| /* BEGIN_HEADER */ |
| #include "mbedtls/chachapoly.h" |
| /* END_HEADER */ |
| |
| /* BEGIN_DEPENDENCIES |
| * depends_on:MBEDTLS_CHACHAPOLY_C |
| * END_DEPENDENCIES |
| */ |
| |
| /* BEGIN_CASE */ |
| void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string ) |
| { |
| unsigned char key_str[32]; /* size set by the standard */ |
| unsigned char nonce_str[12]; /* size set by the standard */ |
| unsigned char aad_str[12]; /* max size of test data so far */ |
| unsigned char input_str[265]; /* max size of binary input/output so far */ |
| unsigned char output_str[265]; |
| unsigned char output[265]; |
| unsigned char mac_str[16]; /* size set by the standard */ |
| unsigned char mac[16]; /* size set by the standard */ |
| size_t input_len; |
| size_t output_len; |
| size_t aad_len; |
| size_t key_len; |
| size_t nonce_len; |
| size_t mac_len; |
| mbedtls_chachapoly_context ctx; |
| |
| memset( key_str, 0x00, sizeof( key_str ) ); |
| memset( nonce_str, 0x00, sizeof( nonce_str ) ); |
| memset( aad_str, 0x00, sizeof( aad_str ) ); |
| memset( input_str, 0x00, sizeof( input_str ) ); |
| memset( output_str, 0x00, sizeof( output_str ) ); |
| memset( mac_str, 0x00, sizeof( mac_str ) ); |
| |
| aad_len = unhexify( aad_str, hex_aad_string ); |
| input_len = unhexify( input_str, hex_input_string ); |
| output_len = unhexify( output_str, hex_output_string ); |
| key_len = unhexify( key_str, hex_key_string ); |
| nonce_len = unhexify( nonce_str, hex_nonce_string ); |
| mac_len = unhexify( mac_str, hex_mac_string ); |
| |
| TEST_ASSERT( key_len == 32 ); |
| TEST_ASSERT( nonce_len == 12 ); |
| TEST_ASSERT( mac_len == 16 ); |
| |
| mbedtls_chachapoly_init( &ctx ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| input_len, nonce_str, |
| aad_str, aad_len, |
| input_str, output, mac ) == 0 ); |
| |
| TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); |
| TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 ); |
| |
| exit: |
| mbedtls_chachapoly_free( &ctx ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp ) |
| { |
| unsigned char key_str[32]; /* size set by the standard */ |
| unsigned char nonce_str[12]; /* size set by the standard */ |
| unsigned char aad_str[12]; /* max size of test data so far */ |
| unsigned char input_str[265]; /* max size of binary input/output so far */ |
| unsigned char output_str[265]; |
| unsigned char output[265]; |
| unsigned char mac_str[16]; /* size set by the standard */ |
| size_t input_len; |
| size_t output_len; |
| size_t aad_len; |
| size_t key_len; |
| size_t nonce_len; |
| size_t mac_len; |
| int ret; |
| mbedtls_chachapoly_context ctx; |
| |
| memset( key_str, 0x00, sizeof( key_str ) ); |
| memset( nonce_str, 0x00, sizeof( nonce_str ) ); |
| memset( aad_str, 0x00, sizeof( aad_str ) ); |
| memset( input_str, 0x00, sizeof( input_str ) ); |
| memset( output_str, 0x00, sizeof( output_str ) ); |
| memset( mac_str, 0x00, sizeof( mac_str ) ); |
| |
| aad_len = unhexify( aad_str, hex_aad_string ); |
| input_len = unhexify( input_str, hex_input_string ); |
| output_len = unhexify( output_str, hex_output_string ); |
| key_len = unhexify( key_str, hex_key_string ); |
| nonce_len = unhexify( nonce_str, hex_nonce_string ); |
| mac_len = unhexify( mac_str, hex_mac_string ); |
| |
| TEST_ASSERT( key_len == 32 ); |
| TEST_ASSERT( nonce_len == 12 ); |
| TEST_ASSERT( mac_len == 16 ); |
| |
| mbedtls_chachapoly_init( &ctx ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); |
| |
| ret = mbedtls_chachapoly_auth_decrypt( &ctx, |
| input_len, nonce_str, |
| aad_str, aad_len, |
| mac_str, input_str, output ); |
| |
| TEST_ASSERT( ret == ret_exp ); |
| if( ret_exp == 0 ) |
| { |
| TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); |
| } |
| |
| exit: |
| mbedtls_chachapoly_free( &ctx ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ |
| void chachapoly_bad_params() |
| { |
| unsigned char key[32]; |
| unsigned char nonce[12]; |
| unsigned char aad[1]; |
| unsigned char input[1]; |
| unsigned char output[1]; |
| unsigned char mac[16]; |
| size_t input_len = sizeof( input ); |
| size_t aad_len = sizeof( aad ); |
| mbedtls_chachapoly_context ctx; |
| |
| memset( key, 0x00, sizeof( key ) ); |
| memset( nonce, 0x00, sizeof( nonce ) ); |
