1/* BEGIN_HEADER */ 2#include "mbedtls/chachapoly.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_CHACHAPOLY_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE */ 11void mbedtls_chachapoly_enc(data_t *key_str, 12 data_t *nonce_str, 13 data_t *aad_str, 14 data_t *input_str, 15 data_t *output_str, 16 data_t *mac_str) 17{ 18 unsigned char output[265]; 19 unsigned char mac[16]; /* size set by the standard */ 20 mbedtls_chachapoly_context ctx; 21 22 TEST_ASSERT(key_str->len == 32); 23 TEST_ASSERT(nonce_str->len == 12); 24 TEST_ASSERT(mac_str->len == 16); 25 26 mbedtls_chachapoly_init(&ctx); 27 28 TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0); 29 30 TEST_ASSERT(mbedtls_chachapoly_encrypt_and_tag(&ctx, 31 input_str->len, nonce_str->x, 32 aad_str->x, aad_str->len, 33 input_str->x, output, mac) == 0); 34 35 TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0); 36 TEST_ASSERT(memcmp(mac_str->x, mac, 16U) == 0); 37 38exit: 39 mbedtls_chachapoly_free(&ctx); 40} 41/* END_CASE */ 42 43/* BEGIN_CASE */ 44void mbedtls_chachapoly_dec(data_t *key_str, 45 data_t *nonce_str, 46 data_t *aad_str, 47 data_t *input_str, 48 data_t *output_str, 49 data_t *mac_str, 50 int ret_exp) 51{ 52 unsigned char output[265]; 53 int ret; 54 mbedtls_chachapoly_context ctx; 55 56 TEST_ASSERT(key_str->len == 32); 57 TEST_ASSERT(nonce_str->len == 12); 58 TEST_ASSERT(mac_str->len == 16); 59 60 mbedtls_chachapoly_init(&ctx); 61 62 TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0); 63 64 ret = mbedtls_chachapoly_auth_decrypt(&ctx, 65 input_str->len, nonce_str->x, 66 aad_str->x, aad_str->len, 67 mac_str->x, input_str->x, output); 68 69 TEST_ASSERT(ret == ret_exp); 70 if (ret_exp == 0) { 71 TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0); 72 } 73 74exit: 75 mbedtls_chachapoly_free(&ctx); 76} 77/* END_CASE */ 78 79/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 80void chachapoly_bad_params() 81{ 82 unsigned char key[32]; 83 unsigned char nonce[12]; 84 unsigned char aad[1]; 85 unsigned char input[1]; 86 unsigned char output[1]; 87 unsigned char mac[16]; 88 size_t input_len = sizeof(input); 89 size_t aad_len = sizeof(aad); 90 mbedtls_chachapoly_context ctx; 91 92 memset(key, 0x00, sizeof(key)); 93 memset(nonce, 0x00, sizeof(nonce)); 94 memset(aad, 0x00, sizeof(aad)); 95 memset(input, 0x00, sizeof(input)); 96 memset(output, 0x00, sizeof(output)); 97 memset(mac, 0x00, sizeof(mac)); 98 99 TEST_INVALID_PARAM(mbedtls_chachapoly_init(NULL)); 100 TEST_VALID_PARAM(mbedtls_chachapoly_free(NULL)); 101 102 /* setkey */ 103 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 104 mbedtls_chachapoly_setkey(NULL, key)); 105 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 106 mbedtls_chachapoly_setkey(&ctx, NULL)); 107 108 /* encrypt_and_tag */ 109 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 110 mbedtls_chachapoly_encrypt_and_tag(NULL, 111 0, nonce, 112 aad, 0, 113 input, output, mac)); 114 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 115 mbedtls_chachapoly_encrypt_and_tag(&ctx, 116 0, NULL, 117 aad, 0, 118 input, output, mac)); 119 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 120 mbedtls_chachapoly_encrypt_and_tag(&ctx, 121 0, nonce, 122 NULL, aad_len, 123 input, output, mac)); 124 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 125 mbedtls_chachapoly_encrypt_and_tag(&ctx, 126 input_len, nonce, 127 aad, 0, 128 NULL, output, mac)); 129 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 130 mbedtls_chachapoly_encrypt_and_tag(&ctx, 131 input_len, nonce, 132 aad, 0, 133 input, NULL, mac)); 134 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 135 mbedtls_chachapoly_encrypt_and_tag(&ctx, 136 0, nonce, 137 aad, 0, 138 input, output, NULL)); 139 140 /* auth_decrypt */ 141 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 142 mbedtls_chachapoly_auth_decrypt(NULL, 143 0, nonce, 144 aad, 0, 145 mac, input, output)); 146 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 147 mbedtls_chachapoly_auth_decrypt(&ctx, 148 0, NULL, 149 aad, 0, 150 mac, input, output)); 151 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 152 mbedtls_chachapoly_auth_decrypt(&ctx, 153 0, nonce, 154 NULL, aad_len, 155 mac, input, output)); 156 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 157 mbedtls_chachapoly_auth_decrypt(&ctx, 158 0, nonce, 159 aad, 0, 160 NULL, input, output)); 161 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 162 