1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3#include "mbedtls/aes.h" 4 5#if defined(MBEDTLS_GCM_C) 6#include "mbedtls/gcm.h" 7#endif 8 9#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 10#define MBEDTLS_CIPHER_AUTH_CRYPT 11#endif 12 13/* Check the internal consistency of a cipher info structure, and 14 * check it against mbedtls_cipher_info_from_xxx(). */ 15static int check_cipher_info( mbedtls_cipher_type_t type, 16 const mbedtls_cipher_info_t *info ) 17{ 18 size_t key_bitlen, block_size, iv_size; 19 20 TEST_ASSERT( info != NULL ); 21 TEST_EQUAL( type, mbedtls_cipher_info_get_type( info ) ); 22 TEST_EQUAL( type, info->type ); 23 TEST_ASSERT( mbedtls_cipher_info_from_type( type ) == info ); 24 25 TEST_EQUAL( info->mode, mbedtls_cipher_info_get_mode( info ) ); 26 27 /* Insist that get_name() return the string from the structure and 28 * not a copy. A copy would have an unknown storage duration. */ 29 TEST_ASSERT( mbedtls_cipher_info_get_name( info ) == info->name ); 30 TEST_ASSERT( mbedtls_cipher_info_from_string( info->name ) == info ); 31 32 key_bitlen = mbedtls_cipher_info_get_key_bitlen( info ); 33 block_size = mbedtls_cipher_info_get_block_size( info ); 34 iv_size = mbedtls_cipher_info_get_iv_size( info ); 35 if( info->type == MBEDTLS_CIPHER_NULL ) 36 { 37 TEST_ASSERT( key_bitlen == 0 ); 38 TEST_ASSERT( block_size == 1 ); 39 TEST_ASSERT( iv_size == 0 ); 40 } 41 else if( info->mode == MBEDTLS_MODE_XTS ) 42 { 43 TEST_ASSERT( key_bitlen == 256 || 44 key_bitlen == 384 || 45 key_bitlen == 512 ); 46 } 47 else if( ! strncmp( info->name, "DES-EDE3-", 9 ) ) 48 { 49 TEST_ASSERT( key_bitlen == 192 ); 50 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 51 TEST_ASSERT( block_size == 8 ); 52 } 53 else if( ! strncmp( info->name, "DES-EDE-", 8 ) ) 54 { 55 TEST_ASSERT( key_bitlen == 128 ); 56 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 57 TEST_ASSERT( block_size == 8 ); 58 } 59 else if( ! strncmp( info->name, "DES-", 4 ) ) 60 { 61 TEST_ASSERT( key_bitlen == 64 ); 62 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 63 TEST_ASSERT( block_size == 8 ); 64 } 65 else if( ! strncmp( info->name, "AES", 3 ) ) 66 { 67 TEST_ASSERT( key_bitlen == 128 || 68 key_bitlen == 192 || 69 key_bitlen == 256 ); 70 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_key_bitlen( info ) ); 71 TEST_ASSERT( block_size == 16 ); 72 } 73 else 74 { 75 TEST_ASSERT( key_bitlen == 128 || 76 key_bitlen == 192 || 77 key_bitlen == 256 ); 78 } 79 80 if( strstr( info->name, "-ECB" ) != NULL ) 81 { 82 TEST_ASSERT( iv_size == 0 ); 83 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) ); 84 } 85 else if( strstr( info->name, "-CBC" ) != NULL || 86 strstr( info->name, "-CTR" ) != NULL ) 87 { 88 TEST_ASSERT( iv_size == block_size ); 89 TEST_ASSERT( ! mbedtls_cipher_info_has_variable_iv_size( info ) ); 90 } 91 else if( strstr( info->name, "-GCM" ) != NULL ) 92 { 93 TEST_ASSERT( iv_size == block_size - 4 ); 94 TEST_ASSERT( mbedtls_cipher_info_has_variable_iv_size( info ) ); 95 } 96 97 return( 1 ); 98 99exit: 100 return( 0 ); 101} 102 103#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) 104/* Helper for resetting key/direction 105 * 106 * The documentation doesn't explicitly say whether calling 107 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 108 * the default software implementation, but only by accident. It isn't 109 * guaranteed to work with new ciphers or with alternative implementations of 110 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 111 * it, and instead start with a fresh context. 112 */ 113static int cipher_reset_key( mbedtls_cipher_context_t *ctx, int cipher_id, 114 int use_psa, size_t tag_len, const data_t *key, int direction ) 115{ 116 mbedtls_cipher_free( ctx ); 117 mbedtls_cipher_init( ctx ); 118 119#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 120 (void) use_psa; 121 (void) tag_len; 122#else 123 if( use_psa == 1 ) 124 { 125 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( ctx, 126 mbedtls_cipher_info_from_type( cipher_id ), 127 tag_len ) ); 128 } 129 else 130#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 131 { 132 TEST_ASSERT( 0 == mbedtls_cipher_setup( ctx, 133 mbedtls_cipher_info_from_type( cipher_id ) ) ); 134 } 135 136 TEST_ASSERT( 0 == mbedtls_cipher_setkey( ctx, key->x, 8 * key->len, 137 direction ) ); 138 return( 1 ); 139 140exit: 141 return( 0 ); 142} 143 144/* 145 * Check if a buffer is all-0 bytes: 146 * return 1 if it is, 147 * 0 if it isn't. 148 */ 149int buffer_is_all_zero( const uint8_t *buf, size_t size ) 150{ 151 for( size_t i = 0; i < size; i++ ) 152 if( buf[i] != 0 ) 153 return 0; 154 return 1; 155} 156#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 