégourié-Gonnard513c2432020-12-01 10:34:57 +0100[diff] [blame]1166 /****************************************************************
1167 * *
1168 * Part 1: non-deprecated API *
1169 * *
1170 ****************************************************************/
1171
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1172 /*
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1173 * Prepare context for decryption
1174 */
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]1175 cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
1176 MBEDTLS_DECRYPT );
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1177
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1178 /*
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1179 * prepare buffer for decryption
1180 * (we need the tag appended to the ciphertext)
1181 */
1182 cipher_plus_tag_len = cipher->len + tag->len;
1183 ASSERT_ALLOC( cipher_plus_tag, cipher_plus_tag_len );
1184 memcpy( cipher_plus_tag, cipher->x, cipher->len );
1185 memcpy( cipher_plus_tag + cipher->len, tag->x, tag->len );
1186
1187 /*
1188 * Compute length of output buffer according to the documentation
1189 */
1190 if( using_nist_kw )
1191 decrypt_buf_len = cipher_plus_tag_len - 8;
1192 else
1193 decrypt_buf_len = cipher_plus_tag_len - tag->len;
1194
1195
1196 /*
1197 * Try decrypting to a buffer that's 1B too small
1198 */
1199 if( decrypt_buf_len != 0 )
1200 {
1201 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len - 1 );
1202
1203 outlen = 0;
1204 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len,
1205 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
1206 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len );
1207 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
1208
1209 mbedtls_free( decrypt_buf );
1210 decrypt_buf = NULL;
1211 }
1212
1213 /*
1214 * Authenticate and decrypt, and check result
1215 */
1216 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len );
1217
1218 outlen = 0;
1219 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len,
1220 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
1221 decrypt_buf, decrypt_buf_len, &outlen, tag->len );
1222
1223 if( strcmp( result, "FAIL" ) == 0 )
1224 {
1225 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
1226 }
1227 else
1228 {
1229 TEST_ASSERT( ret == 0 );
1230
1231 TEST_ASSERT( outlen == clear->len );
1232 if( clear->len != 0 )
1233 TEST_ASSERT( memcmp( decrypt_buf, clear->x, clear->len ) == 0 );
1234 }
1235
Manuel Pégourié-Gonnard513c2432020-12-01 10:34:57 +0100[diff] [blame]1236 /* Free this, but keep cipher_plus_tag for deprecated function with PSA */
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1237 mbedtls_free( decrypt_buf );
1238 decrypt_buf = NULL;
1239
1240 /*
1241 * Encrypt back if test data was authentic
1242 */
1243 if( strcmp( result, "FAIL" ) != 0 )
1244 {
1245 /* prepare context for encryption */
1246 cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
1247 MBEDTLS_ENCRYPT );
1248
1249 /*
1250 * Compute size of output buffer according to documentation
1251 */
1252 if( using_nist_kw )
1253 {
1254 encrypt_buf_len = clear->len + 8;
1255 if( using_nist_kw_padding && encrypt_buf_len % 8 != 0 )
1256 encrypt_buf_len += 8 - encrypt_buf_len % 8;
1257 }
1258 else
1259 {
1260 encrypt_buf_len = clear->len + tag->len;
1261 }
1262
1263 /*
1264 * Try encrypting with an output buffer that's 1B too small
1265 */
1266 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len - 1 );
1267
1268 outlen = 0;
1269 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len,
1270 ad->x, ad->len, clear->x, clear->len,
1271 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len );
1272 TEST_ASSERT( ret != 0 );
1273
1274 mbedtls_free( encrypt_buf );
1275 encrypt_buf = NULL;
1276
1277 /*
1278 * Encrypt and check the result
1279 */
1280 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len );
1281
1282 outlen = 0;
1283 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len,
1284 ad->x, ad->len, clear->x, clear->len,
1285 encrypt_buf, encrypt_buf_len, &outlen, tag->len );
1286 TEST_ASSERT( ret == 0 );
1287
1288 TEST_ASSERT( outlen == cipher->len + tag->len );
1289 TEST_ASSERT( memcmp( encrypt_buf, cipher->x, cipher->len ) == 0 );
1290 TEST_ASSERT( memcmp( encrypt_buf + cipher->len,
1291 tag->x, tag->len ) == 0 );
1292
1293 mbedtls_free( encrypt_buf );
1294 encrypt_buf = NULL;
1295 }
1296
Manuel Pégourié-Gonnard513c2432020-12-01 10:34:57 +0100[diff] [blame]1297 /****************************************************************
1298 * *
1299 * Part 2: deprecated API *
1300 * *
1301 ****************************************************************/
1302
1303#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
1304 !defined(MBEDTLS_DEPRECATED_REMOVED)
1305
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1306 /*
1307 * Prepare context for decryption
1308 */
1309 cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
1310 MBEDTLS_DECRYPT );
1311
1312 /*
1313 * Prepare pointers for decryption
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1314 */
1315#if defined(MBEDTLS_USE_PSA_CRYPTO)
1316 if( use_psa == 1 )
1317 {
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1318 /* PSA requires that the tag immediately follows the ciphertext.
