TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / mirror / mbed-tls / 8fb1754e1ab4408fad3496abe52fdc61fb0d0e81 / . / tests / suites / test_suite_ccm.function
blob: d9c397c68e87144cce535e168513ac4ff2dfca51 [file] [log] [blame]
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]1/* BEGIN_HEADER */
Manuel Pégourié-Gonnard7f809972015-03-09 17:05:11 +0000[diff] [blame]2#include "mbedtls/ccm.h"
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]3
4/* Use the multipart interface to process the encrypted data in two parts
5 * and check that the output matches the expected output.
6 * The context must have been set up with the key. */
7static int check_multipart( mbedtls_ccm_context *ctx,
8 int mode,
9 const data_t *iv,
10 const data_t *add,
11 const data_t *input,
12 const data_t *expected_output,
13 const data_t *tag,
14 size_t n1,
15 size_t n1_add)
16{
17 int ok = 0;
18 uint8_t *output = NULL;
19 size_t n2 = input->len - n1;
20 size_t n2_add = add->len - n1_add;
21 size_t olen;
22
23 /* Sanity checks on the test data */
24 TEST_ASSERT( n1 <= input->len );
25 TEST_ASSERT( n1_add <= add->len );
26 TEST_EQUAL( input->len, expected_output->len );
27 TEST_EQUAL( 0, mbedtls_ccm_starts( ctx, mode, iv->x, iv->len ) );
28 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( ctx, add->len, input->len, tag->len ) );
29 TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x, n1_add) );
30 TEST_EQUAL( 0, mbedtls_ccm_update_ad( ctx, add->x + n1_add, n2_add ) );
31
32 /* Allocate a tight buffer for each update call. This way, if the function
33 * tries to write beyond the advertised required buffer size, this will
34 * count as an overflow for memory sanitizers and static checkers. */
35 ASSERT_ALLOC( output, n1 );
36 olen = 0xdeadbeef;
37 TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x, n1, output, n1, &olen ) );
38 TEST_EQUAL( n1, olen );
39 ASSERT_COMPARE( output, olen, expected_output->x, n1 );
40 mbedtls_free( output );
41 output = NULL;
42
43 ASSERT_ALLOC( output, n2 );
44 olen = 0xdeadbeef;
45 TEST_EQUAL( 0, mbedtls_ccm_update( ctx, input->x + n1, n2, output, n2, &olen ) );
46 TEST_EQUAL( n2, olen );
47 ASSERT_COMPARE( output, olen, expected_output->x + n1, n2 );
48 mbedtls_free( output );
49 output = NULL;
50
Mateusz Starzykc8bdf362021-07-28 15:39:51 +0200[diff] [blame]51 ASSERT_ALLOC( output, tag->len );
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]52 TEST_EQUAL( 0, mbedtls_ccm_finish( ctx, output, tag->len ) );
53 ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
54 mbedtls_free( output );
55 output = NULL;
56
57 ok = 1;
58exit:
59 mbedtls_free( output );
60 return( ok );
61}
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]62/* END_HEADER */
63
64/* BEGIN_DEPENDENCIES
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]65 * depends_on:MBEDTLS_CCM_C
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]66 * END_DEPENDENCIES
67 */
68
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]69/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
Azim Khanf1aaec92017-05-30 14:23:15 +0100[diff] [blame]70void mbedtls_ccm_self_test( )
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]71{
Andres AG93012e82016-09-09 09:10:28 +0100[diff] [blame]72 TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 );
Manuel Pégourié-Gonnarda6916fa2014-05-02 15:17:29 +0200[diff] [blame]73}
74/* END_CASE */
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]75
76/* BEGIN_CASE */
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]77void mbedtls_ccm_setkey( int cipher_id, int key_size, int result )
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]78{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]79 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]80 unsigned char key[32];
81 int ret;
82
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]83 mbedtls_ccm_init( &ctx );
84
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]85 memset( key, 0x2A, sizeof( key ) );
86 TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
87
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]88 ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size );
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]89 TEST_ASSERT( ret == result );
90
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]91exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]92 mbedtls_ccm_free( &ctx );
Manuel Pégourié-Gonnard9fe0d132014-05-06 12:12:45 +0200[diff] [blame]93}
94/* END_CASE */
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]95
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]96/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]97void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res )
98{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]99 mbedtls_ccm_context ctx;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]100 unsigned char key[16];
101 unsigned char msg[10];
102 unsigned char iv[14];
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]103 unsigned char *add = NULL;
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]104 unsigned char out[10];
105 unsigned char tag[18];
106 int decrypt_ret;
107
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]108 mbedtls_ccm_init( &ctx );
109
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]110 ASSERT_ALLOC_WEAK( add, add_len );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]111 memset( key, 0, sizeof( key ) );
