1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3#include "mbedtls/aes.h" 4 5#if defined(MBEDTLS_GCM_C) 6#include "mbedtls/gcm.h" 7#endif 8 9#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 10#define MBEDTLS_CIPHER_AUTH_CRYPT 11#endif 12 13/* Check the internal consistency of a cipher info structure, and 14 * check it against mbedtls_cipher_info_from_xxx(). */ 15static int check_cipher_info(mbedtls_cipher_type_t type, 16 const mbedtls_cipher_info_t *info) 17{ 18 size_t key_bitlen, block_size, iv_size; 19 20 TEST_ASSERT(info != NULL); 21 TEST_EQUAL(type, mbedtls_cipher_info_get_type(info)); 22 TEST_EQUAL(type, info->type); 23 TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info); 24 25 TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info)); 26 27 /* Insist that get_name() return the string from the structure and 28 * not a copy. A copy would have an unknown storage duration. */ 29 TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name); 30 TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info); 31 32 key_bitlen = mbedtls_cipher_info_get_key_bitlen(info); 33 block_size = mbedtls_cipher_info_get_block_size(info); 34 iv_size = mbedtls_cipher_info_get_iv_size(info); 35 if (info->type == MBEDTLS_CIPHER_NULL) { 36 TEST_ASSERT(key_bitlen == 0); 37 TEST_ASSERT(block_size == 1); 38 TEST_ASSERT(iv_size == 0); 39 } else if (info->mode == MBEDTLS_MODE_XTS) { 40 TEST_ASSERT(key_bitlen == 256 || 41 key_bitlen == 384 || 42 key_bitlen == 512); 43 } else if (!strncmp(info->name, "DES-EDE3-", 9)) { 44 TEST_ASSERT(key_bitlen == 192); 45 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 46 TEST_ASSERT(block_size == 8); 47 } else if (!strncmp(info->name, "DES-EDE-", 8)) { 48 TEST_ASSERT(key_bitlen == 128); 49 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 50 TEST_ASSERT(block_size == 8); 51 } else if (!strncmp(info->name, "DES-", 4)) { 52 TEST_ASSERT(key_bitlen == 64); 53 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 54 TEST_ASSERT(block_size == 8); 55 } else if (!strncmp(info->name, "AES", 3)) { 56 TEST_ASSERT(key_bitlen == 128 || 57 key_bitlen == 192 || 58 key_bitlen == 256); 59 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 60 TEST_ASSERT(block_size == 16); 61 } else { 62 TEST_ASSERT(key_bitlen == 128 || 63 key_bitlen == 192 || 64 key_bitlen == 256); 65 } 66 67 if (strstr(info->name, "-ECB") != NULL) { 68 TEST_ASSERT(iv_size == 0); 69 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 70 } else if (strstr(info->name, "-CBC") != NULL || 71 strstr(info->name, "-CTR") != NULL) { 72 TEST_ASSERT(iv_size == block_size); 73 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 74 } else if (strstr(info->name, "-GCM") != NULL) { 75 TEST_ASSERT(iv_size == block_size - 4); 76 TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info)); 77 } 78 79 return 1; 80 81exit: 82 return 0; 83} 84 85#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) 86/* Helper for resetting key/direction 87 * 88 * The documentation doesn't explicitly say whether calling 89 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 90 * the default software implementation, but only by accident. It isn't 91 * guaranteed to work with new ciphers or with alternative implementations of 92 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 93 * it, and instead start with a fresh context. 94 */ 95static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 96 int use_psa, size_t tag_len, const data_t *key, int direction) 97{ 98 mbedtls_cipher_free(ctx); 99 mbedtls_cipher_init(ctx); 100 101#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 102 (void) use_psa; 103 (void) tag_len; 104#else 105 if (use_psa == 1) { 106 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 107 mbedtls_cipher_info_from_type(cipher_id), 108 tag_len)); 109 } else 110#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 111 { 112 TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 113 mbedtls_cipher_info_from_type(cipher_id))); 114 } 115 116 TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 117 direction)); 118 return 1; 119 120exit: 121 return 0; 122} 123 124/* 125 * Check if a buffer is all-0 bytes: 126 * return 1 if it is, 127 * 0 if it isn't. 128 */ 129int buffer_is_all_zero(const uint8_t *buf, size_t size) 130{ 131 for (size_t i = 0; i < size; i++) { 132 if (buf[i] != 0) { 133 return 0; 134 } 135 } 136 return 1; 137} 138#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 139 140/* END_HEADER */ 141 142/* BEGIN_DEPENDENCIES 143 * depends_on:MBEDTLS_CIPHER_C 