blob: 51cc0abd8f6a106f54bb5fad075f728222e5452c [file] [log] [blame]
Daniel Kingb8025c52016-05-17 14:43:01 -03001/* BEGIN_HEADER */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +02002#include "mbedtls/chachapoly.h"
Daniel Kingb8025c52016-05-17 14:43:01 -03003/* END_HEADER */
4
5/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +02006 * depends_on:MBEDTLS_CHACHAPOLY_C
Daniel Kingb8025c52016-05-17 14:43:01 -03007 * END_DEPENDENCIES
8 */
9
10/* BEGIN_CASE */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +020011void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
Daniel Kingb8025c52016-05-17 14:43:01 -030012{
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020013 unsigned char key_str[32]; /* size set by the standard */
14 unsigned char nonce_str[12]; /* size set by the standard */
15 unsigned char aad_str[12]; /* max size of test data so far */
16 unsigned char input_str[265]; /* max size of binary input/output so far */
17 unsigned char output_str[265];
18 unsigned char output[265];
19 unsigned char mac_str[16]; /* size set by the standard */
20 unsigned char mac[16]; /* size set by the standard */
Daniel Kingb8025c52016-05-17 14:43:01 -030021 size_t input_len;
22 size_t output_len;
23 size_t aad_len;
24 size_t key_len;
25 size_t nonce_len;
26 size_t mac_len;
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020027 mbedtls_chachapoly_context ctx;
Daniel Kingb8025c52016-05-17 14:43:01 -030028
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020029 memset( key_str, 0x00, sizeof( key_str ) );
30 memset( nonce_str, 0x00, sizeof( nonce_str ) );
31 memset( aad_str, 0x00, sizeof( aad_str ) );
32 memset( input_str, 0x00, sizeof( input_str ) );
33 memset( output_str, 0x00, sizeof( output_str ) );
34 memset( mac_str, 0x00, sizeof( mac_str ) );
Daniel Kingb8025c52016-05-17 14:43:01 -030035
36 aad_len = unhexify( aad_str, hex_aad_string );
37 input_len = unhexify( input_str, hex_input_string );
38 output_len = unhexify( output_str, hex_output_string );
39 key_len = unhexify( key_str, hex_key_string );
40 nonce_len = unhexify( nonce_str, hex_nonce_string );
41 mac_len = unhexify( mac_str, hex_mac_string );
42
43 TEST_ASSERT( key_len == 32 );
44 TEST_ASSERT( nonce_len == 12 );
45 TEST_ASSERT( mac_len == 16 );
46
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020047 mbedtls_chachapoly_init( &ctx );
48
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +020049 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020050
Manuel Pégourié-Gonnard3dc62a02018-06-04 12:18:19 +020051 TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020052 input_len, nonce_str,
53 aad_str, aad_len,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +020054 input_str, output, mac ) == 0 );
Daniel Kingb8025c52016-05-17 14:43:01 -030055
56 TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
57 TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020058
59exit:
60 mbedtls_chachapoly_free( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -030061}
62/* END_CASE */
63
64/* BEGIN_CASE */
Manuel Pégourié-Gonnard72967712018-05-09 12:22:13 +020065void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp )
Daniel Kingb8025c52016-05-17 14:43:01 -030066{
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020067 unsigned char key_str[32]; /* size set by the standard */
68 unsigned char nonce_str[12]; /* size set by the standard */
69 unsigned char aad_str[12]; /* max size of test data so far */
70 unsigned char input_str[265]; /* max size of binary input/output so far */
71 unsigned char output_str[265];
72 unsigned char output[265];
73 unsigned char mac_str[16]; /* size set by the standard */
Daniel Kingb8025c52016-05-17 14:43:01 -030074 size_t input_len;
75 size_t output_len;
76 size_t aad_len;
77 size_t key_len;
78 size_t nonce_len;
79 size_t mac_len;
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +020080 int ret;
81 mbedtls_chachapoly_context ctx;
Daniel Kingb8025c52016-05-17 14:43:01 -030082
Manuel Pégourié-Gonnard528524b2018-05-09 11:21:21 +020083 memset( key_str, 0x00, sizeof( key_str ) );
84 memset( nonce_str, 0x00, sizeof( nonce_str ) );
85 memset( aad_str, 0x00, sizeof( aad_str ) );
86 memset( input_str, 0x00, sizeof( input_str ) );
87 memset( output_str, 0x00, sizeof( output_str ) );
88 memset( mac_str, 0x00, sizeof( mac_str ) );
Daniel Kingb8025c52016-05-17 14:43:01 -030089
90 aad_len = unhexify( aad_str, hex_aad_string );
91 input_len = unhexify( input_str, hex_input_string );
92 output_len = unhexify( output_str, hex_output_string );
93 key_len = unhexify( key_str, hex_key_string );
94 nonce_len = unhexify( nonce_str, hex_nonce_string );
95 mac_len = unhexify( mac_str, hex_mac_string );
96
97 TEST_ASSERT( key_len == 32 );
98 TEST_ASSERT( nonce_len == 12 );
99 TEST_ASSERT( mac_len == 16 );
100
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200101 mbedtls_chachapoly_init( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -0300102