112 memset( msg, 0, sizeof( msg ) );
113 memset( iv, 0, sizeof( iv ) );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]114 memset( out, 0, sizeof( out ) );
115 memset( tag, 0, sizeof( tag ) );
116
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]117 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]118 key, 8 * sizeof( key ) ) == 0 );
119
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]120 TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len,
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]121 msg, out, tag, tag_len ) == res );
122
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]123 decrypt_ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len,
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]124 msg, out, tag, tag_len );
125
126 if( res == 0 )
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]127 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]128 else
129 TEST_ASSERT( decrypt_ret == res );
130
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]131exit:
Dave Rodgman2e680342020-10-15 14:00:40 +0100[diff] [blame]132 mbedtls_free( add );
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]133 mbedtls_ccm_free( &ctx );
Manuel Pégourié-Gonnard87df5ba2014-05-06 18:07:24 +0200[diff] [blame]134}
135/* END_CASE */
136
Janos Follath95ab93d2018-05-14 14:32:41 +0100[diff] [blame]137/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
138void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len,
139 int res )
140{
141 mbedtls_ccm_context ctx;
142 unsigned char key[16];
143 unsigned char msg[10];
144 unsigned char iv[14];
145 unsigned char add[10];
146 unsigned char out[10];
147 unsigned char tag[18];
148 int decrypt_ret;
149
150 mbedtls_ccm_init( &ctx );
151
152 memset( key, 0, sizeof( key ) );
153 memset( msg, 0, sizeof( msg ) );
154 memset( iv, 0, sizeof( iv ) );
155 memset( add, 0, sizeof( add ) );
156 memset( out, 0, sizeof( out ) );
157 memset( tag, 0, sizeof( tag ) );
158
159 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
160 key, 8 * sizeof( key ) ) == 0 );
161
162 TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len,
163 add, add_len, msg, out, tag, tag_len ) == res );
164
165 decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add,
166 add_len, msg, out, tag, tag_len );
167
168 if( res == 0 && tag_len != 0 )
169 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED );
170 else
171 TEST_ASSERT( decrypt_ret == res );
172
173exit:
174 mbedtls_ccm_free( &ctx );
175}
176/* END_CASE */
177
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]178/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]179void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key,
180 data_t * msg, data_t * iv,
181 data_t * add, data_t * result )
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]182{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]183 mbedtls_ccm_context ctx;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]184 size_t n1, n1_add;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]185 uint8_t* io_msg_buf = NULL;
186 uint8_t* tag_buf = NULL;
187 const size_t expected_tag_len = result->len - msg->len;
188 const uint8_t* expected_tag = result->x + msg->len;
189
190 /* Prepare input/output message buffer */
191 ASSERT_ALLOC( io_msg_buf, msg->len );
192 if( msg->len != 0 )
193 memcpy( io_msg_buf, msg->x, msg->len );
194
195 /* Prepare tag buffer */
196 ASSERT_ALLOC( tag_buf, expected_tag_len );
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]197
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]198 mbedtls_ccm_init( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]199 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]200 /* Test with input == output */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]201 TEST_EQUAL( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len,
202 io_msg_buf, io_msg_buf, tag_buf, expected_tag_len ), 0);
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]203
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]204 ASSERT_COMPARE( io_msg_buf, msg->len, result->x, msg->len );
205 ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]206
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]207 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]208 const data_t encrypted_expected = { .x = result->x,
209 .len = msg->len };
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]210 const data_t tag_expected = { .x = (uint8_t*) expected_tag, /* cast to conform with data_t x type */
211 .len = expected_tag_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]212
213 for( n1 = 0; n1 <= msg->len; n1 += 1 )
214 {
215 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
216 {
217 mbedtls_test_set_step( n1 * 10000 + n1_add );
218 if( !check_multipart( &ctx, MBEDTLS_CCM_ENCRYPT,
219 iv, add, msg,
220 &encrypted_expected,
221 &tag_expected,
222 n1, n1_add ) )
223 goto exit;
224 }
225 }
226
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]227exit:
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]228 mbedtls_ccm_free( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]229 mbedtls_free( io_msg_buf );
230 mbedtls_free( tag_buf );
Manuel Pégourié-Gonnard637eb3d2014-05-06 12:13:09 +0200[diff] [blame]231}
232/* END_CASE */
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]233
234/* BEGIN_CASE */