157 158/* END_HEADER */ 159 160/* BEGIN_DEPENDENCIES 161 * depends_on:MBEDTLS_CIPHER_C 162 * END_DEPENDENCIES 163 */ 164 165/* BEGIN_CASE */ 166void mbedtls_cipher_list( ) 167{ 168 const int *cipher_type; 169 170 for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ ) 171 { 172 const mbedtls_cipher_info_t *info = 173 mbedtls_cipher_info_from_type( *cipher_type ); 174 mbedtls_test_set_step( *cipher_type ); 175 if( ! check_cipher_info( *cipher_type, info ) ) 176 goto exit; 177 } 178} 179/* END_CASE */ 180 181/* BEGIN_CASE */ 182void cipher_invalid_param_unconditional( ) 183{ 184 mbedtls_cipher_context_t valid_ctx; 185 mbedtls_cipher_context_t invalid_ctx; 186 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 187 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 188 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 189 int valid_size = sizeof(valid_buffer); 190 int valid_bitlen = valid_size * 8; 191 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 192 *( mbedtls_cipher_list() ) ); 193 size_t size_t_var; 194 195 (void)valid_mode; /* In some configurations this is unused */ 196 197 mbedtls_cipher_init( &valid_ctx ); 198 mbedtls_cipher_init( &invalid_ctx ); 199 200 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, valid_info ) == 0 ); 201 202 /* mbedtls_cipher_setup() */ 203 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) == 204 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 205 206 /* mbedtls_cipher_get_block_size() */ 207 TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 ); 208 209 /* mbedtls_cipher_get_cipher_mode() */ 210 TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) == 211 MBEDTLS_MODE_NONE ); 212 213 /* mbedtls_cipher_get_iv_size() */ 214 TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 ); 215 216 /* mbedtls_cipher_get_type() */ 217 TEST_ASSERT( 218 mbedtls_cipher_get_type( &invalid_ctx ) == 219 MBEDTLS_CIPHER_NONE); 220 221 /* mbedtls_cipher_get_name() */ 222 TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 ); 223 224 /* mbedtls_cipher_get_key_bitlen() */ 225 TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) == 226 MBEDTLS_KEY_LENGTH_NONE ); 227 228 /* mbedtls_cipher_get_operation() */ 229 TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) == 230 MBEDTLS_OPERATION_NONE ); 231 232 /* mbedtls_cipher_setkey() */ 233 TEST_ASSERT( 234 mbedtls_cipher_setkey( &invalid_ctx, 235 valid_buffer, 236 valid_bitlen, 237 valid_operation ) == 238 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 239 240 /* mbedtls_cipher_set_iv() */ 241 TEST_ASSERT( 242 mbedtls_cipher_set_iv( &invalid_ctx, 243 valid_buffer, 244 valid_size ) == 245 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 246 247 /* mbedtls_cipher_reset() */ 248 TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) == 249 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 250 251#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 252 /* mbedtls_cipher_update_ad() */ 253 TEST_ASSERT( 254 mbedtls_cipher_update_ad( &invalid_ctx, 255 valid_buffer, 256 valid_size ) == 257 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 258#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 259 260#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 261 /* mbedtls_cipher_set_padding_mode() */ 262 TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) == 263 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 264#endif 265 266 /* mbedtls_cipher_update() */ 267 TEST_ASSERT( 268 mbedtls_cipher_update( &invalid_ctx, 269 valid_buffer, 270 valid_size, 271 valid_buffer, 272 &size_t_var ) == 273 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 274 275 /* mbedtls_cipher_finish() */ 276 TEST_ASSERT( 277 mbedtls_cipher_finish( &invalid_ctx, 278 valid_buffer, 279 &size_t_var ) == 280 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 281 282#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 283 /* mbedtls_cipher_write_tag() */ 284 TEST_ASSERT( 285 mbedtls_cipher_write_tag( &invalid_ctx, 286 valid_buffer, 287 valid_size ) == 288 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 289 290 /* mbedtls_cipher_check_tag() */ 291 TEST_ASSERT( 292 mbedtls_cipher_check_tag( &invalid_ctx, 293 valid_buffer, 294 valid_size ) == 295 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 296#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 297 298exit: 299 mbedtls_cipher_free( &invalid_ctx ); 300 mbedtls_cipher_free( &valid_ctx ); 301} 302/* END_CASE */ 303 304/* BEGIN_CASE */ 305void cipher_invalid_param_conditional( ) 306{ 307 mbedtls_cipher_context_t valid_ctx; 308 309 mbedtls_operation_t invalid_operation = 100; 310 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 311 int valid_size = sizeof(valid_buffer); 312 int valid_bitlen = valid_size * 8; 313 314 TEST_EQUAL( 315 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 316 mbedtls_cipher_setkey( &valid_ctx, 317 valid_buffer, 318 valid_bitlen, 319 invalid_operation ) ); 320 321exit: 322 ; 323} 324/* END_CASE */ 325 326/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 327void cipher_special_behaviours( ) 328{ 329 const mbedtls_cipher_info_t *cipher_info; 330 mbedtls_cipher_context_t ctx; 331 unsigned char input[32]; 332 unsigned char output[32]; 333#if defined (MBEDTLS_CIPHER_MODE_CBC) 334 unsigned char iv[32]; 335#endif 336 size_t olen = 0; 337 338 mbedtls_cipher_init( &ctx ); 339 memset( input, 0, sizeof( input ) ); 340 memset( output, 0, sizeof( output ) ); 341#if defined(MBEDTLS_CIPHER_MODE_CBC) 342 memset( iv, 0, sizeof( iv ) ); 343 344 /* Check and get info structures */ 345 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC ); 346 TEST_ASSERT( NULL != cipher_info ); 347 348 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 349 350 /* IV too big */ 351 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 ) 352 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); 353 354 /* IV too small */ 355 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 ) 356 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 357 358 mbedtls_cipher_free( &ctx ); 359 mbedtls_cipher_init( &ctx ); 360#endif /* MBEDTLS_CIPHER_MODE_CBC */ 361 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); 362 TEST_ASSERT( NULL != cipher_info ); 363 364 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 365 366 /* Update ECB with partial block */ 367 TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen ) 368 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); 369 370exit: 371 mbedtls_cipher_free( &ctx ); 372} 373/* END_CASE */ 374 375/* BEGIN_CASE */ 376void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, 377 int length_val, int pad_mode ) 378{ 379 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 380 unsigned char key[64]; 381 unsigned char iv[16]; 382 unsigned char ad[13]; 383 unsigned char tag[16]; 384 unsigned char inbuf[64]; 385 unsigned char encbuf[64]; 386 unsigned char decbuf[64]; 387 388 const mbedtls_cipher_info_t *cipher_info; 389 mbedtls_cipher_context_t ctx_dec; 390 mbedtls_cipher_context_t ctx_enc; 391 392 /* 393 * Prepare contexts 394 */ 395 mbedtls_cipher_init( &ctx_dec ); 396 mbedtls_cipher_init( &ctx_enc ); 397 398 memset( key, 0x2a, sizeof( key ) ); 399 400 /* Check and get info structures */ 401 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 402 TEST_ASSERT( NULL != cipher_info ); 403 TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); 404 TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ), 405 cipher_string ) == 0 ); 406 407 /* Initialise enc and dec contexts */ 408 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 409 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); 410 411 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); 412 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); 413 414#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 415 if( -1 != pad_mode ) 416 { 417 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); 418 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); 419 } 420#else 421 (void) pad_mode; 422#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 423 424 /* 425 * Do a few encode/decode cycles 426 */ 427 for( i = 0; i < 3; i++ ) 428 { 429 memset( iv , 0x00 + i, sizeof( iv ) ); 430 memset( ad, 0x10 + i, sizeof( ad ) ); 431 memset( inbuf, 0x20 + i, sizeof( inbuf ) ); 432 433 memset( encbuf, 0, sizeof( encbuf ) ); 434 memset( decbuf, 0, sizeof( decbuf ) ); 435 memset( tag, 0, sizeof( tag ) ); 436 437 if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) 438 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 439 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 440 else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 441 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) 442 iv_len = 12; 443 else 444 iv_len = sizeof(iv); 445 446 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); 447 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); 448 449 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 450 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); 451 452#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 453 int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || 454 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 455 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 456 457 TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof(ad) - i ) ); 458 TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof(ad) - i ) ); 459#endif 460 461 block_size = mbedtls_cipher_get_block_size( &ctx_enc ); 462 TEST_ASSERT( block_size != 0 ); 463 464 /* encode length number of bytes from inbuf */ 465 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) ); 466 total_len = outlen; 467 468 TEST_ASSERT( total_len == length || 469 ( total_len % block_size == 0 && 470 total_len < length && 471 total_len + block_size > length ) ); 472 473 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) ); 474 total_len += outlen; 475 476#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 477 TEST_EQUAL( expected, mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof(tag) ) ); 478#endif 479 480 TEST_ASSERT( total_len == length || 481 ( total_len % block_size == 0 && 482 total_len > length && 483 total_len <= length + block_size ) ); 484 485 /* decode the previously encoded string */ 486 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, total_len, decbuf, &outlen ) ); 487 total_len = outlen; 488 489 TEST_ASSERT( total_len == length || 490 ( total_len % block_size == 0 && 491 total_len < length && 492 total_len + block_size >= length ) ); 493 494 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) ); 495 total_len += outlen; 496 497#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 498 TEST_EQUAL( expected, mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof(tag) ) ); 499#endif 500 501 /* check result */ 502 TEST_ASSERT( total_len == length ); 503 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) ); 504 } 505 506 /* 507 * Done 508 */ 509exit: 510 mbedtls_cipher_free( &ctx_dec ); 511 mbedtls_cipher_free( &ctx_enc ); 512} 513/* END_CASE */ 514 515/* BEGIN_CASE */ 516void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val, 517 int ret ) 518{ 519 size_t length = length_val; 520 unsigned char key[32]; 521 unsigned char iv[16]; 522 523 const mbedtls_cipher_info_t *cipher_info; 524 mbedtls_cipher_context_t ctx; 525 526 unsigned char inbuf[64]; 527 unsigned char encbuf[64]; 528 529 size_t outlen = 0; 530 531 memset( key, 0, 32 ); 532 memset( iv , 0, 16 ); 533 534 mbedtls_cipher_init( &ctx ); 535 536 memset( inbuf, 5, 64 ); 537 memset( encbuf, 0, 64 ); 538 539 /* Check and get info structures */ 540 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 541 TEST_ASSERT( NULL != cipher_info ); 542 543 /* Initialise context */ 544 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 545 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, key_len, MBEDTLS_ENCRYPT ) ); 546#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 547 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 548#else 549 (void) pad_mode; 550#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 551 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) ); 552 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); 553#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 554 int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || 555 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 556 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 557 558 TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx, NULL, 0 ) ); 559#endif 560 561 /* encode length number of bytes from inbuf */ 562 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, inbuf, length, encbuf, &outlen ) ); 563 TEST_ASSERT( ret == mbedtls_cipher_finish( &ctx, encbuf + outlen, &outlen ) ); 564 565 /* done */ 566exit: 567 mbedtls_cipher_free( &ctx ); 568} 569/* END_CASE */ 570 571/* BEGIN_CASE */ 572void dec_empty_buf( int cipher, 573 int expected_update_ret, 574 int expected_finish_ret ) 575{ 576 unsigned char key[32]; 577 578 unsigned char *iv = NULL; 579 size_t iv_len = 16; 580 581 mbedtls_cipher_context_t ctx_dec; 582 const mbedtls_cipher_info_t *cipher_info; 583 584 unsigned char encbuf[64]; 585 unsigned char decbuf[64]; 586 587 size_t outlen = 0; 588 589 memset( key, 0, 32 ); 590 591 mbedtls_cipher_init( &ctx_dec ); 592 593 memset( encbuf, 0, 64 ); 594 memset( decbuf, 0, 64 ); 595 596 /* Initialise context */ 597 cipher_info = mbedtls_cipher_info_from_type( cipher ); 598 TEST_ASSERT( NULL != cipher_info); 599 600 if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 601 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) 602 iv_len = 12; 603 604 ASSERT_ALLOC( iv, iv_len ); 605 memset( iv , 0, iv_len ); 606 607 TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen ); 608 609 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 610 611 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, 612 key, cipher_info->key_bitlen, 613 MBEDTLS_DECRYPT ) ); 614 615 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); 616 617 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 