1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3#include "mbedtls/aes.h" 4 5#if defined(MBEDTLS_GCM_C) 6#include "mbedtls/gcm.h" 7#endif 8 9#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 10#define MBEDTLS_CIPHER_AUTH_CRYPT 11#endif 12 13#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) 14/* Helper for resetting key/direction 15 * 16 * The documentation doesn't explicitly say whether calling 17 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 18 * the default software implementation, but only by accident. It isn't 19 * guaranteed to work with new ciphers or with alternative implementations of 20 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 21 * it, and instead start with a fresh context. 22 */ 23static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 24 int use_psa, size_t tag_len, const data_t *key, int direction) 25{ 26 mbedtls_cipher_free(ctx); 27 mbedtls_cipher_init(ctx); 28 29#if !defined(MBEDTLS_USE_PSA_CRYPTO) 30 (void) use_psa; 31 (void) tag_len; 32#else 33 if (use_psa == 1) { 34 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 35 mbedtls_cipher_info_from_type(cipher_id), 36 tag_len)); 37 } else 38#endif /* MBEDTLS_USE_PSA_CRYPTO */ 39 { 40 TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 41 mbedtls_cipher_info_from_type(cipher_id))); 42 } 43 44 TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 45 direction)); 46 return 1; 47 48exit: 49 return 0; 50} 51 52/* 53 * Check if a buffer is all-0 bytes: 54 * return 1 if it is, 55 * 0 if it isn't. 56 */ 57int buffer_is_all_zero(const uint8_t *buf, size_t size) 58{ 59 for (size_t i = 0; i < size; i++) { 60 if (buf[i] != 0) { 61 return 0; 62 } 63 } 64 return 1; 65} 66#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 67 68/* END_HEADER */ 69 70/* BEGIN_DEPENDENCIES 71 * depends_on:MBEDTLS_CIPHER_C 72 * END_DEPENDENCIES 73 */ 74 75/* BEGIN_CASE */ 76void mbedtls_cipher_list() 77{ 78 const int *cipher_type; 79 80 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 81 TEST_ASSERT(mbedtls_cipher_info_from_type(*cipher_type) != NULL); 82 } 83} 84/* END_CASE */ 85 86/* BEGIN_CASE */ 87void cipher_invalid_param_unconditional() 88{ 89 mbedtls_cipher_context_t valid_ctx; 90 mbedtls_cipher_context_t invalid_ctx; 91 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 92 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 93 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 94 int valid_size = sizeof(valid_buffer); 95 int valid_bitlen = valid_size * 8; 96 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 97 *(mbedtls_cipher_list())); 98 size_t size_t_var; 99 100 (void) valid_mode; /* In some configurations this is unused */ 101 102 mbedtls_cipher_init(&valid_ctx); 103 mbedtls_cipher_init(&invalid_ctx); 104 105 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 106 107 /* mbedtls_cipher_setup() */ 108 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 109 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 110 111 /* mbedtls_cipher_get_block_size() */ 112 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 113 114 /* mbedtls_cipher_get_cipher_mode() */ 115 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 116 MBEDTLS_MODE_NONE); 117 118 /* mbedtls_cipher_get_iv_size() */ 119 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 120 121 /* mbedtls_cipher_get_type() */ 122 TEST_ASSERT( 123 mbedtls_cipher_get_type(&invalid_ctx) == 124 MBEDTLS_CIPHER_NONE); 125 126 /* mbedtls_cipher_get_name() */ 127 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 128 129 /* mbedtls_cipher_get_key_bitlen() */ 130 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 131 MBEDTLS_KEY_LENGTH_NONE); 132 133 /* mbedtls_cipher_get_operation() */ 134 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 135 MBEDTLS_OPERATION_NONE); 136 137 /* mbedtls_cipher_setkey() */ 138 TEST_ASSERT( 139 mbedtls_cipher_setkey(&invalid_ctx, 140 valid_buffer, 141 valid_bitlen, 142 valid_operation) == 143 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 144 145 /* mbedtls_cipher_set_iv() */ 146 TEST_ASSERT( 147 mbedtls_cipher_set_iv(&invalid_ctx, 148 valid_buffer, 149 valid_size) == 150 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 151 152 /* mbedtls_cipher_reset() */ 153 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 154 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 