1/* BEGIN_HEADER */ 2#include "mbedtls/chachapoly.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_CHACHAPOLY_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE */ 11void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str ) 12{ 13 unsigned char output[265]; 14 unsigned char mac[16]; /* size set by the standard */ 15 mbedtls_chachapoly_context ctx; 16 17 TEST_ASSERT( key_str->len == 32 ); 18 TEST_ASSERT( nonce_str->len == 12 ); 19 TEST_ASSERT( mac_str->len == 16 ); 20 21 mbedtls_chachapoly_init( &ctx ); 22 23 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); 24 25 TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, 26 input_str->len, nonce_str->x, 27 aad_str->x, aad_str->len, 28 input_str->x, output, mac ) == 0 ); 29 30 TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); 31 TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 ); 32 33exit: 34 mbedtls_chachapoly_free( &ctx ); 35} 36/* END_CASE */ 37 38/* BEGIN_CASE */ 39void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp ) 40{ 41 unsigned char output[265]; 42 int ret; 43 mbedtls_chachapoly_context ctx; 44 45 TEST_ASSERT( key_str->len == 32 ); 46 TEST_ASSERT( nonce_str->len == 12 ); 47 TEST_ASSERT( mac_str->len == 16 ); 48 49 mbedtls_chachapoly_init( &ctx ); 50 51 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); 52 53 ret = mbedtls_chachapoly_auth_decrypt( &ctx, 54 input_str->len, nonce_str->x, 55 aad_str->x, aad_str->len, 56 mac_str->x, input_str->x, output ); 57 58 TEST_ASSERT( ret == ret_exp ); 59 if( ret_exp == 0 ) 60 { 61 TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); 62 } 63 64exit: 65 mbedtls_chachapoly_free( &ctx ); 66} 67/* END_CASE */ 68 69/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 70void chachapoly_bad_params() 71{ 72 unsigned char key[32]; 73 unsigned char nonce[12]; 74 unsigned char aad[1]; 75 unsigned char input[1]; 76 unsigned char output[1]; 77 unsigned char mac[16]; 78 size_t input_len = sizeof( input ); 79 size_t aad_len = sizeof( aad ); 80 mbedtls_chachapoly_context ctx; 81 82 memset( key, 0x00, sizeof( key ) ); 83 memset( nonce, 0x00, sizeof( nonce ) ); 84 memset( aad, 0x00, sizeof( aad ) ); 85 memset( input, 0x00, sizeof( input ) ); 86 memset( output, 0x00, sizeof( output ) ); 87 memset( mac, 0x00, sizeof( mac ) ); 88 89 TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) ); 90 TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) ); 91 92 /* setkey */ 93 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 94 mbedtls_chachapoly_setkey( NULL, key ) ); 95 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 96 mbedtls_chachapoly_setkey( &ctx, NULL ) ); 97 98 /* encrypt_and_tag */ 99 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 100 mbedtls_chachapoly_encrypt_and_tag( NULL, 101 0, nonce, 102 aad, 0, 103 input, output, mac ) ); 104 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 105 mbedtls_chachapoly_encrypt_and_tag( &ctx, 106 0, NULL, 107 aad, 0, 108 input, output, mac ) ); 109 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 110 mbedtls_chachapoly_encrypt_and_tag( &ctx, 111 0, nonce, 112 NULL, aad_len, 113 input, output, mac ) ); 114 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 115 mbedtls_chachapoly_encrypt_and_tag( &ctx, 116 input_len, nonce, 117 aad, 0, 118 NULL, output, mac ) ); 119 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 120 mbedtls_chachapoly_encrypt_and_tag( &ctx, 121 input_len, nonce, 122 aad, 0, 123 input, NULL, mac ) ); 124 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 125 mbedtls_chachapoly_encrypt_and_tag( &ctx, 126 0, nonce, 127 aad, 0, 128 input, output, NULL ) ); 129 130 /* auth_decrypt */ 131 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 132 mbedtls_chachapoly_auth_decrypt( NULL, 133 0, nonce, 134 aad, 0, 135 mac, input, output ) ); 136 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 137 mbedtls_chachapoly_auth_decrypt( &ctx, 138 0, NULL, 139 aad, 0, 140 mac, input, output ) ); 141 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 142 mbedtls_chachapoly_auth_decrypt( &ctx, 143 0, nonce, 144 NULL, aad_len, 145 mac, input, output ) ); 146 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 147 mbedtls_chachapoly_auth_decrypt( &ctx, 148 0, nonce, 149 aad, 0, 150 NULL, input, output ) ); 151 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 152 mbedtls_chachapoly_auth_decrypt( &ctx, 153 input_len, nonce, 154 aad, 0, 155 