mbedtls_chachapoly_auth_decrypt(&ctx, 163 input_len, nonce, 164 aad, 0, 165 mac, NULL, output)); 166 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 167 mbedtls_chachapoly_auth_decrypt(&ctx, 168 input_len, nonce, 169 aad, 0, 170 mac, input, NULL)); 171 172 /* starts */ 173 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 174 mbedtls_chachapoly_starts(NULL, nonce, 175 MBEDTLS_CHACHAPOLY_ENCRYPT)); 176 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 177 mbedtls_chachapoly_starts(&ctx, NULL, 178 MBEDTLS_CHACHAPOLY_ENCRYPT)); 179 180 /* update_aad */ 181 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 182 mbedtls_chachapoly_update_aad(NULL, aad, 183 aad_len)); 184 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 185 mbedtls_chachapoly_update_aad(&ctx, NULL, 186 aad_len)); 187 188 /* update */ 189 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 190 mbedtls_chachapoly_update(NULL, input_len, 191 input, output)); 192 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 193 mbedtls_chachapoly_update(&ctx, input_len, 194 NULL, output)); 195 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 196 mbedtls_chachapoly_update(&ctx, input_len, 197 input, NULL)); 198 199 /* finish */ 200 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 201 mbedtls_chachapoly_finish(NULL, mac)); 202 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, 203 mbedtls_chachapoly_finish(&ctx, NULL)); 204 205exit: 206 return; 207} 208/* END_CASE */ 209 210/* BEGIN_CASE */ 211void chachapoly_state() 212{ 213 unsigned char key[32]; 214 unsigned char nonce[12]; 215 unsigned char aad[1]; 216 unsigned char input[1]; 217 unsigned char output[1]; 218 unsigned char mac[16]; 219 size_t input_len = sizeof(input); 220 size_t aad_len = sizeof(aad); 221 mbedtls_chachapoly_context ctx; 222 223 memset(key, 0x00, sizeof(key)); 224 memset(nonce, 0x00, sizeof(nonce)); 225 memset(aad, 0x00, sizeof(aad)); 226 memset(input, 0x00, sizeof(input)); 227 memset(output, 0x00, sizeof(output)); 228 memset(mac, 0x00, sizeof(mac)); 229 230 /* Initial state: finish, update, update_aad forbidden */ 231 mbedtls_chachapoly_init(&ctx); 232 233 TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 234 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 235 TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 236 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 237 TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 238 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 239 240 /* Still initial state: finish, update, update_aad forbidden */ 241 TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key) 242 == 0); 243 244 TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 245 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 246 TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 247 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 248 TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 249 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 250 251 /* Starts -> finish OK */ 252 TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) 253 == 0); 254 TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 255 == 0); 256 257 /* After finish: update, update_aad forbidden */ 258 TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 259 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 260 TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 261 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 262 263 /* Starts -> update* OK */ 264 TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) 265 == 0); 266 TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 267 == 0); 268 TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 269 == 0); 270 271 /* After update: update_aad forbidden */ 272 TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 273 == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 274 275 /* Starts -> update_aad* -> finish OK */ 276 TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) 277 == 0); 278 TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 279 == 0); 280 TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 281 == 0); 282 TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 283 == 0); 284 285exit: 286 mbedtls_chachapoly_free(&ctx); 287} 288/* END_CASE */ 289 290/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 291void chachapoly_selftest() 292{ 293 TEST_ASSERT(mbedtls_chachapoly_self_test(1) == 0); 294} 295/* END_CASE */ 296