1319 * Fortunately, we already have that from testing the new API. */
1320 tmp_cipher = cipher_plus_tag;
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1321 tmp_tag = tmp_cipher + cipher->len;
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1322 }
1323 else
1324#endif /* MBEDTLS_USE_PSA_CRYPTO */
1325 {
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1326 tmp_cipher = cipher->x;
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1327 tmp_tag = tag->x;
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1328 }
1329
1330 /*
1331 * Authenticate and decrypt, and check result
1332 */
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1333
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1334 /* We can't pass a NULL output buffer to this funciton */
1335 ASSERT_ALLOC( decrypt_buf, cipher->len ? cipher->len : 1 );
1336 outlen = 0;
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1337 ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1338 tmp_cipher, cipher->len, decrypt_buf, &outlen,
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1339 tmp_tag, tag->len );
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1340
Manuel Pégourié-Gonnardf2ffbc42020-12-01 09:57:55 +0100[diff] [blame]1341 if( using_nist_kw )
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1342 {
Manuel Pégourié-Gonnardf2ffbc42020-12-01 09:57:55 +0100[diff] [blame]1343 /* NIST_KW with legacy API */
1344 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1345 }
1346 else if( strcmp( result, "FAIL" ) == 0 )
1347 {
1348 /* unauthentic message */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1349 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
Gilles Peskine139ec3b2019-04-16 15:25:20 +0200[diff] [blame]1350 }
1351 else
Gilles Peskine139ec3b2019-04-16 15:25:20 +0200[diff] [blame]1352 {
Manuel Pégourié-Gonnardf2ffbc42020-12-01 09:57:55 +0100[diff] [blame]1353 /* authentic message: is the plaintext correct? */
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1354 TEST_ASSERT( ret == 0 );
1355
1356 TEST_ASSERT( outlen == clear->len );
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1357 TEST_ASSERT( memcmp( decrypt_buf, clear->x, clear->len ) == 0 );
Manuel Pégourié-Gonnardf2ffbc42020-12-01 09:57:55 +0100[diff] [blame]1358 }
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1359
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1360 mbedtls_free( decrypt_buf );
1361 decrypt_buf = NULL;
1362 mbedtls_free( cipher_plus_tag );
1363 cipher_plus_tag = NULL;
1364
Manuel Pégourié-Gonnardf2ffbc42020-12-01 09:57:55 +0100[diff] [blame]1365 /*
1366 * Encrypt back if test data was authentic
1367 */
1368 if( strcmp( result, "FAIL" ) != 0 )
1369 {
1370 /* prepare context for encryption */
Manuel Pégourié-Gonnard89a8fe52020-11-27 09:32:55 +0100[diff] [blame]1371 cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key,
1372 MBEDTLS_ENCRYPT );
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1373
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1374 /* prepare buffers for encryption */
1375#if defined(MBEDTLS_USE_PSA_CRYPTO)
1376 if( use_psa )
1377 {
1378 ASSERT_ALLOC( cipher_plus_tag, cipher->len + tag->len );
1379 tmp_cipher = cipher_plus_tag;
1380 tmp_tag = cipher_plus_tag + cipher->len;
1381 }
1382 else
1383#endif /* MBEDTLS_USE_PSA_CRYPTO */
1384 {
1385 /* can't pass a NULL output buffer to this function */
1386 ASSERT_ALLOC( encrypt_buf, cipher->len ? cipher->len : 1 );
1387 ASSERT_ALLOC( tag_buf, tag->len );
1388 tmp_cipher = encrypt_buf;
1389 tmp_tag = tag_buf;
1390 }
1391
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1392 /*
1393 * Encrypt and check the result
1394 */
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1395 outlen = 0;
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1396 ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1397 clear->x, clear->len, tmp_cipher, &outlen,
1398 tmp_tag, tag->len );
Manuel Pégourié-Gonnard4c1a1002020-11-26 10:22:50 +0100[diff] [blame]1399
Manuel Pégourié-Gonnardf2ffbc42020-12-01 09:57:55 +0100[diff] [blame]1400 if( using_nist_kw )
1401 {
1402 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
1403 }
1404 else
1405 {
1406 TEST_ASSERT( ret == 0 );
1407
1408 TEST_ASSERT( outlen == cipher->len );
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1409 TEST_ASSERT( memcmp( tmp_cipher, cipher->x, cipher->len ) == 0 );
1410 TEST_ASSERT( memcmp( tmp_tag, tag->x, tag->len ) == 0 );
Manuel Pégourié-Gonnardf2ffbc42020-12-01 09:57:55 +0100[diff] [blame]1411 }
Gilles Peskine139ec3b2019-04-16 15:25:20 +0200[diff] [blame]1412 }
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1413
