1/* BEGIN_HEADER */ 2#include "mbedtls/ccm.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_CCM_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ 11void mbedtls_ccm_self_test( ) 12{ 13 TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 ); 14} 15/* END_CASE */ 16 17/* BEGIN_CASE */ 18void mbedtls_ccm_setkey( int cipher_id, int key_size, int result ) 19{ 20 mbedtls_ccm_context ctx; 21 unsigned char key[32]; 22 int ret; 23 24 mbedtls_ccm_init( &ctx ); 25 26 memset( key, 0x2A, sizeof( key ) ); 27 TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) ); 28 29 ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size ); 30 TEST_ASSERT( ret == result ); 31 32exit: 33 mbedtls_ccm_free( &ctx ); 34} 35/* END_CASE */ 36 37/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 38void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) 39{ 40 mbedtls_ccm_context ctx; 41 unsigned char key[16]; 42 unsigned char msg[10]; 43 unsigned char iv[14]; 44 unsigned char *add = NULL; 45 unsigned char out[10]; 46 unsigned char tag[18]; 47 int decrypt_ret; 48 49 mbedtls_ccm_init( &ctx ); 50 51 ASSERT_ALLOC_WEAK( add, add_len ); 52 memset( key, 0, sizeof( key ) ); 53 memset( msg, 0, sizeof( msg ) ); 54 memset( iv, 0, sizeof( iv ) ); 55 memset( out, 0, sizeof( out ) ); 56 memset( tag, 0, sizeof( tag ) ); 57 58 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, 59 key, 8 * sizeof( key ) ) == 0 ); 60 61 TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len, 62 msg, out, tag, tag_len ) == res ); 63 64 decrypt_ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len, 65 msg, out, tag, tag_len ); 66 67 if( res == 0 ) 68 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED ); 69 else 70 TEST_ASSERT( decrypt_ret == res ); 71 72exit: 73 mbedtls_free( add ); 74 mbedtls_ccm_free( &ctx ); 75} 76/* END_CASE */ 77 78/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 79void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len, 80 int res ) 81{ 82 mbedtls_ccm_context ctx; 83 unsigned char key[16]; 84 unsigned char msg[10]; 85 unsigned char iv[14]; 86 unsigned char add[10]; 87 unsigned char out[10]; 88 unsigned char tag[18]; 89 int decrypt_ret; 90 91 mbedtls_ccm_init( &ctx ); 92 93 memset( key, 0, sizeof( key ) ); 94 memset( msg, 0, sizeof( msg ) ); 95 memset( iv, 0, sizeof( iv ) ); 96 memset( add, 0, sizeof( add ) ); 97 memset( out, 0, sizeof( out ) ); 98 memset( tag, 0, sizeof( tag ) ); 99 100 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, 101 key, 8 * sizeof( key ) ) == 0 ); 102 103 TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len, 104 add, add_len, msg, out, tag, tag_len ) == res ); 105 106 decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add, 107 add_len, msg, out, tag, tag_len ); 108 109 if( res == 0 && tag_len != 0 ) 110 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED ); 111 else 112 TEST_ASSERT( decrypt_ret == res ); 113 114exit: 115 mbedtls_ccm_free( &ctx ); 116} 117/* END_CASE */ 118 119/* BEGIN_CASE */ 120void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key, 121 data_t * msg, data_t * iv, 122 data_t * add, data_t * result ) 123{ 124 mbedtls_ccm_context ctx; 125 size_t tag_len; 126 uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 ); 127 128 mbedtls_ccm_init( &ctx ); 129 130 memset( msg_n_tag, 0, result->len + 2 ); 131 memcpy( msg_n_tag, msg->x, msg->len ); 132 133 tag_len = result->len - msg->len; 134 135 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); 136 137 /* Test with input == output */ 138 TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len, 139 msg_n_tag, msg_n_tag, msg_n_tag + msg->len, tag_len ) == 0 ); 140 141 TEST_ASSERT( memcmp( msg_n_tag, result->x, result->len ) == 0 ); 142 143 /* Check we didn't write past the end */ 144 TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 ); 145 146exit: 147 mbedtls_ccm_free( &ctx ); 148 free( msg_n_tag ); 149} 150/* END_CASE */ 151 152/* BEGIN_CASE */ 153void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, 154 data_t * msg, data_t * iv, 155 data_t * add, int tag_len, int result, 156 data_t * expected_msg ) 157{ 158 unsigned char tag[16]; 159 mbedtls_ccm_context ctx; 160 161 mbedtls_ccm_init( &ctx ); 162 163 memset( tag, 0x00, sizeof( tag ) ); 164 165 msg->len -= tag_len; 166 memcpy( tag, msg->x + msg->len, tag_len ); 167 168 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); 169 170 /* Test with input == output */ 171 TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len, 172 msg->x, msg->x, msg->x + msg->len, tag_len ) == result ); 173 174 if( result == 0 ) 175 { 176 TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 ); 177 } 178 else 179 { 180 size_t i; 181 182 for( i = 0; i < msg->len; i++ ) 183 TEST_ASSERT( msg->x[i] == 0 ); 184 } 185 186 /* Check we didn't write past the end (where the original tag is) */ 187 TEST_ASSERT( memcmp( msg->x + msg->len, tag, tag_len ) == 0 ); 188 189exit: 190 mbedtls_ccm_free( &ctx ); 191} 192/* END_CASE */ 193 194/* BEGIN_CASE */ 195void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, 196 data_t *key, data_t *msg, 197 data_t *source_address, data_t *frame_counter, 198 int sec_level, data_t *add, 199 data_t *expected_result, int output_ret ) 200{ 201 unsigned char iv[13]; 202 unsigned char result[50]; 203 mbedtls_ccm_context ctx; 204 size_t iv_len, tag_len; 205 int ret; 206 207 mbedtls_ccm_init( &ctx ); 208 209 memset( result, 0x00, sizeof( result ) ); 210 211 if( sec_level % 4 == 0) 212 tag_len = 0; 213 else 214 tag_len = 1 << ( sec_level % 4 + 1); 215 216 TEST_ASSERT( source_address->len == 8 ); 217 TEST_ASSERT( frame_counter->len == 4 ); 218 memcpy( iv, source_address->x, source_address->len ); 219 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len ); 220 iv[source_address->len + frame_counter->len] = sec_level; 221 iv_len = sizeof( iv ); 222 223 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, 224 key->x, key->len * 8 ) == 0 ); 225 226 ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len, 227 add->x, add->len, msg->x, 228 result, result + msg->len, tag_len ); 229 230 TEST_ASSERT( ret == output_ret ); 231 232 TEST_ASSERT( memcmp( result, 233 expected_result->x, expected_result->len ) == 0 ); 234 235 /* Check we didn't write past the end */ 236 TEST_ASSERT( result[expected_result->len] == 0 && 237 result[expected_result->len + 1] == 0 ); 238 239exit: 240 mbedtls_ccm_free( &ctx ); 241} 242/* END_CASE */ 243 244/* BEGIN_CASE */ 245void mbedtls_ccm_star_auth_decrypt( int cipher_id, 246 data_t *key, data_t *msg, 247 data_t *source_address, data_t *frame_counter, 248 int sec_level, data_t *add, 249 data_t *expected_result, int output_ret ) 250{ 251 unsigned char iv[13]; 252 unsigned char result[50]; 253 mbedtls_ccm_context ctx; 254 size_t iv_len, tag_len; 255 int ret; 256 257 mbedtls_ccm_init( &ctx ); 258 259 memset( iv, 0x00, sizeof( iv ) ); 260 memset( result, '+', sizeof( result ) ); 261 262 if( sec_level % 4 == 0) 263 tag_len = 0; 264 else 265 tag_len = 1 << ( sec_level % 4 + 1); 266 267 TEST_ASSERT( source_address->len == 8 ); 268 TEST_ASSERT( frame_counter->len == 4 ); 269 memcpy( iv, source_address->x, source_address->len ); 270 memcpy( iv + source_address->len, frame_counter->x, frame_counter->len ); 271 iv[source_address->len + frame_counter->len] = sec_level; 272 iv_len = sizeof( iv ); 273 274 