mac, NULL, output ) ); 156 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 157 mbedtls_chachapoly_auth_decrypt( &ctx, 158 input_len, nonce, 159 aad, 0, 160 mac, input, NULL ) ); 161 162 /* starts */ 163 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 164 mbedtls_chachapoly_starts( NULL, nonce, 165 MBEDTLS_CHACHAPOLY_ENCRYPT ) ); 166 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 167 mbedtls_chachapoly_starts( &ctx, NULL, 168 MBEDTLS_CHACHAPOLY_ENCRYPT ) ); 169 170 /* update_aad */ 171 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 172 mbedtls_chachapoly_update_aad( NULL, aad, 173 aad_len ) ); 174 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 175 mbedtls_chachapoly_update_aad( &ctx, NULL, 176 aad_len ) ); 177 178 /* update */ 179 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 180 mbedtls_chachapoly_update( NULL, input_len, 181 input, output ) ); 182 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 183 mbedtls_chachapoly_update( &ctx, input_len, 184 NULL, output ) ); 185 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 186 mbedtls_chachapoly_update( &ctx, input_len, 187 input, NULL ) ); 188 189 /* finish */ 190 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 191 mbedtls_chachapoly_finish( NULL, mac ) ); 192 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 193 mbedtls_chachapoly_finish( &ctx, NULL ) ); 194 195exit: 196 return; 197} 198/* END_CASE */ 199 200/* BEGIN_CASE */ 201void chachapoly_state() 202{ 203 unsigned char key[32]; 204 unsigned char nonce[12]; 205 unsigned char aad[1]; 206 unsigned char input[1]; 207 unsigned char output[1]; 208 unsigned char mac[16]; 209 size_t input_len = sizeof( input ); 210 size_t aad_len = sizeof( aad ); 211 mbedtls_chachapoly_context ctx; 212 213 memset( key, 0x00, sizeof( key ) ); 214 memset( nonce, 0x00, sizeof( nonce ) ); 215 memset( aad, 0x00, sizeof( aad ) ); 216 memset( input, 0x00, sizeof( input ) ); 217 memset( output, 0x00, sizeof( output ) ); 218 memset( mac, 0x00, sizeof( mac ) ); 219 220 /* Initial state: finish, update, update_aad forbidden */ 221 mbedtls_chachapoly_init( &ctx ); 222 223 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 224 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 225 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 226 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 227 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 228 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 229 230 /* Still initial state: finish, update, update_aad forbidden */ 231 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key ) 232 == 0 ); 233 234 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 235 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 236 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 237 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 238 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 239 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 240 241 /* Starts -> finish OK */ 242 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) 243 == 0 ); 244 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 245 == 0 ); 246 247 /* After finish: update, update_aad forbidden */ 248 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 249 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 250 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 251 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 252 253 /* Starts -> update* OK */ 254 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) 255 == 0 ); 256 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 257 == 0 ); 258 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 259 == 0 ); 260 261 /* After update: update_aad forbidden */ 262 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 263 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 264 265 /* Starts -> update_aad* -> finish OK */ 266 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) 267 == 0 ); 268 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 269 == 0 ); 270 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 271 == 0 ); 272 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 273 == 0 ); 274 275exit: 276 mbedtls_chachapoly_free( &ctx ); 277} 278/* END_CASE */ 279 280/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 281void chachapoly_selftest() 282{ 283 TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 ); 284} 285/* END_CASE */ 286