1/* BEGIN_HEADER */ 2#include "mbedtls/chachapoly.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_CHACHAPOLY_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE */ 11void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str ) 12{ 13 unsigned char output[265]; 14 unsigned char mac[16]; /* size set by the standard */ 15 mbedtls_chachapoly_context ctx; 16 17 TEST_ASSERT( key_str->len == 32 ); 18 TEST_ASSERT( nonce_str->len == 12 ); 19 TEST_ASSERT( mac_str->len == 16 ); 20 21 mbedtls_chachapoly_init( &ctx ); 22 23 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); 24 25 TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, 26 input_str->len, nonce_str->x, 27 aad_str->x, aad_str->len, 28 input_str->x, output, mac ) == 0 ); 29 30 TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); 31 TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 ); 32 33exit: 34 mbedtls_chachapoly_free( &ctx ); 35} 36/* END_CASE */ 37 38/* BEGIN_CASE */ 39void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp ) 40{ 41 unsigned char output[265]; 42 int ret; 43 mbedtls_chachapoly_context ctx; 44 45 TEST_ASSERT( key_str->len == 32 ); 46 TEST_ASSERT( nonce_str->len == 12 ); 47 TEST_ASSERT( mac_str->len == 16 ); 48 49 mbedtls_chachapoly_init( &ctx ); 50 51 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); 52 53 ret = mbedtls_chachapoly_auth_decrypt( &ctx, 54 input_str->len, nonce_str->x, 55 aad_str->x, aad_str->len, 56 mac_str->x, input_str->x, output ); 57 58 TEST_ASSERT( ret == ret_exp ); 59 if( ret_exp == 0 ) 60 { 61 TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); 62 } 63 64exit: 65 mbedtls_chachapoly_free( &ctx ); 66} 67/* END_CASE */ 68 69/* BEGIN_CASE */ 70void chachapoly_state() 71{ 72 unsigned char key[32]; 73 unsigned char nonce[12]; 74 unsigned char aad[1]; 75 unsigned char input[1]; 76 unsigned char output[1]; 77 unsigned char mac[16]; 78 size_t input_len = sizeof( input ); 79 size_t aad_len = sizeof( aad ); 80 mbedtls_chachapoly_context ctx; 81 82 memset( key, 0x00, sizeof( key ) ); 83 memset( nonce, 0x00, sizeof( nonce ) ); 84 memset( aad, 0x00, sizeof( aad ) ); 85 memset( input, 0x00, sizeof( input ) ); 86 memset( output, 0x00, sizeof( output ) ); 87 memset( mac, 0x00, sizeof( mac ) ); 88 89 /* Initial state: finish, update, update_aad forbidden */ 90 mbedtls_chachapoly_init( &ctx ); 91 92 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 93 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 94 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 95 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 96 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 97 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 98 99 /* Still initial state: finish, update, update_aad forbidden */ 100 TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key ) 101 == 0 ); 102 103 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 104 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 105 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 106 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 107 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 108 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 109 110 /* Starts -> finish OK */ 111 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) 112 == 0 ); 113 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 114 == 0 ); 115 116 /* After finish: update, update_aad forbidden */ 117 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 118 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 119 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 120 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 121 122 /* Starts -> update* OK */ 123 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) 124 == 0 ); 125 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 126 == 0 ); 127 TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) 128 == 0 ); 129 130 /* After update: update_aad forbidden */ 131 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 132 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); 133 134 /* Starts -> update_aad* -> finish OK */ 135 TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) 136 == 0 ); 137 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 138 == 0 ); 139 TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) 140 == 0 ); 141 TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) 142 == 0 ); 143 144exit: 145 mbedtls_chachapoly_free( &ctx ); 146} 147/* END_CASE */ 148 149/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 150void chachapoly_selftest() 151{ 152 TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 ); 153} 154/* END_CASE */ 155