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200103 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200104
105 ret = mbedtls_chachapoly_auth_decrypt( &ctx,
106 input_len, nonce_str,
107 aad_str, aad_len,
108 mac_str, input_str, output );
109
Manuel Pégourié-Gonnard72967712018-05-09 12:22:13 +0200110 TEST_ASSERT( ret == ret_exp );
111 if( ret_exp == 0 )
112 {
113 TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
114 }
Manuel Pégourié-Gonnard346b8d52018-05-07 12:56:36 +0200115
116exit:
117 mbedtls_chachapoly_free( &ctx );
Daniel Kingb8025c52016-05-17 14:43:01 -0300118}
119/* END_CASE */
120
Hanno Beckerae2ff022018-12-11 15:14:02 +0000121/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200122void chachapoly_bad_params()
123{
124 unsigned char key[32];
125 unsigned char nonce[12];
126 unsigned char aad[1];
127 unsigned char input[1];
128 unsigned char output[1];
129 unsigned char mac[16];
130 size_t input_len = sizeof( input );
131 size_t aad_len = sizeof( aad );
132 mbedtls_chachapoly_context ctx;
133
134 memset( key, 0x00, sizeof( key ) );
135 memset( nonce, 0x00, sizeof( nonce ) );
136 memset( aad, 0x00, sizeof( aad ) );
137 memset( input, 0x00, sizeof( input ) );
138 memset( output, 0x00, sizeof( output ) );
139 memset( mac, 0x00, sizeof( mac ) );
140
Hanno Beckerae2ff022018-12-11 15:14:02 +0000141 TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200142
Hanno Beckerae2ff022018-12-11 15:14:02 +0000143 /* setkey */
144 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
145 mbedtls_chachapoly_setkey( NULL, key ) );
146 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
147 mbedtls_chachapoly_setkey( &ctx, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200148
Hanno Beckerae2ff022018-12-11 15:14:02 +0000149 /* encrypt_and_tag */
150 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
151 mbedtls_chachapoly_encrypt_and_tag( NULL,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200152 0, nonce,
153 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000154 input, output, mac ) );
155 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
156 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200157 0, NULL,
158 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000159 input, output, mac ) );
160 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
161 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200162 0, nonce,
163 NULL, aad_len,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000164 input, output, mac ) );
165 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
166 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200167 input_len, nonce,
168 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000169 NULL, output, mac ) );
170 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
171 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200172 input_len, nonce,
173 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000174 input, NULL, mac ) );
175 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
176 mbedtls_chachapoly_encrypt_and_tag( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200177 0, nonce,
178 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000179 input, output, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200180
Hanno Beckerae2ff022018-12-11 15:14:02 +0000181 /* auth_decrypt */
182 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
183 mbedtls_chachapoly_auth_decrypt( NULL,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200184 0, nonce,
185 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000186 mac, input, output ) );
187 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
188 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200189 0, NULL,
190 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000191 mac, input, output ) );
192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
193 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200194 0, nonce,
195 NULL, aad_len,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000196 mac, input, output ) );
197 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
198 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200199 0, nonce,
200 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000201 NULL, input, output ) );
202 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
203 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200204 input_len, nonce,
205 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000206 mac, NULL, output ) );
207 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
208 mbedtls_chachapoly_auth_decrypt( &ctx,
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200209 input_len, nonce,
210 aad, 0,
Hanno Beckerae2ff022018-12-11 15:14:02 +0000211 mac, input, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200212
Hanno Beckerae2ff022018-12-11 15:14:02 +0000213 /* starts */