618 619#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 620 int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || 621 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 622 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 623 624 TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); 625#endif 626 627 /* decode 0-byte string */ 628 TEST_ASSERT( expected_update_ret == 629 mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) ); 630 TEST_ASSERT( 0 == outlen ); 631 632 if ( expected_finish_ret == 0 && 633 ( cipher_info->mode == MBEDTLS_MODE_CBC || 634 cipher_info->mode == MBEDTLS_MODE_ECB ) ) 635 { 636 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 637 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 638 * decrypting an empty buffer. 639 * On the other hand, CBC and ECB ciphers need a full block of input. 640 */ 641 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 642 } 643 644 TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish( 645 &ctx_dec, decbuf + outlen, &outlen ) ); 646 TEST_ASSERT( 0 == outlen ); 647 648exit: 649 mbedtls_free( iv ); 650 mbedtls_cipher_free( &ctx_dec ); 651} 652/* END_CASE */ 653 654/* BEGIN_CASE */ 655void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, 656 int second_length_val, int pad_mode, 657 int first_encrypt_output_len, int second_encrypt_output_len, 658 int first_decrypt_output_len, int second_decrypt_output_len ) 659{ 660 size_t first_length = first_length_val; 661 size_t second_length = second_length_val; 662 size_t length = first_length + second_length; 663 size_t block_size; 664 size_t iv_len; 665 unsigned char key[32]; 666 unsigned char iv[16]; 667 668 mbedtls_cipher_context_t ctx_dec; 669 mbedtls_cipher_context_t ctx_enc; 670 const mbedtls_cipher_info_t *cipher_info; 671 672 unsigned char inbuf[64]; 673 unsigned char encbuf[64]; 674 unsigned char decbuf[64]; 675 676 size_t outlen = 0; 677 size_t totaloutlen = 0; 678 679 memset( key, 0, 32 ); 680 memset( iv , 0, 16 ); 681 682 mbedtls_cipher_init( &ctx_dec ); 683 mbedtls_cipher_init( &ctx_enc ); 684 685 memset( inbuf, 5, 64 ); 686 memset( encbuf, 0, 64 ); 687 memset( decbuf, 0, 64 ); 688 689 /* Initialise enc and dec contexts */ 690 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 691 TEST_ASSERT( NULL != cipher_info); 692 693 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 694 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); 695 696 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); 697 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); 698 699#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 700 if( -1 != pad_mode ) 701 { 702 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); 703 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); 704 } 705#else 706 (void) pad_mode; 707#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 708 709 if( NULL != strstr( cipher_info->name, "CCM*-NO-TAG") ) 710 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 711 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 712 else if( cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 713 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) 714 iv_len = 12; 715 else 716 iv_len = sizeof(iv); 717 718 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); 719 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); 720 721 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 722 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); 723 724#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 725 int expected = ( cipher_info->mode == MBEDTLS_MODE_GCM || 726 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 727 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 728 729 TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); 730 TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) ); 731#endif 732 733 block_size = mbedtls_cipher_get_block_size( &ctx_enc ); 734 TEST_ASSERT( block_size != 0 ); 735 736 /* encode length number of bytes from inbuf */ 737 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) ); 738 TEST_ASSERT( (size_t)first_encrypt_output_len == outlen ); 739 totaloutlen = outlen; 740 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) ); 741 TEST_ASSERT( (size_t)second_encrypt_output_len == outlen ); 742 totaloutlen += outlen; 743 TEST_ASSERT( totaloutlen == length || 744 ( totaloutlen % block_size == 0 && 745 totaloutlen < length && 746 totaloutlen + block_size > length ) ); 747 748 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + totaloutlen, &outlen ) ); 749 totaloutlen += outlen; 750 TEST_ASSERT( totaloutlen == length || 751 ( totaloutlen % block_size == 0 && 752 totaloutlen > length && 753 totaloutlen <= length + block_size ) ); 754 755 /* decode the previously encoded string */ 756 second_length = totaloutlen - first_length; 757 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) ); 758 TEST_ASSERT( (size_t)first_decrypt_output_len == outlen ); 759 totaloutlen = outlen; 760 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) ); 761 TEST_ASSERT( (size_t)second_decrypt_output_len == outlen ); 762 totaloutlen += outlen; 763 764 TEST_ASSERT( totaloutlen == length || 765 ( totaloutlen % block_size == 0 && 766 totaloutlen < length && 767 totaloutlen + block_size >= length ) ); 768 769 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) ); 770 totaloutlen += outlen; 771 772 TEST_ASSERT( totaloutlen == length ); 773 774 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) ); 775 776exit: 777 mbedtls_cipher_free( &ctx_dec ); 778 mbedtls_cipher_free( &ctx_enc ); 779} 780/* END_CASE */ 781 782/* BEGIN_CASE */ 783void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key, 784 data_t * iv, data_t * cipher, 785 data_t * clear, data_t * ad, data_t * tag, 786 int finish_result, int tag_result ) 787{ 788 unsigned char output[265]; 789 mbedtls_cipher_context_t ctx; 790 size_t outlen, total_len; 791 792 mbedtls_cipher_init( &ctx ); 793 794 memset( output, 0x00, sizeof( output ) ); 795 796#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 797 ((void) ad); 798 ((void) tag); 799#endif 800 801 /* Prepare context */ 802 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 803 mbedtls_cipher_info_from_type( cipher_id ) ) ); 804 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) ); 805#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 806 if( pad_mode != -1 ) 807 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 808#else 809 (void) pad_mode; 810#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 811 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) ); 812 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); 813#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 814 int expected = ( ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 815 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 816 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 817 818 TEST_EQUAL( expected, mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) ); 819#endif 820 821 /* decode buffer and check tag->x */ 822 total_len = 0; 823 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) ); 824 total_len += outlen; 825 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen, 826 &outlen ) ); 827 total_len += outlen; 828#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 829 int tag_expected = ( ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 830 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305 ) ? 831 tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 832 833 TEST_EQUAL( tag_expected, mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) ); 834#endif 835 836 /* check plaintext only if everything went fine */ 837 if( 0 == finish_result && 0 == tag_result ) 838 { 839 TEST_ASSERT( total_len == clear->len ); 840 TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) ); 841 } 842 843exit: 844 mbedtls_cipher_free( &ctx ); 845} 846/* END_CASE */ 847 848/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ 849void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, 850 data_t * ad, data_t * cipher, data_t * tag, 851 char * result, data_t * clear, int use_psa ) 852{ 853 /* 854 * Take an AEAD ciphertext + tag and perform a pair 855 * of AEAD decryption and AEAD encryption. Check that 856 * this results in the expected plaintext, and that 857 * decryption and encryption are inverse to one another. 858 */ 859 860 int ret; 861 int using_nist_kw, using_nist_kw_padding; 862 863 mbedtls_cipher_context_t ctx; 864 size_t outlen; 865 866 unsigned char *cipher_plus_tag = NULL; 867 size_t cipher_plus_tag_len; 868 unsigned char *decrypt_buf = NULL; 869 size_t decrypt_buf_len = 0; 870 unsigned char *encrypt_buf = NULL; 871 size_t encrypt_buf_len = 0; 872 873 /* Null pointers are documented as valid for inputs of length 0. 874 * The test framework passes non-null pointers, so set them to NULL. 875 * key, cipher and tag can't be empty. */ 876 if( iv->len == 0 ) 877 iv->x = NULL; 878 if( ad->len == 0 ) 879 ad->x = NULL; 880 if( clear->len == 0 ) 881 clear->x = NULL; 882 883 mbedtls_cipher_init( &ctx ); 884 885 /* Initialize PSA Crypto */ 886#if defined(MBEDTLS_USE_PSA_CRYPTO) 887 if( use_psa == 1 ) 888 PSA_ASSERT( psa_crypto_init( ) ); 889#else 890 (void) use_psa; 891#endif 892 893 /* 894 * Are we using NIST_KW? with padding? 