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); 275 276 ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len, 277 add->x, add->len, msg->x, result, 278 msg->x + msg->len - tag_len, tag_len ); 279 280 TEST_ASSERT( ret == output_ret ); 281 282 TEST_ASSERT( memcmp( result, expected_result->x, 283 expected_result->len ) == 0 ); 284 285 /* Check we didn't write past the end (where the original tag is) */ 286 TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) ); 287 TEST_EQUAL( result[msg->len], '+' ); 288 TEST_EQUAL( result[msg->len + 1], '+' ); 289 290exit: 291 mbedtls_ccm_free( &ctx ); 292} 293/* END_CASE */ 294 295/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 296void ccm_invalid_param( ) 297{ 298 struct mbedtls_ccm_context ctx; 299 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; 300 mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; 301 int valid_len = sizeof(valid_buffer); 302 int valid_bitlen = valid_len * 8; 303 304 mbedtls_ccm_init( &ctx ); 305 306 /* mbedtls_ccm_init() */ 307 TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) ); 308 309 /* mbedtls_ccm_setkey() */ 310 TEST_INVALID_PARAM_RET( 311 MBEDTLS_ERR_CCM_BAD_INPUT, 312 mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) ); 313 TEST_INVALID_PARAM_RET( 314 MBEDTLS_ERR_CCM_BAD_INPUT, 315 mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) ); 316 317 /* mbedtls_ccm_encrypt_and_tag() */ 318 TEST_INVALID_PARAM_RET( 319 MBEDTLS_ERR_CCM_BAD_INPUT, 320 mbedtls_ccm_encrypt_and_tag( NULL, valid_len, 321 valid_buffer, valid_len, 322 valid_buffer, valid_len, 323 valid_buffer, valid_buffer, 324 valid_buffer, valid_len ) ); 325 TEST_INVALID_PARAM_RET( 326 MBEDTLS_ERR_CCM_BAD_INPUT, 327 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 328 NULL, valid_len, 329 valid_buffer, valid_len, 330 valid_buffer, valid_buffer, 331 valid_buffer, valid_len ) ); 332 TEST_INVALID_PARAM_RET( 333 MBEDTLS_ERR_CCM_BAD_INPUT, 334 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 335 valid_buffer, valid_len, 336 NULL, valid_len, 337 valid_buffer, valid_buffer, 338 valid_buffer, valid_len ) ); 339 TEST_INVALID_PARAM_RET( 340 MBEDTLS_ERR_CCM_BAD_INPUT, 341 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 342 valid_buffer, valid_len, 343 valid_buffer, valid_len, 344 NULL, valid_buffer, 345 valid_buffer, valid_len ) ); 346 TEST_INVALID_PARAM_RET( 347 MBEDTLS_ERR_CCM_BAD_INPUT, 348 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 349 valid_buffer, valid_len, 350 valid_buffer, valid_len, 351 valid_buffer, NULL, 352 valid_buffer, valid_len ) ); 353 TEST_INVALID_PARAM_RET( 354 MBEDTLS_ERR_CCM_BAD_INPUT, 355 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 356 valid_buffer, valid_len, 357 valid_buffer, valid_len, 358 valid_buffer, valid_buffer, 359 NULL, valid_len ) ); 360 361 /* mbedtls_ccm_star_encrypt_and_tag() */ 362 TEST_INVALID_PARAM_RET( 363 MBEDTLS_ERR_CCM_BAD_INPUT, 364 mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len, 365 valid_buffer, valid_len, 366 valid_buffer, valid_len, 367 valid_buffer, valid_buffer, 368 valid_buffer, valid_len) ); 369 TEST_INVALID_PARAM_RET( 370 MBEDTLS_ERR_CCM_BAD_INPUT, 371 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 372 NULL, valid_len, 373 valid_buffer, valid_len, 374 valid_buffer, valid_buffer, 375 valid_buffer, valid_len ) ); 376 TEST_INVALID_PARAM_RET( 377 MBEDTLS_ERR_CCM_BAD_INPUT, 378 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 379 valid_buffer, valid_len, 380 NULL, valid_len, 381 valid_buffer, valid_buffer, 382 valid_buffer, valid_len ) ); 383 TEST_INVALID_PARAM_RET( 384 MBEDTLS_ERR_CCM_BAD_INPUT, 385 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 386 valid_buffer, valid_len, 