| memset( aad, 0x00, sizeof( aad ) ); |
| memset( input, 0x00, sizeof( input ) ); |
| memset( output, 0x00, sizeof( output ) ); |
| memset( mac, 0x00, sizeof( mac ) ); |
| |
| TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) ); |
| TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) ); |
| |
| /* setkey */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_setkey( NULL, key ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_setkey( &ctx, NULL ) ); |
| |
| /* encrypt_and_tag */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( NULL, |
| 0, nonce, |
| aad, 0, |
| input, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| 0, NULL, |
| aad, 0, |
| input, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| 0, nonce, |
| NULL, aad_len, |
| input, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| input_len, nonce, |
| aad, 0, |
| NULL, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| input_len, nonce, |
| aad, 0, |
| input, NULL, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| 0, nonce, |
| aad, 0, |
| input, output, NULL ) ); |
| |
| /* auth_decrypt */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( NULL, |
| 0, nonce, |
| aad, 0, |
| mac, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| 0, NULL, |
| aad, 0, |
| mac, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| 0, nonce, |
| NULL, aad_len, |
| mac, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| 0, nonce, |
| aad, 0, |
| NULL, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| input_len, nonce, |
| aad, 0, |
| mac, NULL, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| input_len, nonce, |
| aad, 0, |
| mac, input, NULL ) ); |
| |
| /* starts */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_starts( NULL, nonce, |
| MBEDTLS_CHACHAPOLY_ENCRYPT ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_starts( &ctx, NULL, |
| MBEDTLS_CHACHAPOLY_ENCRYPT ) ); |
| |
| /* update_aad */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update_aad( NULL, aad, |
| aad_len ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update_aad( &ctx, NULL, |
| aad_len ) ); |
| |
| /* update */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update( NULL, input_len, |
| input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update( &ctx, input_len, |
| NULL, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update( &ctx, input_len, |
| input, NULL ) ); |
| |
| /* finish */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_finish( NULL, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_finish( &ctx, NULL ) ); |
| |
| exit: |
| return; |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void chachapoly_state() |
| { |
| unsigned char key[32]; |
| unsigned char nonce[12]; |
| unsigned char aad[1]; |
| unsigned char input[1]; |
| unsigned char output[1]; |
| unsigned char mac[16]; |
| size_t input_len = sizeof( input ); |
| size_t aad_len = sizeof( aad ); |
| mbedtls_chachapoly_context ctx; |
| |
| memset( key, 0x00, sizeof( key ) ); |
| memset( nonce, 0x00, sizeof( nonce ) ); |
| memset( aad, 0x00, sizeof( aad ) ); |
| memset( input, 0x00, sizeof( input ) ); |
| memset( output, 0x00, sizeof( output ) ); |
| memset( mac, 0x00, sizeof( mac ) ); |
| |
| /* Initial state: finish, update, update_aad forbidden */ |
| mbedtls_chachapoly_init( &ctx ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Still initial state: finish, update, update_aad forbidden */ |
| TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key ) |
| == 0 ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Starts -> finish OK */ |
| TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == 0 ); |
| |
| /* After finish: update, update_aad forbidden */ |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Starts -> update* OK */ |
| TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == 0 ); |
| |
| /* After update: update_aad forbidden */ |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Starts -> update_aad* -> finish OK */ |
| TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == 0 ); |
| |
| exit: |
| mbedtls_chachapoly_free( &ctx ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ |
| void chachapoly_selftest() |
| { |
| TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 ); |
| } |
| /* END_CASE */ |