Azim Khan5fcca462018-06-29 11:05:32 +0100[diff] [blame]235void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key,
236 data_t * msg, data_t * iv,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]237 data_t * add, int expected_tag_len, int result,
Ronald Cronac6ae352020-06-26 14:33:03 +0200[diff] [blame]238 data_t * expected_msg )
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]239{
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]240 mbedtls_ccm_context ctx;
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]241 size_t n1, n1_add;
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]242
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]243 const size_t expected_msg_len = msg->len - expected_tag_len;
244 const uint8_t* expected_tag = msg->x + expected_msg_len;
245
246 /* Prepare input/output message buffer */
247 uint8_t* io_msg_buf = NULL;
248 ASSERT_ALLOC( io_msg_buf, expected_msg_len );
249 if( expected_msg_len )
250 memcpy( io_msg_buf, msg->x, expected_msg_len );
251
Manuel Pégourié-Gonnard6963ff02015-04-28 18:02:54 +0200[diff] [blame]252 mbedtls_ccm_init( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]253 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
Manuel Pégourié-Gonnard0f6b66d2014-05-07 14:43:46 +0200[diff] [blame]254 /* Test with input == output */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]255 TEST_EQUAL( mbedtls_ccm_auth_decrypt( &ctx, expected_msg_len, iv->x, iv->len, add->x, add->len,
256 io_msg_buf, io_msg_buf, expected_tag, expected_tag_len ), result );
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]257
Mohammad Azim Khancfd83422018-06-26 18:15:18 +0100[diff] [blame]258 if( result == 0 )
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]259 {
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]260 ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_msg->x, expected_msg_len );
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]261
Mateusz Starzykceb5bc62021-07-30 14:36:22 +0200[diff] [blame]262 /* Prepare data_t structures for multipart testing */
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]263 const data_t encrypted = { .x = msg->x,
264 .len = expected_msg_len };
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]265
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]266 const data_t tag_expected = { .x = (uint8_t*) expected_tag,
267 .len = expected_tag_len };
268
269 for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]270 {
271 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
272 {
273 mbedtls_test_set_step( n1 * 10000 + n1_add );
274 if( !check_multipart( &ctx, MBEDTLS_CCM_DECRYPT,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]275 iv, add, &encrypted,
Mateusz Starzyk25a3dfe2021-07-12 14:53:45 +0200[diff] [blame]276 expected_msg,
277 &tag_expected,
278 n1, n1_add ) )
279 goto exit;
280 }
281 }
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]282 }
283 else
284 {
285 size_t i;
286
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]287 for( i = 0; i < expected_msg_len; i++ )
288 TEST_EQUAL( io_msg_buf[i], 0 );
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]289 }
290
Paul Bakkerbd51b262014-07-10 15:26:12 +0200[diff] [blame]291exit:
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]292 mbedtls_free(io_msg_buf);
Manuel Pégourié-Gonnard2cf5a7c2015-04-08 12:49:31 +0200[diff] [blame]293 mbedtls_ccm_free( &ctx );
Manuel Pégourié-Gonnardce77d552014-05-06 18:06:52 +0200[diff] [blame]294}
295/* END_CASE */
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]296
297/* BEGIN_CASE */
298void mbedtls_ccm_star_encrypt_and_tag( int cipher_id,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]299 data_t *key, data_t *msg,
300 data_t *source_address, data_t *frame_counter,
301 int sec_level, data_t *add,
302 data_t *expected_result, int output_ret )
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]303{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]304 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]305 mbedtls_ccm_context ctx;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]306 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]307 size_t n1, n1_add;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]308 uint8_t* io_msg_buf = NULL;
309 uint8_t* tag_buf = NULL;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]310
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]311 const uint8_t* expected_tag = expected_result->x + msg->len;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]312
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]313 /* Calculate tag length */
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]314 if( sec_level % 4 == 0)
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]315 expected_tag_len = 0;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]316 else
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]317 expected_tag_len = 1 << ( sec_level % 4 + 1);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]318
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]319 /* Prepare input/output message buffer */
320 ASSERT_ALLOC( io_msg_buf, msg->len );
321 if( msg->len )
322 memcpy( io_msg_buf, msg->x, msg->len );
323
324 /* Prepare tag buffer */
325 if( expected_tag_len == 0 )
326 ASSERT_ALLOC( tag_buf, 16 );
327 else
328 ASSERT_ALLOC( tag_buf, expected_tag_len );
329
330 /* Calculate iv */