387 valid_buffer, valid_len, 388 NULL, valid_buffer, 389 valid_buffer, valid_len ) ); 390 TEST_INVALID_PARAM_RET( 391 MBEDTLS_ERR_CCM_BAD_INPUT, 392 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 393 valid_buffer, valid_len, 394 valid_buffer, valid_len, 395 valid_buffer, NULL, 396 valid_buffer, valid_len ) ); 397 TEST_INVALID_PARAM_RET( 398 MBEDTLS_ERR_CCM_BAD_INPUT, 399 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 400 valid_buffer, valid_len, 401 valid_buffer, valid_len, 402 valid_buffer, valid_buffer, 403 NULL, valid_len ) ); 404 405 /* mbedtls_ccm_auth_decrypt() */ 406 TEST_INVALID_PARAM_RET( 407 MBEDTLS_ERR_CCM_BAD_INPUT, 408 mbedtls_ccm_auth_decrypt( NULL, valid_len, 409 valid_buffer, valid_len, 410 valid_buffer, valid_len, 411 valid_buffer, valid_buffer, 412 valid_buffer, valid_len ) ); 413 TEST_INVALID_PARAM_RET( 414 MBEDTLS_ERR_CCM_BAD_INPUT, 415 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 416 NULL, valid_len, 417 valid_buffer, valid_len, 418 valid_buffer, valid_buffer, 419 valid_buffer, valid_len ) ); 420 TEST_INVALID_PARAM_RET( 421 MBEDTLS_ERR_CCM_BAD_INPUT, 422 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 423 valid_buffer, valid_len, 424 NULL, valid_len, 425 valid_buffer, valid_buffer, 426 valid_buffer, valid_len ) ); 427 TEST_INVALID_PARAM_RET( 428 MBEDTLS_ERR_CCM_BAD_INPUT, 429 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 430 valid_buffer, valid_len, 431 valid_buffer, valid_len, 432 NULL, valid_buffer, 433 valid_buffer, valid_len ) ); 434 TEST_INVALID_PARAM_RET( 435 MBEDTLS_ERR_CCM_BAD_INPUT, 436 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 437 valid_buffer, valid_len, 438 valid_buffer, valid_len, 439 valid_buffer, NULL, 440 valid_buffer, valid_len ) ); 441 TEST_INVALID_PARAM_RET( 442 MBEDTLS_ERR_CCM_BAD_INPUT, 443 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 444 valid_buffer, valid_len, 445 valid_buffer, valid_len, 446 valid_buffer, valid_buffer, 447 NULL, valid_len ) ); 448 449 /* mbedtls_ccm_star_auth_decrypt() */ 450 TEST_INVALID_PARAM_RET( 451 MBEDTLS_ERR_CCM_BAD_INPUT, 452 mbedtls_ccm_star_auth_decrypt( NULL, valid_len, 453 valid_buffer, valid_len, 454 valid_buffer, valid_len, 455 valid_buffer, valid_buffer, 456 valid_buffer, valid_len ) ); 457 TEST_INVALID_PARAM_RET( 458 MBEDTLS_ERR_CCM_BAD_INPUT, 459 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 460 NULL, valid_len, 461 valid_buffer, valid_len, 462 valid_buffer, valid_buffer, 463 valid_buffer, valid_len ) ); 464 TEST_INVALID_PARAM_RET( 465 MBEDTLS_ERR_CCM_BAD_INPUT, 466 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 467 valid_buffer, valid_len, 468 NULL, valid_len, 469 valid_buffer, valid_buffer, 470 valid_buffer, valid_len ) ); 471 TEST_INVALID_PARAM_RET( 472 MBEDTLS_ERR_CCM_BAD_INPUT, 473 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 474 valid_buffer, valid_len, 475 valid_buffer, valid_len, 476 NULL, valid_buffer, 477 valid_buffer, valid_len ) ); 478 TEST_INVALID_PARAM_RET( 479 MBEDTLS_ERR_CCM_BAD_INPUT, 480 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 481 valid_buffer, valid_len, 482 valid_buffer, valid_len, 483 valid_buffer, NULL, 484 valid_buffer, valid_len ) ); 485 TEST_INVALID_PARAM_RET( 486 MBEDTLS_ERR_CCM_BAD_INPUT, 487 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 488 valid_buffer, valid_len, 489 valid_buffer, valid_len, 490 valid_buffer, valid_buffer, 491 NULL, valid_len ) ); 492 493exit: 494 mbedtls_ccm_free( &ctx ); 495 return; 496} 497/* END_CASE */ 498 499/* BEGIN_CASE */ 500void ccm_valid_param( ) 501{ 502 TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) ); 503exit: 504 return; 505} 506/* END_CASE */ 507