144 * END_DEPENDENCIES 145 */ 146 147/* BEGIN_CASE */ 148void mbedtls_cipher_list() 149{ 150 const int *cipher_type; 151 152 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 153 const mbedtls_cipher_info_t *info = 154 mbedtls_cipher_info_from_type(*cipher_type); 155 mbedtls_test_set_step(*cipher_type); 156 if (!check_cipher_info(*cipher_type, info)) { 157 goto exit; 158 } 159 } 160} 161/* END_CASE */ 162 163/* BEGIN_CASE */ 164void cipher_invalid_param_unconditional() 165{ 166 mbedtls_cipher_context_t valid_ctx; 167 mbedtls_cipher_context_t invalid_ctx; 168 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 169 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 170 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 171 int valid_size = sizeof(valid_buffer); 172 int valid_bitlen = valid_size * 8; 173 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 174 *(mbedtls_cipher_list())); 175 size_t size_t_var; 176 177 (void) valid_mode; /* In some configurations this is unused */ 178 179 mbedtls_cipher_init(&valid_ctx); 180 mbedtls_cipher_init(&invalid_ctx); 181 182 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 183 184 /* mbedtls_cipher_setup() */ 185 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 186 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 187 188 /* mbedtls_cipher_get_block_size() */ 189 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 190 191 /* mbedtls_cipher_get_cipher_mode() */ 192 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 193 MBEDTLS_MODE_NONE); 194 195 /* mbedtls_cipher_get_iv_size() */ 196 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 197 198 /* mbedtls_cipher_get_type() */ 199 TEST_ASSERT( 200 mbedtls_cipher_get_type(&invalid_ctx) == 201 MBEDTLS_CIPHER_NONE); 202 203 /* mbedtls_cipher_get_name() */ 204 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 205 206 /* mbedtls_cipher_get_key_bitlen() */ 207 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 208 MBEDTLS_KEY_LENGTH_NONE); 209 210 /* mbedtls_cipher_get_operation() */ 211 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 212 MBEDTLS_OPERATION_NONE); 213 214 /* mbedtls_cipher_setkey() */ 215 TEST_ASSERT( 216 mbedtls_cipher_setkey(&invalid_ctx, 217 valid_buffer, 218 valid_bitlen, 219 valid_operation) == 220 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 221 222 /* mbedtls_cipher_set_iv() */ 223 TEST_ASSERT( 224 mbedtls_cipher_set_iv(&invalid_ctx, 225 valid_buffer, 226 valid_size) == 227 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 228 229 /* mbedtls_cipher_reset() */ 230 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 231 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 232 233#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 234 /* mbedtls_cipher_update_ad() */ 235 TEST_ASSERT( 236 mbedtls_cipher_update_ad(&invalid_ctx, 237 valid_buffer, 238 valid_size) == 239 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 240#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 241 242#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 243 /* mbedtls_cipher_set_padding_mode() */ 244 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 245 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 246#endif 247 248 /* mbedtls_cipher_update() */ 249 TEST_ASSERT( 250 mbedtls_cipher_update(&invalid_ctx, 251 valid_buffer, 252 valid_size, 253 valid_buffer, 254 &size_t_var) == 255 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 256 257 /* mbedtls_cipher_finish() */ 258 TEST_ASSERT( 259 mbedtls_cipher_finish(&invalid_ctx, 260 valid_buffer, 261 &size_t_var) == 262 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 263 264#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 265 /* mbedtls_cipher_write_tag() */ 266 TEST_ASSERT( 267 mbedtls_cipher_write_tag(&invalid_ctx, 268 valid_buffer, 269 valid_size) == 270 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 271 272 /* mbedtls_cipher_check_tag() */ 273 TEST_ASSERT( 274 mbedtls_cipher_check_tag(&invalid_ctx, 275 valid_buffer, 276 valid_size) == 277 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 278#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 279 280exit: 281 mbedtls_cipher_free(&invalid_ctx); 282 mbedtls_cipher_free(&valid_ctx); 283} 284/* END_CASE */ 285 286/* BEGIN_CASE */ 287void cipher_invalid_param_conditional() 288{ 289 mbedtls_cipher_context_t valid_ctx; 290 291 mbedtls_operation_t invalid_operation = 100; 292 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 293 int valid_size = sizeof(valid_buffer); 