Gilles Peskineb168c0d2021-02-09 12:00:13 +0100[diff] [blame]331 TEST_ASSERT( source_address->len == 8 );
332 TEST_ASSERT( frame_counter->len == 4 );
333 memcpy( iv, source_address->x, source_address->len );
334 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]335 iv[source_address->len + frame_counter->len] = sec_level;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]336 iv_len = sizeof( iv );
337
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]338 mbedtls_ccm_init( &ctx );
339 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id,
340 key->x, key->len * 8 ), 0 );
341 /* Test with input == output */
342 TEST_EQUAL( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len,
343 add->x, add->len, io_msg_buf,
344 io_msg_buf, tag_buf, expected_tag_len), output_ret );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]345
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]346 ASSERT_COMPARE( io_msg_buf, msg->len, expected_result->x, msg->len );
347 ASSERT_COMPARE( tag_buf, expected_tag_len, expected_tag, expected_tag_len );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]348
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]349 if( output_ret == 0 )
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]350 {
351 const data_t iv_data = { .x = iv,
352 .len = iv_len };
353
354 const data_t encrypted_expected = { .x = expected_result->x,
355 .len = msg->len };
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]356 const data_t tag_expected = { .x = (uint8_t*)expected_tag,
357 .len = expected_tag_len };
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]358
359 for( n1 = 0; n1 <= msg->len; n1 += 1 )
360 {
361 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
362 {
363 mbedtls_test_set_step( n1 * 10000 + n1_add );
364 if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_ENCRYPT,
365 &iv_data, add, msg,
366 &encrypted_expected,
367 &tag_expected,
368 n1, n1_add ) )
369 goto exit;
370 }
371 }
372 }
373
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]374exit:
375 mbedtls_ccm_free( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]376 mbedtls_free( io_msg_buf );
377 mbedtls_free( tag_buf );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]378}
379/* END_CASE */
380
381/* BEGIN_CASE */
382void mbedtls_ccm_star_auth_decrypt( int cipher_id,
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]383 data_t *key, data_t *msg,
384 data_t *source_address, data_t *frame_counter,
385 int sec_level, data_t *add,
386 data_t *expected_result, int output_ret )
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]387{
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]388 unsigned char iv[13];
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]389 mbedtls_ccm_context ctx;
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]390 size_t iv_len, expected_tag_len;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]391 size_t n1, n1_add;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]392
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]393 /* Calculate tag length */
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]394 if( sec_level % 4 == 0)
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]395 expected_tag_len = 0;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]396 else
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]397 expected_tag_len = 1 << ( sec_level % 4 + 1);
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]398
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]399 const size_t expected_msg_len = msg->len - expected_tag_len;
400 const uint8_t* expected_tag = msg->x + expected_msg_len;
401
402 /* Prepare input/output message buffer */
403 uint8_t* io_msg_buf = NULL;
404 ASSERT_ALLOC( io_msg_buf, expected_msg_len );
405 if( expected_msg_len )
406 memcpy( io_msg_buf, msg->x, expected_msg_len );
407
408 /* Calculate iv */
409 memset( iv, 0x00, sizeof( iv ) );
Gilles Peskineb168c0d2021-02-09 12:00:13 +0100[diff] [blame]410 TEST_ASSERT( source_address->len == 8 );
411 TEST_ASSERT( frame_counter->len == 4 );
412 memcpy( iv, source_address->x, source_address->len );
413 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]414 iv[source_address->len + frame_counter->len] = sec_level;
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]415 iv_len = sizeof( iv );
416
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]417 mbedtls_ccm_init( &ctx );
Ronald Cron9ed40732020-06-25 09:03:34 +0200[diff] [blame]418 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]419 /* Test with input == output */
420 TEST_EQUAL( mbedtls_ccm_star_auth_decrypt( &ctx, expected_msg_len, iv, iv_len,
421 add->x, add->len, io_msg_buf, io_msg_buf,
422 expected_tag, expected_tag_len ), output_ret );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]423
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]424 ASSERT_COMPARE( io_msg_buf, expected_msg_len, expected_result->x, expected_msg_len );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]425
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]426 if( output_ret == 0 )
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]427 {
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]428 const data_t iv_data = { .x = iv,
429 .len = iv_len };
430
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]431 const data_t encrypted = { .x = msg->x,
432 .len = expected_msg_len} ;