Manuel Pégourié-Gonnard513c2432020-12-01 10:34:57 +0100[diff] [blame]1414#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
1415
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1416exit:
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1417
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]1418 mbedtls_cipher_free( &ctx );
Manuel Pégourié-Gonnard53f10e72020-11-30 10:17:01 +0100[diff] [blame]1419 mbedtls_free( decrypt_buf );
1420 mbedtls_free( encrypt_buf );
1421 mbedtls_free( cipher_plus_tag );
Manuel Pégourié-Gonnard9b2a7892020-12-03 11:09:46 +0100[diff] [blame]1422#if !defined(MBEDTLS_DEPRECATED_WARNING) && \
1423 !defined(MBEDTLS_DEPRECATED_REMOVED)
1424 mbedtls_free( tag_buf );
1425#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]1426
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1427#if defined(MBEDTLS_USE_PSA_CRYPTO)
1428 if( use_psa == 1 )
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]1429 PSA_DONE( );
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1430#endif /* MBEDTLS_USE_PSA_CRYPTO */
Manuel Pégourié-Gonnard542eac52014-05-15 16:03:07 +0200[diff] [blame]1431}
1432/* END_CASE */
1433
Manuel Pégourié-Gonnard8eccab52013-09-03 18:31:25 +0200[diff] [blame]1434/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1435void test_vec_ecb( int cipher_id, int operation, data_t * key,
1436 data_t * input, data_t * result, int finish_result
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1437 )
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1438{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1439 mbedtls_cipher_context_t ctx;
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1440 unsigned char output[32];
1441 size_t outlen;
1442
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1443 mbedtls_cipher_init( &ctx );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]1444
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1445 memset( output, 0x00, sizeof( output ) );
1446
1447 /* Prepare context */
Manuel Pégourié-Gonnard8473f872015-05-14 13:51:45 +0200[diff] [blame]1448 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1449 mbedtls_cipher_info_from_type( cipher_id ) ) );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1450
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1451
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1452 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1453
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1454 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1455 mbedtls_cipher_get_block_size( &ctx ),
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1456 output, &outlen ) );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1457 TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) );
1458 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1459 &outlen ) );
1460 TEST_ASSERT( 0 == outlen );
1461
1462 /* check plaintext only if everything went fine */
1463 if( 0 == finish_result )
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1464 TEST_ASSERT( 0 == memcmp( output, result->x,
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1465 mbedtls_cipher_get_block_size( &ctx ) ) );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1466
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1467exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1468 mbedtls_cipher_free( &ctx );
Paul Bakker5e0efa72013-09-08 23:04:04 +0200[diff] [blame]1469}
1470/* END_CASE */
1471
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1472/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]1473void test_vec_crypt( int cipher_id, int operation, data_t *key,
1474 data_t *iv, data_t *input, data_t *result,
Hanno Beckere43164e2018-11-12 12:46:35 +0000[diff] [blame]1475 int finish_result, int use_psa )
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1476{
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1477 mbedtls_cipher_context_t ctx;
1478 unsigned char output[32];
1479 size_t outlen;
1480
1481 mbedtls_cipher_init( &ctx );
1482
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1483 memset( output, 0x00, sizeof( output ) );
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1484
1485 /* Prepare context */
Hanno Beckere43164e2018-11-12 12:46:35 +0000[diff] [blame]1486#if !defined(MBEDTLS_USE_PSA_CRYPTO)
1487 (void) use_psa;
1488#else
1489 if( use_psa == 1 )
1490 {
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]1491 PSA_ASSERT( psa_crypto_init( ) );
Hanno Beckere43164e2018-11-12 12:46:35 +0000[diff] [blame]1492 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx,
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1493 mbedtls_cipher_info_from_type( cipher_id ), 0 ) );