214 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
215 mbedtls_chachapoly_starts( NULL, nonce,
216 MBEDTLS_CHACHAPOLY_ENCRYPT ) );
217 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
218 mbedtls_chachapoly_starts( &ctx, NULL,
219 MBEDTLS_CHACHAPOLY_ENCRYPT ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200220
Hanno Beckerae2ff022018-12-11 15:14:02 +0000221 /* update_aad */
222 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
223 mbedtls_chachapoly_update_aad( NULL, aad,
224 aad_len ) );
225 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
226 mbedtls_chachapoly_update_aad( &ctx, NULL,
227 aad_len ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200228
Hanno Beckerae2ff022018-12-11 15:14:02 +0000229 /* update */
230 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
231 mbedtls_chachapoly_update( NULL, input_len,
232 input, output ) );
233 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
234 mbedtls_chachapoly_update( &ctx, input_len,
235 NULL, output ) );
236 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
237 mbedtls_chachapoly_update( &ctx, input_len,
238 input, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200239
Hanno Beckerae2ff022018-12-11 15:14:02 +0000240 /* finish */
241 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
242 mbedtls_chachapoly_finish( NULL, mac ) );
243 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
244 mbedtls_chachapoly_finish( &ctx, NULL ) );
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200245
246exit:
Hanno Beckerae2ff022018-12-11 15:14:02 +0000247 return;
Manuel Pégourié-Gonnard59d2c302018-05-10 10:39:32 +0200248}
249/* END_CASE */
250
Manuel Pégourié-Gonnardceb12252018-05-10 11:41:00 +0200251/* BEGIN_CASE */
252void chachapoly_state()
253{
254 unsigned char key[32];
255 unsigned char nonce[12];
256 unsigned char aad[1];
257 unsigned char input[1];
258 unsigned char output[1];
259 unsigned char mac[16];
260 size_t input_len = sizeof( input );
261 size_t aad_len = sizeof( aad );
262 mbedtls_chachapoly_context ctx;
263
264 memset( key, 0x00, sizeof( key ) );
265 memset( nonce, 0x00, sizeof( nonce ) );
266 memset( aad, 0x00, sizeof( aad ) );
267 memset( input, 0x00, sizeof( input ) );
268 memset( output, 0x00, sizeof( output ) );
269 memset( mac, 0x00, sizeof( mac ) );
270
271 /* Initial state: finish, update, update_aad forbidden */
272 mbedtls_chachapoly_init( &ctx );
273
274 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
275 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
276 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
277 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
278 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
279 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
280
281 /* Still initial state: finish, update, update_aad forbidden */
282 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
283 == 0 );
284
285 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
286 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
287 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
288 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
289 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
290 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
291
292 /* Starts -> finish OK */
293 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
294 == 0 );
295 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
296 == 0 );
297
298 /* After finish: update, update_aad forbidden */
299 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
300 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
301 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
302 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
303
304 /* Starts -> update* OK */
305 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
306 == 0 );
307 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
308 == 0 );
309 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
310 == 0 );
311
312 /* After update: update_aad forbidden */
313 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
314 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
315
316 /* Starts -> update_aad* -> finish OK */
317 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
318 == 0 );
319 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
320 == 0 );
321 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
322 == 0 );
323 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
324 == 0 );
325
326exit:
327 mbedtls_chachapoly_free( &ctx );
328}
329/* END_CASE */
330
Daniel Kingb8025c52016-05-17 14:43:01 -0300331/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200332void chachapoly_selftest()
Daniel Kingb8025c52016-05-17 14:43:01 -0300333{
Manuel Pégourié-Gonnarddca3a5d2018-05-07 10:43:27 +0200334 TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
Daniel Kingb8025c52016-05-17 14:43:01 -0300335}
336/* END_CASE */