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]433
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]434 const data_t tag_expected = { .x = (uint8_t*) expected_tag,
435 .len = expected_tag_len };
436
437 for( n1 = 0; n1 <= expected_msg_len; n1 += 1 )
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]438 {
439 for( n1_add = 0; n1_add <= add->len; n1_add += 1 )
440 {
441 mbedtls_test_set_step( n1 * 10000 + n1_add );
442 if( !check_multipart( &ctx, MBEDTLS_CCM_STAR_DECRYPT,
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]443 &iv_data, add, &encrypted,
Mateusz Starzyk29ec75b2021-07-13 12:26:17 +0200[diff] [blame]444 expected_result,
445 &tag_expected,
446 n1, n1_add ) )
447 goto exit;
448 }
449 }
450 }
451
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]452exit:
453 mbedtls_ccm_free( &ctx );
Mateusz Starzyk27a1bef2021-07-13 15:33:19 +0200[diff] [blame]454 mbedtls_free( io_msg_buf );
Darryl Green0daf4ca2018-05-29 14:12:26 +0100[diff] [blame]455}
456/* END_CASE */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]457
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]458/* Skip auth data, provide full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]459/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]460void mbedtls_ccm_skip_ad( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]461 data_t * key, data_t * msg, data_t * iv,
462 data_t * result, data_t * tag )
463{
464 mbedtls_ccm_context ctx;
465 uint8_t *output = NULL;
466 size_t olen;
467
468 /* Sanity checks on the test data */
469 TEST_EQUAL( msg->len, result->len );
470
471 mbedtls_ccm_init( &ctx );
472 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
473 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
474 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, 0, msg->len, tag->len ) );
475
476 ASSERT_ALLOC( output, result->len );
477 olen = 0xdeadbeef;
478 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, result->len, &olen ) );
479 TEST_EQUAL( result->len, olen );
480 ASSERT_COMPARE( output, olen, result->x, result->len );
481 mbedtls_free( output );
482 output = NULL;
483
484 ASSERT_ALLOC( output, tag->len );
485 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
486 ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
487 mbedtls_free( output );
488 output = NULL;
489
490exit:
491 mbedtls_free( output );
492 mbedtls_ccm_free( &ctx );
493}
494/* END_CASE */
495
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]496/* Provide auth data, skip full text */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]497/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]498void mbedtls_ccm_skip_update( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]499 data_t * key, data_t * iv, data_t* add,
500 data_t * tag )
501{
502 mbedtls_ccm_context ctx;
503 uint8_t *output = NULL;
504
505 mbedtls_ccm_init( &ctx );
506 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
507 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
508 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, tag->len ) );
509
510 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
511
512 ASSERT_ALLOC( output, tag->len );
513 TEST_EQUAL( 0, mbedtls_ccm_finish( &ctx, output, tag->len ) );
514 ASSERT_COMPARE( output, tag->len, tag->x, tag->len );
515 mbedtls_free( output );
516 output = NULL;
517
518exit:
519 mbedtls_free( output );
520 mbedtls_ccm_free( &ctx );
521}
522/* END_CASE */
523
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]524/* Provide too much auth data */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]525/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]526void mbedtls_ccm_overflow_ad( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]527 data_t * key, data_t * iv,
528 data_t * add )
529{
530 mbedtls_ccm_context ctx;
531
532 mbedtls_ccm_init( &ctx );
533 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
534 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
535 // use hardcoded values for msg length and tag length. They are not a part of this test
536 // set half of auth data length to provoke an overflow
537 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len / 2, 16, 16 ) );
538
539 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
540exit:
541 mbedtls_ccm_free( &ctx );
542}
543/* END_CASE */
544
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]545/* Provide incomplete auth data and finish */
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]546/* BEGIN_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]547void mbedtls_ccm_incomplete_ad( int cipher_id, int mode,
548 data_t * key, data_t * iv, data_t* add )
549{
550 mbedtls_ccm_context ctx;
551 uint8_t *output = NULL;
552
553 mbedtls_ccm_init( &ctx );
554 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
555 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
556 // use hardcoded values for msg length and tag length. They are not a part of this test
557 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 0, 16 ) );
558
559 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len/2) );
560
561 ASSERT_ALLOC( output, 16 );
562 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
563
564exit:
565 mbedtls_free( output );
566 mbedtls_ccm_free( &ctx );
567}
568/* END_CASE */
569
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]570/* Provide complete auth data on first update_ad.