294 int valid_bitlen = valid_size * 8; 295 296 TEST_EQUAL( 297 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 298 mbedtls_cipher_setkey(&valid_ctx, 299 valid_buffer, 300 valid_bitlen, 301 invalid_operation)); 302 303exit: 304 ; 305} 306/* END_CASE */ 307 308/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 309void cipher_special_behaviours() 310{ 311 const mbedtls_cipher_info_t *cipher_info; 312 mbedtls_cipher_context_t ctx; 313 unsigned char input[32]; 314 unsigned char output[32]; 315#if defined(MBEDTLS_CIPHER_MODE_CBC) 316 unsigned char iv[32]; 317#endif 318 size_t olen = 0; 319 320 mbedtls_cipher_init(&ctx); 321 memset(input, 0, sizeof(input)); 322 memset(output, 0, sizeof(output)); 323#if defined(MBEDTLS_CIPHER_MODE_CBC) 324 memset(iv, 0, sizeof(iv)); 325 326 /* Check and get info structures */ 327 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 328 TEST_ASSERT(NULL != cipher_info); 329 330 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 331 332 /* IV too big */ 333 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 334 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 335 336 /* IV too small */ 337 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 338 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 339 340 mbedtls_cipher_free(&ctx); 341 mbedtls_cipher_init(&ctx); 342#endif /* MBEDTLS_CIPHER_MODE_CBC */ 343 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 344 TEST_ASSERT(NULL != cipher_info); 345 346 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 347 348 /* Update ECB with partial block */ 349 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 350 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 351 352exit: 353 mbedtls_cipher_free(&ctx); 354} 355/* END_CASE */ 356 357/* BEGIN_CASE */ 358void enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 359 int length_val, int pad_mode) 360{ 361 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 362 unsigned char key[64]; 363 unsigned char iv[16]; 364 unsigned char ad[13]; 365 unsigned char tag[16]; 366 unsigned char inbuf[64]; 367 unsigned char encbuf[64]; 368 unsigned char decbuf[64]; 369 370 const mbedtls_cipher_info_t *cipher_info; 371 mbedtls_cipher_context_t ctx_dec; 372 mbedtls_cipher_context_t ctx_enc; 373 374 /* 375 * Prepare contexts 376 */ 377 mbedtls_cipher_init(&ctx_dec); 378 mbedtls_cipher_init(&ctx_enc); 379 380 memset(key, 0x2a, sizeof(key)); 381 382 /* Check and get info structures */ 383 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 384 TEST_ASSERT(NULL != cipher_info); 385 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 386 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 387 cipher_string) == 0); 388 389 /* Initialise enc and dec contexts */ 390 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 391 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 392 393 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 394 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 395 396#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 397 if (-1 != pad_mode) { 398 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 399 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 400 } 401#else 402 (void) pad_mode; 403#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 404 405 /* 406 * Do a few encode/decode cycles 407 */ 408 for (i = 0; i < 3; i++) { 409 memset(iv, 0x00 + i, sizeof(iv)); 410 memset(ad, 0x10 + i, sizeof(ad)); 411 memset(inbuf, 0x20 + i, sizeof(inbuf)); 412 413 memset(encbuf, 0, sizeof(encbuf)); 414 memset(decbuf, 0, sizeof(decbuf)); 415 memset(tag, 0, sizeof(tag)); 416 417 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 418 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 419 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 420 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 421 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 422 iv_len = 12; 423 } else { 424 iv_len = sizeof(iv); 425 } 426 427 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 428 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 429 430 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 431 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 432 433#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 434 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 435 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 436 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 437 438 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 439 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 