895 */ 896 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 897 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 898 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 899 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 900 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 901 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 902 using_nist_kw_padding; 903 904 /* 905 * Prepare context for decryption 906 */ 907 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 908 MBEDTLS_DECRYPT ) ) 909 goto exit; 910 911 /* 912 * prepare buffer for decryption 913 * (we need the tag appended to the ciphertext) 914 */ 915 cipher_plus_tag_len = cipher->len + tag->len; 916 ASSERT_ALLOC( cipher_plus_tag, cipher_plus_tag_len ); 917 memcpy( cipher_plus_tag, cipher->x, cipher->len ); 918 memcpy( cipher_plus_tag + cipher->len, tag->x, tag->len ); 919 920 /* 921 * Compute length of output buffer according to the documentation 922 */ 923 if( using_nist_kw ) 924 decrypt_buf_len = cipher_plus_tag_len - 8; 925 else 926 decrypt_buf_len = cipher_plus_tag_len - tag->len; 927 928 929 /* 930 * Try decrypting to a buffer that's 1B too small 931 */ 932 if( decrypt_buf_len != 0 ) 933 { 934 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len - 1 ); 935 936 outlen = 0; 937 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len, 938 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 939 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len ); 940 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 941 942 mbedtls_free( decrypt_buf ); 943 decrypt_buf = NULL; 944 } 945 946 /* 947 * Authenticate and decrypt, and check result 948 */ 949 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len ); 950 951 outlen = 0; 952 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len, 953 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 954 decrypt_buf, decrypt_buf_len, &outlen, tag->len ); 955 956 if( strcmp( result, "FAIL" ) == 0 ) 957 { 958 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ); 959 TEST_ASSERT( buffer_is_all_zero( decrypt_buf, decrypt_buf_len ) ); 960 } 961 else 962 { 963 TEST_ASSERT( ret == 0 ); 964 ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len ); 965 } 966 967 mbedtls_free( decrypt_buf ); 968 decrypt_buf = NULL; 969 970 /* 971 * Encrypt back if test data was authentic 972 */ 973 if( strcmp( result, "FAIL" ) != 0 ) 974 { 975 /* prepare context for encryption */ 976 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 977 MBEDTLS_ENCRYPT ) ) 978 goto exit; 979 980 /* 981 * Compute size of output buffer according to documentation 982 */ 983 if( using_nist_kw ) 984 { 985 encrypt_buf_len = clear->len + 8; 986 if( using_nist_kw_padding && encrypt_buf_len % 8 != 0 ) 987 encrypt_buf_len += 8 - encrypt_buf_len % 8; 988 } 989 else 990 { 991 encrypt_buf_len = clear->len + tag->len; 992 } 993 994 /* 995 * Try encrypting with an output buffer that's 1B too small 996 */ 997 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len - 1 ); 998 999 outlen = 0; 1000 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len, 1001 ad->x, ad->len, clear->x, clear->len, 1002 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len ); 1003 TEST_ASSERT( ret != 0 ); 1004 1005 mbedtls_free( encrypt_buf ); 1006 encrypt_buf = NULL; 1007 1008 /* 1009 * Encrypt and check the result 1010 */ 1011 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len ); 1012 1013 outlen = 0; 1014 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len, 1015 ad->x, ad->len, clear->x, clear->len, 1016 encrypt_buf, encrypt_buf_len, &outlen, tag->len ); 1017 TEST_ASSERT( ret == 0 ); 1018 1019 TEST_ASSERT( outlen == cipher->len + tag->len ); 1020 TEST_ASSERT( memcmp( encrypt_buf, cipher->x, cipher->len ) == 0 ); 1021 TEST_ASSERT( memcmp( encrypt_buf + cipher->len, 1022 tag->x, tag->len ) == 0 ); 1023 1024 mbedtls_free( encrypt_buf ); 1025 encrypt_buf = NULL; 1026 } 1027 1028exit: 1029 1030 mbedtls_cipher_free( &ctx ); 1031 mbedtls_free( decrypt_buf ); 1032 mbedtls_free( encrypt_buf ); 1033 mbedtls_free( cipher_plus_tag ); 1034 1035#if defined(MBEDTLS_USE_PSA_CRYPTO) 1036 if( use_psa == 1 ) 1037 PSA_DONE( ); 1038#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1039} 1040/* END_CASE */ 1041 1042/* BEGIN_CASE */ 1043void test_vec_ecb( int cipher_id, int operation, data_t * key, 1044 data_t * input, data_t * result, int finish_result 1045 ) 1046{ 1047 mbedtls_cipher_context_t ctx; 1048 unsigned char output[32]; 1049 size_t outlen; 1050 1051 mbedtls_cipher_init( &ctx ); 1052 1053 memset( output, 0x00, sizeof( output ) ); 1054 1055 /* Prepare context */ 1056 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 1057 mbedtls_cipher_info_from_type( cipher_id ) ) ); 1058 1059 1060 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); 