571 * Provide unexpected auth data on second update_ad */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]572/* BEGIN_CASE */
573void mbedtls_ccm_full_ad_and_overflow( int cipher_id, int mode,
574 data_t * key, data_t * iv,
575 data_t * add )
576{
577 mbedtls_ccm_context ctx;
578
579 mbedtls_ccm_init( &ctx );
580 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
581 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
582 // use hardcoded values for msg length and tag length. They are not a part of this test
583 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, 16, 16 ) );
584
585 // pass full auth data
586 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
587 // pass 1 extra byte
588 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_update_ad( &ctx, add->x, 1) );
589exit:
590 mbedtls_ccm_free( &ctx );
591}
592/* END_CASE */
593
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]594/* Provide too much plaintext/ciphertext */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]595/* BEGIN_CASE */
Mateusz Starzykbccbf882021-08-09 16:12:46 +0200[diff] [blame]596void mbedtls_ccm_overflow_update( int cipher_id, int mode,
Mateusz Starzyk87889062021-07-29 14:08:18 +0200[diff] [blame]597 data_t * key, data_t * msg, data_t * iv,
598 data_t * add )
599{
600 mbedtls_ccm_context ctx;
601 uint8_t *output = NULL;
602 size_t olen;
603
604 mbedtls_ccm_init( &ctx );
605 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
606 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
607 // use hardcoded value for tag length. It is a not a part of this test
608 // set half of msg length to provoke an overflow
609 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len / 2, 16 ) );
610
611 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
612
613 ASSERT_ALLOC( output, msg->len );
614 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
615 mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
616exit:
617 mbedtls_free( output );
618 mbedtls_ccm_free( &ctx );
619}
620/* END_CASE */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]621
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]622/* Provide incomplete plaintext/ciphertext and finish */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]623/* BEGIN_CASE */
624void mbedtls_ccm_incomplete_update( int cipher_id, int mode,
625 data_t * key, data_t * msg, data_t * iv,
626 data_t * add )
627{
628 mbedtls_ccm_context ctx;
629 uint8_t *output = NULL;
630 size_t olen;
631
632 mbedtls_ccm_init( &ctx );
633 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
634 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
635 // use hardcoded value for tag length. It is not a part of this test
636 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
637
638 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
639
640 ASSERT_ALLOC( output, msg->len );
641 olen = 0xdeadbeef;
642 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len/2, output, msg->len, &olen ) );
643 mbedtls_free( output );
644 output = NULL;
645
646 ASSERT_ALLOC( output, 16 );
647 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_SEQUENCE, mbedtls_ccm_finish( &ctx, output, 16 ) );
648
649exit:
650 mbedtls_free( output );
651 mbedtls_ccm_free( &ctx );
652}
653/* END_CASE */
654
Mateusz Starzyk8fb17542021-08-10 13:45:19 +0200[diff] [blame^]655/* Provide full plaintext/ciphertext of first update
656 * Provide unexpected plaintext/ciphertext on second update */
Mateusz Starzykf442de62021-08-10 13:36:43 +0200[diff] [blame]657/* BEGIN_CASE */
658void mbedtls_ccm_full_update_and_overflow( int cipher_id, int mode,
659 data_t * key, data_t * msg, data_t * iv,
660 data_t * add )
661{
662 mbedtls_ccm_context ctx;
663 uint8_t *output = NULL;
664 size_t olen;
665
666 mbedtls_ccm_init( &ctx );
667 TEST_EQUAL( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ), 0 );
668 TEST_EQUAL( 0, mbedtls_ccm_starts( &ctx, mode, iv->x, iv->len ) );
669 // use hardcoded value for tag length. It is a not a part of this test
670 TEST_EQUAL( 0, mbedtls_ccm_set_lengths( &ctx, add->len, msg->len, 16 ) );
671
672 TEST_EQUAL( 0, mbedtls_ccm_update_ad( &ctx, add->x, add->len) );
673
674 ASSERT_ALLOC( output, msg->len );
675 // pass full text
676 TEST_EQUAL( 0, mbedtls_ccm_update( &ctx, msg->x, msg->len, output, msg->len, &olen ) );
677 // pass 1 extra byte
678 TEST_EQUAL( MBEDTLS_ERR_CCM_BAD_INPUT, \
679 mbedtls_ccm_update( &ctx, msg->x, 1, output, 1, &olen ) );
680exit:
681 mbedtls_free( output );
682 mbedtls_ccm_free( &ctx );
683}
684/* END_CASE */