440#endif 441 442 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 443 TEST_ASSERT(block_size != 0); 444 445 /* encode length number of bytes from inbuf */ 446 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 447 total_len = outlen; 448 449 TEST_ASSERT(total_len == length || 450 (total_len % block_size == 0 && 451 total_len < length && 452 total_len + block_size > length)); 453 454 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 455 total_len += outlen; 456 457#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 458 TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 459#endif 460 461 TEST_ASSERT(total_len == length || 462 (total_len % block_size == 0 && 463 total_len > length && 464 total_len <= length + block_size)); 465 466 /* decode the previously encoded string */ 467 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 468 total_len = outlen; 469 470 TEST_ASSERT(total_len == length || 471 (total_len % block_size == 0 && 472 total_len < length && 473 total_len + block_size >= length)); 474 475 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 476 total_len += outlen; 477 478#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 479 TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 480#endif 481 482 /* check result */ 483 TEST_ASSERT(total_len == length); 484 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 485 } 486 487 /* 488 * Done 489 */ 490exit: 491 mbedtls_cipher_free(&ctx_dec); 492 mbedtls_cipher_free(&ctx_enc); 493} 494/* END_CASE */ 495 496/* BEGIN_CASE */ 497void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 498 int ret) 499{ 500 size_t length = length_val; 501 unsigned char key[32]; 502 unsigned char iv[16]; 503 504 const mbedtls_cipher_info_t *cipher_info; 505 mbedtls_cipher_context_t ctx; 506 507 unsigned char inbuf[64]; 508 unsigned char encbuf[64]; 509 510 size_t outlen = 0; 511 512 memset(key, 0, 32); 513 memset(iv, 0, 16); 514 515 mbedtls_cipher_init(&ctx); 516 517 memset(inbuf, 5, 64); 518 memset(encbuf, 0, 64); 519 520 /* Check and get info structures */ 521 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 522 TEST_ASSERT(NULL != cipher_info); 523 524 /* Initialise context */ 525 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 526 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 527#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 528 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 529#else 530 (void) pad_mode; 531#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 532 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 533 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 534#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 535 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 536 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 537 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 538 539 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0)); 540#endif 541 542 /* encode length number of bytes from inbuf */ 543 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 544 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 545 546 /* done */ 547exit: 548 mbedtls_cipher_free(&ctx); 549} 550/* END_CASE */ 551 552/* BEGIN_CASE */ 553void dec_empty_buf(int cipher, 554 int expected_update_ret, 555 int expected_finish_ret) 556{ 557 unsigned char key[32]; 558 559 unsigned char *iv = NULL; 560 size_t iv_len = 16; 561 562 mbedtls_cipher_context_t ctx_dec; 563 const mbedtls_cipher_info_t *cipher_info; 564 565 unsigned char encbuf[64]; 566 unsigned char decbuf[64]; 567 568 size_t outlen = 0; 569 570 memset(key, 0, 32); 571 572 mbedtls_cipher_init(&ctx_dec); 573 574 memset(encbuf, 0, 64); 575 memset(decbuf, 0, 64); 576 577 /* Initialise context */ 578 cipher_info = mbedtls_cipher_info_from_type(cipher); 579 TEST_ASSERT(NULL != cipher_info); 580 581 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 582 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 583 iv_len = 12; 584 } 585 586 ASSERT_ALLOC(iv, iv_len); 587 memset(iv, 0, iv_len); 588 589 TEST_ASSERT(sizeof(key) * 8 >= cipher_info->key_bitlen); 590 591 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 592 593 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 594 key, cipher_info->key_bitlen, 595 MBEDTLS_DECRYPT)); 596 597 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 598 599 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 600 601#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 602 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 603 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 604 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 605 606 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 607#endif 608 609 /* decode 0-byte string */ 610 TEST_ASSERT(expected_update_ret == 611 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 612 TEST_ASSERT(0 == outlen); 613 614 if (expected_finish_ret == 0 && 615 (cipher_info->mode == MBEDTLS_MODE_CBC || 616 cipher_info->mode == MBEDTLS_MODE_ECB)) { 617 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 618 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 619 * decrypting an empty buffer. 