1061 1062 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x, 1063 mbedtls_cipher_get_block_size( &ctx ), 1064 output, &outlen ) ); 1065 TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) ); 1066 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen, 1067 &outlen ) ); 1068 TEST_ASSERT( 0 == outlen ); 1069 1070 /* check plaintext only if everything went fine */ 1071 if( 0 == finish_result ) 1072 TEST_ASSERT( 0 == memcmp( output, result->x, 1073 mbedtls_cipher_get_block_size( &ctx ) ) ); 1074 1075exit: 1076 mbedtls_cipher_free( &ctx ); 1077} 1078/* END_CASE */ 1079 1080/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1081void test_vec_crypt( int cipher_id, int operation, data_t *key, 1082 data_t *iv, data_t *input, data_t *result, 1083 int finish_result, int use_psa ) 1084{ 1085 mbedtls_cipher_context_t ctx; 1086 unsigned char output[32]; 1087 size_t outlen; 1088 1089 mbedtls_cipher_init( &ctx ); 1090 1091 memset( output, 0x00, sizeof( output ) ); 1092 1093 /* Prepare context */ 1094#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1095 (void) use_psa; 1096#else 1097 if( use_psa == 1 ) 1098 { 1099 PSA_ASSERT( psa_crypto_init( ) ); 1100 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx, 1101 mbedtls_cipher_info_from_type( cipher_id ), 0 ) ); 1102 } 1103 else 1104#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1105 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 1106 mbedtls_cipher_info_from_type( cipher_id ) ) ); 1107 1108 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); 1109 if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) 1110 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); 1111 1112 TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL, 1113 iv->len, input->x, input->len, 1114 output, &outlen ) ); 1115 TEST_ASSERT( result->len == outlen ); 1116 /* check plaintext only if everything went fine */ 1117 if( 0 == finish_result ) 1118 TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) ); 1119 1120exit: 1121 mbedtls_cipher_free( &ctx ); 1122#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1123 PSA_DONE( ); 1124#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1125} 1126/* END_CASE */ 1127 1128/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1129void set_padding( int cipher_id, int pad_mode, int ret ) 1130{ 1131 const mbedtls_cipher_info_t *cipher_info; 1132 mbedtls_cipher_context_t ctx; 1133 1134 mbedtls_cipher_init( &ctx ); 1135 1136 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 1137 TEST_ASSERT( NULL != cipher_info ); 1138 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 1139 1140 TEST_ASSERT( ret == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 1141 1142exit: 1143 mbedtls_cipher_free( &ctx ); 1144} 1145/* END_CASE */ 1146 1147/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1148void check_padding( int pad_mode, data_t * input, int ret, int dlen_check 1149 ) 1150{ 1151 mbedtls_cipher_info_t cipher_info; 1152 mbedtls_cipher_context_t ctx; 1153 size_t dlen; 1154 1155 /* build a fake context just for getting access to get_padding */ 1156 mbedtls_cipher_init( &ctx ); 1157 cipher_info.mode = MBEDTLS_MODE_CBC; 1158 ctx.cipher_info = &cipher_info; 1159 1160 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 1161 1162 1163 TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) ); 1164 if( 0 == ret ) 1165 TEST_ASSERT( dlen == (size_t) dlen_check ); 1166} 1167/* END_CASE */ 1168 1169/* BEGIN_CASE */ 1170void iv_len_validity( int cipher_id, char * cipher_string, 1171 int iv_len_val, int ret ) 1172{ 1173 size_t iv_len = iv_len_val; 1174 unsigned char iv[16]; 1175 1176 /* Initialise iv buffer */ 1177 memset( iv, 0, sizeof( iv ) ); 1178 1179 const mbedtls_cipher_info_t *cipher_info; 1180 mbedtls_cipher_context_t ctx_dec; 1181 mbedtls_cipher_context_t ctx_enc; 1182 1183 /* 1184 * Prepare contexts 1185 */ 1186 mbedtls_cipher_init( &ctx_dec ); 1187 mbedtls_cipher_init( &ctx_enc ); 1188 1189 /* Check and get info structures */ 1190 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 1191 TEST_ASSERT( NULL != cipher_info ); 1192 TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); 1193 TEST_ASSERT( strcmp( mbedtls_cipher_info_get_name( cipher_info ), 1194 cipher_string ) == 0 ); 1195 1196 /* Initialise enc and dec contexts */ 1197 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 1198 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); 1199 1200 TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_dec, iv, iv_len ) ); 1201 TEST_ASSERT( ret == mbedtls_cipher_set_iv( &ctx_enc, iv, iv_len ) ); 1202 1203exit: 1204 mbedtls_cipher_free( &ctx_dec ); 1205 mbedtls_cipher_free( &ctx_enc ); 1206} 1207/* END_CASE */ 1208