Hanno Beckere43164e2018-11-12 12:46:35 +0000[diff] [blame]1494 }
1495 else
1496#endif /* MBEDTLS_USE_PSA_CRYPTO */
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1497 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
Hanno Beckera13272d2018-11-12 16:27:30 +0000[diff] [blame]1498 mbedtls_cipher_info_from_type( cipher_id ) ) );
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1499
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]1500 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1501 if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode )
1502 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) );
1503
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]1504 TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL,
1505 iv->len, input->x, input->len,
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1506 output, &outlen ) );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]1507 TEST_ASSERT( result->len == outlen );
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1508 /* check plaintext only if everything went fine */
1509 if( 0 == finish_result )
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]1510 TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) );
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1511
1512exit:
1513 mbedtls_cipher_free( &ctx );
Gilles Peskine5386f6b2019-08-01 12:47:40 +0200[diff] [blame]1514#if defined(MBEDTLS_USE_PSA_CRYPTO)
1515 PSA_DONE( );
1516#endif /* MBEDTLS_USE_PSA_CRYPTO */
Ron Eldor7b012442017-09-25 17:03:12 +0300[diff] [blame]1517}
1518/* END_CASE */
1519
1520/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1521void set_padding( int cipher_id, int pad_mode, int ret )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1522{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1523 const mbedtls_cipher_info_t *cipher_info;
1524 mbedtls_cipher_context_t ctx;
Manuel Pégourié-Gonnardd5fdcaf2013-07-24 18:05:00 +0200[diff] [blame]1525
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1526 mbedtls_cipher_init( &ctx );
Paul Bakkerd2a2d612014-07-01 15:45:49 +0200[diff] [blame]1527
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1528 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
Manuel Pégourié-Gonnardd5fdcaf2013-07-24 18:05:00 +0200[diff] [blame]1529 TEST_ASSERT( NULL != cipher_info );
Manuel Pégourié-Gonnard8473f872015-05-14 13:51:45 +0200[diff] [blame]1530 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
Manuel Pégourié-Gonnardd5fdcaf2013-07-24 18:05:00 +0200[diff] [blame]1531
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1532 TEST_ASSERT( ret == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
Manuel Pégourié-Gonnardd5fdcaf2013-07-24 18:05:00 +0200[diff] [blame]1533
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]1534exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1535 mbedtls_cipher_free( &ctx );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1536}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1537/* END_CASE */
Paul Bakker8123e9d2011-01-06 15:37:30 +0000[diff] [blame]1538
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1539/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]1540void check_padding( int pad_mode, data_t * input, int ret, int dlen_check
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1541 )
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1542{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1543 mbedtls_cipher_info_t cipher_info;
1544 mbedtls_cipher_context_t ctx;
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]1545 size_t dlen;
Manuel Pégourié-Gonnarda6408492013-07-26 10:55:02 +0200[diff] [blame]1546
1547 /* build a fake context just for getting access to get_padding */
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1548 mbedtls_cipher_init( &ctx );
1549 cipher_info.mode = MBEDTLS_MODE_CBC;
Manuel Pégourié-Gonnarda6408492013-07-26 10:55:02 +0200[diff] [blame]1550 ctx.cipher_info = &cipher_info;
1551
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]1552 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
Manuel Pégourié-Gonnarda6408492013-07-26 10:55:02 +0200[diff] [blame]1553
Manuel Pégourié-Gonnarda6408492013-07-26 10:55:02 +0200[diff] [blame]1554
Azim Khand30ca132017-06-09 04:32:58 +0100[diff] [blame]1555 TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) );
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1556 if( 0 == ret )
1557 TEST_ASSERT( dlen == (size_t) dlen_check );
Paul Bakkerdbd443d2013-08-16 13:38:47 +0200[diff] [blame]1558}
Paul Bakker33b43f12013-08-20 11:48:36 +0200[diff] [blame]1559/* END_CASE */