620 * On the other hand, CBC and ECB ciphers need a full block of input. 621 */ 622 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 623 } 624 625 TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 626 &ctx_dec, decbuf + outlen, &outlen)); 627 TEST_ASSERT(0 == outlen); 628 629exit: 630 mbedtls_free(iv); 631 mbedtls_cipher_free(&ctx_dec); 632} 633/* END_CASE */ 634 635/* BEGIN_CASE */ 636void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 637 int second_length_val, int pad_mode, 638 int first_encrypt_output_len, int second_encrypt_output_len, 639 int first_decrypt_output_len, int second_decrypt_output_len) 640{ 641 size_t first_length = first_length_val; 642 size_t second_length = second_length_val; 643 size_t length = first_length + second_length; 644 size_t block_size; 645 size_t iv_len; 646 unsigned char key[32]; 647 unsigned char iv[16]; 648 649 mbedtls_cipher_context_t ctx_dec; 650 mbedtls_cipher_context_t ctx_enc; 651 const mbedtls_cipher_info_t *cipher_info; 652 653 unsigned char inbuf[64]; 654 unsigned char encbuf[64]; 655 unsigned char decbuf[64]; 656 657 size_t outlen = 0; 658 size_t totaloutlen = 0; 659 660 memset(key, 0, 32); 661 memset(iv, 0, 16); 662 663 mbedtls_cipher_init(&ctx_dec); 664 mbedtls_cipher_init(&ctx_enc); 665 666 memset(inbuf, 5, 64); 667 memset(encbuf, 0, 64); 668 memset(decbuf, 0, 64); 669 670 /* Initialise enc and dec contexts */ 671 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 672 TEST_ASSERT(NULL != cipher_info); 673 674 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 675 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 676 677 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 678 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 679 680#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 681 if (-1 != pad_mode) { 682 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 683 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 684 } 685#else 686 (void) pad_mode; 687#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 688 689 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 690 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 691 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 692 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 693 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 694 iv_len = 12; 695 } else { 696 iv_len = sizeof(iv); 697 } 698 699 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 700 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 701 702 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 703 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 704 705#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 706 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 707 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 708 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 709 710 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 711 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 712#endif 713 714 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 715 TEST_ASSERT(block_size != 0); 716 717 /* encode length number of bytes from inbuf */ 718 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 719 TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 720 totaloutlen = outlen; 721 TEST_ASSERT(0 == 722 mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 723 encbuf + totaloutlen, 724 &outlen)); 725 TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 726 totaloutlen += outlen; 727 TEST_ASSERT(totaloutlen == length || 728 (totaloutlen % block_size == 0 && 729 totaloutlen < length && 730 totaloutlen + block_size > length)); 731 732 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 733 totaloutlen += outlen; 734 TEST_ASSERT(totaloutlen == length || 735 (totaloutlen % block_size == 0 && 736 totaloutlen > length && 737 totaloutlen <= length + block_size)); 738 739 /* decode the previously encoded string */ 740 second_length = totaloutlen - first_length; 741 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 742 TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 743 totaloutlen = outlen; 744 TEST_ASSERT(0 == 745 mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 746 decbuf + totaloutlen, 747 &outlen)); 748 TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 749 totaloutlen += outlen; 750 751 TEST_ASSERT(totaloutlen == length || 752 (totaloutlen % block_size == 0 && 753 totaloutlen < length && 754 totaloutlen + block_size >= length)); 755 756 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 757 totaloutlen += outlen; 758 759 TEST_ASSERT(totaloutlen == length); 760 761 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 762 763exit: 764 mbedtls_cipher_free(&ctx_dec); 765 mbedtls_cipher_free(&ctx_enc); 766} 767/* END_CASE */ 768 769/* BEGIN_CASE */ 770void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 771 data_t *iv, data_t *cipher, 772 data_t *clear, data_t *ad, data_t *tag, 773 int finish_result, int tag_result) 774{ 775 unsigned char output[265]; 776 mbedtls_cipher_context_t ctx; 777 size_t outlen, total_len; 778 779 mbedtls_cipher_init(&ctx); 780 781 memset(output, 0x00, sizeof(output)); 782 783#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 784 ((void) ad); 785 ((void) tag); 786#endif 787 788 /* Prepare context */ 789 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 790 mbedtls_cipher_info_from_type(cipher_id))); 791 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 792#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 793 if (pad_mode != -1) { 794 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 795 } 796#else 797 (void) pad_mode; 798#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 799 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 800 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 801#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 802 int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 803 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 804 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 805 806 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 807#endif 808 809 /* decode buffer and check tag->x */ 810 total_len = 0; 811 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 812 total_len += outlen; 813 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 814 &outlen)); 815 total_len += outlen; 816#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 817 int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 818 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 819 tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 820 821 TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 822#endif 823 824 /* check plaintext only if everything went fine */ 825 if (0 == finish_result && 0 == tag_result) { 826 TEST_ASSERT(total_len == clear->len); 827 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 828 } 829 830exit: 831 mbedtls_cipher_free(&ctx); 832} 833/* END_CASE */ 834 835/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ 836void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 837 data_t *ad, data_t *cipher, data_t *tag, 838 char *result, data_t *clear, int use_psa) 839{ 840 /* 841 * Take an AEAD ciphertext + tag and perform a pair 842 * of AEAD decryption and AEAD encryption. Check that 843 * this results in the expected plaintext, and that 844 * decryption and encryption are inverse to one another. 845 */ 846 847 int ret; 848 int using_nist_kw, using_nist_kw_padding; 849 850 mbedtls_cipher_context_t ctx; 851 size_t outlen; 852 853 unsigned char *cipher_plus_tag = NULL; 854 size_t cipher_plus_tag_len; 855 unsigned char *decrypt_buf = NULL; 856 size_t decrypt_buf_len = 0; 857 unsigned char *encrypt_buf = NULL; 858 size_t encrypt_buf_len = 0; 859 860 /* Null pointers are documented as valid for inputs of length 0. 861 * The test framework passes non-null pointers, so set them to NULL. 862 * key, cipher and tag can't be empty. */ 863 if (iv->len == 0) { 864 iv->x = NULL; 865 } 866 if (ad->len == 0) { 867 ad->x = NULL; 868 } 869 if (clear->len == 0) { 870 clear->x = NULL; 871 } 872 873 mbedtls_cipher_init(&ctx); 874 875 /* Initialize PSA Crypto */ 876#if defined(MBEDTLS_USE_PSA_CRYPTO) 877 if (use_psa == 1) { 878 PSA_ASSERT(psa_crypto_init()); 879 } 880#else 881 (void) use_psa; 882#endif 883 884 /* 885 * Are we using NIST_KW? with padding? 886 */ 887 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 888 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 889 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 890 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 891 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 892 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 893 using_nist_kw_padding; 894 895 /* 896 * Prepare context for decryption 897 */ 898 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 899 MBEDTLS_DECRYPT)) { 900 goto exit; 901 } 902 903 /* 904 * prepare buffer for decryption 905 * (we need the tag appended to the ciphertext) 906 */ 907 cipher_plus_tag_len = cipher->len + tag->len; 908 ASSERT_ALLOC(cipher_plus_tag, cipher_plus_tag_len); 909 memcpy(cipher_plus_tag, cipher->x, cipher->len); 910 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 911 912 /* 913 * Compute length of output buffer according to the documentation 914 */ 915 if (using_nist_kw) { 916 decrypt_buf_len = cipher_plus_tag_len - 8; 917 } else { 918 decrypt_buf_len = cipher_plus_tag_len - tag->len; 919 } 920 921 922 /* 923 * Try decrypting to a buffer that's 1B too small 924 */ 925 if (decrypt_buf_len != 0) { 926 ASSERT_ALLOC(decrypt_buf, decrypt_buf_len - 1); 927 928 outlen = 0; 929 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 930 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 931 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 932 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 933 934 mbedtls_free(decrypt_buf); 935 decrypt_buf = NULL; 936 } 937 938 /* 939 * Authenticate and decrypt, and check result 940 */ 941 ASSERT_ALLOC(decrypt_buf, decrypt_buf_len); 942 943 outlen = 0; 944 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 945 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 946 decrypt_buf, decrypt_buf_len, &outlen, tag->len); 947 948 if (strcmp(result, "FAIL") == 0) { 949 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 950 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 951 } else { 952 TEST_ASSERT(ret == 0); 953 ASSERT_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 954 } 955 956 mbedtls_free(decrypt_buf); 957 decrypt_buf = NULL; 958 959 /* 960 * Encrypt back if test data was authentic 961 */ 962 if (strcmp(result, "FAIL") != 0) { 963 /* prepare context for encryption */ 964 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 965 MBEDTLS_ENCRYPT)) { 966 goto exit; 967 } 968 969 /* 970 * Compute size of output buffer according to documentation 971 */ 972 if (using_nist_kw) { 973 encrypt_buf_len = clear->len + 8; 974 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 975 encrypt_buf_len += 8 - encrypt_buf_len % 8; 976 } 977 } else { 978 encrypt_buf_len = clear->len + tag->len; 979 } 980 981 /* 982 * Try encrypting with an output buffer that's 1B too small 983 */ 984 ASSERT_ALLOC(encrypt_buf, encrypt_buf_len - 1); 985 986 outlen = 0; 987 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 988 ad->x, ad->len, clear->x, clear->len, 989 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 990 TEST_ASSERT(ret != 0); 991 992 mbedtls_free(encrypt_buf); 993 encrypt_buf = NULL; 994 995 /* 996 * Encrypt and check the result 997 */ 998 ASSERT_ALLOC(encrypt_buf, encrypt_buf_len); 999 1000 outlen = 0; 1001 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1002 ad->x, ad->len, clear->x, clear->len, 1003 encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1004 TEST_ASSERT(ret == 0); 1005 1006 TEST_ASSERT(outlen == cipher->len + tag->len); 1007 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1008 TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1009 tag->x, tag->len) == 0); 1010 1011 mbedtls_free(encrypt_buf); 1012 encrypt_buf = NULL; 1013 } 1014 1015exit: 1016 1017 mbedtls_cipher_free(&ctx); 1018 mbedtls_free(decrypt_buf); 1019 mbedtls_free(encrypt_buf); 1020 mbedtls_free(cipher_plus_tag); 1021 1022#if defined(MBEDTLS_USE_PSA_CRYPTO) 1023 if (use_psa == 1) { 1024 PSA_DONE(); 1025 } 1026#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1027} 1028/* END_CASE */ 1029 1030/* BEGIN_CASE */ 1031void test_vec_ecb(int cipher_id, int operation, data_t *key, 1032 data_t *input, data_t *result, int finish_result 1033 ) 1034{ 1035 mbedtls_cipher_context_t ctx; 1036 unsigned char output[32]; 1037 size_t outlen; 1038 1039 mbedtls_cipher_init(&ctx); 1040 1041 memset(output, 0x00, sizeof(output)); 1042 1043 /* Prepare context */ 1044 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1045 mbedtls_cipher_info_from_type(cipher_id))); 1046 1047 1048 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1049 1050 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1051 mbedtls_cipher_get_block_size(&ctx), 1052 output, &outlen)); 1053 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1054 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1055 &outlen)); 1056 TEST_ASSERT(0 == outlen); 1057 1058 /* check plaintext only if everything went fine */ 1059 if (0 == finish_result) { 1060 TEST_ASSERT(0 == memcmp(output, result->x, 1061 mbedtls_cipher_get_block_size(&ctx))); 1062 } 1063 1064exit: 1065 mbedtls_cipher_free(&ctx); 1066} 1067/* END_CASE */ 1068 1069/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1070void test_vec_crypt(int cipher_id, int operation, data_t *key, 1071 data_t *iv, data_t *input, data_t *result, 1072 int finish_result, int use_psa) 1073{ 1074 mbedtls_cipher_context_t ctx; 1075 unsigned char output[32]; 1076 size_t outlen; 1077 1078 mbedtls_cipher_init(&ctx); 1079 1080 memset(output, 0x00, sizeof(output)); 1081 1082 /* Prepare context */ 1083#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1084 (void) use_psa; 1085#else 1086 if (use_psa == 1) { 1087 PSA_ASSERT(psa_crypto_init()); 1088 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1089 mbedtls_cipher_info_from_type(cipher_id), 0)); 1090 } else 1091#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1092 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1093 mbedtls_cipher_info_from_type(cipher_id))); 1094 1095 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1096 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1097 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1098 } 1099 1100 TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1101 iv->len, input->x, input->len, 1102 output, &outlen)); 1103 TEST_ASSERT(result->len == outlen); 1104 /* check plaintext only if everything went fine */ 1105 if (0 == finish_result) { 1106 TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1107 } 1108 1109exit: 1110 mbedtls_cipher_free(&ctx); 1111#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1112 PSA_DONE(); 1113#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1114} 1115/* END_CASE */ 1116 1117/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1118void set_padding(int cipher_id, int pad_mode, int ret) 1119{ 1120 const mbedtls_cipher_info_t *cipher_info; 1121 mbedtls_cipher_context_t ctx; 1122 1123 mbedtls_cipher_init(&ctx); 1124 1125 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1126 TEST_ASSERT(NULL != cipher_info); 1127 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1128 1129 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1130 1131exit: 1132 mbedtls_cipher_free(&ctx); 1133} 1134/* END_CASE */ 1135 1136/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1137void check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1138 ) 1139{ 1140 mbedtls_cipher_info_t cipher_info; 1141 mbedtls_cipher_context_t ctx; 1142 size_t dlen; 1143 1144 /* build a fake context just for getting access to get_padding */ 1145 mbedtls_cipher_init(&ctx); 1146 cipher_info.mode = MBEDTLS_MODE_CBC; 1147 ctx.cipher_info = &cipher_info; 1148 1149 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1150 1151 1152 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1153 if (0 == ret) { 1154 TEST_ASSERT(dlen == (size_t) dlen_check); 1155 } 1156} 1157/* END_CASE */ 1158 1159/* BEGIN_CASE */ 1160void iv_len_validity(int cipher_id, char *cipher_string, 1161 int iv_len_val, int ret) 1162{ 1163 size_t iv_len = iv_len_val; 1164 unsigned char iv[16]; 1165 1166 /* Initialise iv buffer */ 1167 memset(iv, 0, sizeof(iv)); 1168 1169 const mbedtls_cipher_info_t *cipher_info; 1170 mbedtls_cipher_context_t ctx_dec; 1171 mbedtls_cipher_context_t ctx_enc; 1172 1173 /* 1174 * Prepare contexts 1175 */ 1176 mbedtls_cipher_init(&ctx_dec); 1177 mbedtls_cipher_init(&ctx_enc); 1178 1179 /* Check and get info structures */ 1180 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1181 TEST_ASSERT(NULL != cipher_info); 1182 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1183 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 1184 cipher_string) == 0); 1185 1186 /* Initialise enc and dec contexts */ 1187 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1188 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1189 1190 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1191 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1192 1193exit: 1194 mbedtls_cipher_free(&ctx_dec); 1195 mbedtls_cipher_free(&ctx_enc); 1196} 1197/* END_CASE */ 1198