155 156#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 157 /* mbedtls_cipher_update_ad() */ 158 TEST_ASSERT( 159 mbedtls_cipher_update_ad(&invalid_ctx, 160 valid_buffer, 161 valid_size) == 162 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 163#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 164 165#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 166 /* mbedtls_cipher_set_padding_mode() */ 167 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 168 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 169#endif 170 171 /* mbedtls_cipher_update() */ 172 TEST_ASSERT( 173 mbedtls_cipher_update(&invalid_ctx, 174 valid_buffer, 175 valid_size, 176 valid_buffer, 177 &size_t_var) == 178 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 179 180 /* mbedtls_cipher_finish() */ 181 TEST_ASSERT( 182 mbedtls_cipher_finish(&invalid_ctx, 183 valid_buffer, 184 &size_t_var) == 185 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 186 187#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 188 /* mbedtls_cipher_write_tag() */ 189 TEST_ASSERT( 190 mbedtls_cipher_write_tag(&invalid_ctx, 191 valid_buffer, 192 valid_size) == 193 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 194 195 /* mbedtls_cipher_check_tag() */ 196 TEST_ASSERT( 197 mbedtls_cipher_check_tag(&invalid_ctx, 198 valid_buffer, 199 valid_size) == 200 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 201#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 202 203exit: 204 mbedtls_cipher_free(&invalid_ctx); 205 mbedtls_cipher_free(&valid_ctx); 206} 207/* END_CASE */ 208 209/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 210void cipher_invalid_param_conditional() 211{ 212 mbedtls_cipher_context_t valid_ctx; 213 214 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 215 mbedtls_operation_t invalid_operation = 100; 216 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 217 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 218 int valid_size = sizeof(valid_buffer); 219 int valid_bitlen = valid_size * 8; 220 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 221 *(mbedtls_cipher_list())); 222 223 size_t size_t_var; 224 225 (void) valid_mode; /* In some configurations this is unused */ 226 227 /* mbedtls_cipher_init() */ 228 TEST_VALID_PARAM(mbedtls_cipher_init(&valid_ctx)); 229 TEST_INVALID_PARAM(mbedtls_cipher_init(NULL)); 230 231 /* mbedtls_cipher_setup() */ 232 TEST_VALID_PARAM(mbedtls_cipher_setup(&valid_ctx, valid_info)); 233 TEST_INVALID_PARAM_RET( 234 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 235 mbedtls_cipher_setup(NULL, valid_info)); 236 237 /* mbedtls_cipher_get_block_size() */ 238 TEST_INVALID_PARAM_RET(0, mbedtls_cipher_get_block_size(NULL)); 239 240 /* mbedtls_cipher_get_cipher_mode() */ 241 TEST_INVALID_PARAM_RET( 242 MBEDTLS_MODE_NONE, 243 mbedtls_cipher_get_cipher_mode(NULL)); 244 245 /* mbedtls_cipher_get_iv_size() */ 246 TEST_INVALID_PARAM_RET(0, mbedtls_cipher_get_iv_size(NULL)); 247 248 /* mbedtls_cipher_get_type() */ 249 TEST_INVALID_PARAM_RET( 250 MBEDTLS_CIPHER_NONE, 251 mbedtls_cipher_get_type(NULL)); 252 253 /* mbedtls_cipher_get_name() */ 254 TEST_INVALID_PARAM_RET(0, mbedtls_cipher_get_name(NULL)); 255 256 /* mbedtls_cipher_get_key_bitlen() */ 257 TEST_INVALID_PARAM_RET( 258 MBEDTLS_KEY_LENGTH_NONE, 259 mbedtls_cipher_get_key_bitlen(NULL)); 260 261 /* mbedtls_cipher_get_operation() */ 262 TEST_INVALID_PARAM_RET( 263 MBEDTLS_OPERATION_NONE, 264 mbedtls_cipher_get_operation(NULL)); 265 266 /* mbedtls_cipher_setkey() */ 267 TEST_INVALID_PARAM_RET( 268 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 269 mbedtls_cipher_setkey(NULL, 270 valid_buffer, 271 valid_bitlen, 272 valid_operation)); 273 TEST_INVALID_PARAM_RET( 274 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 275 mbedtls_cipher_setkey(&valid_ctx, 276 NULL, 277 valid_bitlen, 278 valid_operation)); 279 TEST_INVALID_PARAM_RET( 280 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 281 mbedtls_cipher_setkey(&valid_ctx, 282 valid_buffer, 283 valid_bitlen, 284 invalid_operation)); 285 286 /* mbedtls_cipher_set_iv() */ 287 TEST_INVALID_PARAM_RET( 288 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 289 mbedtls_cipher_set_iv(NULL, 290 valid_buffer, 291 valid_size)); 292 TEST_INVALID_PARAM_RET( 293 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 294 mbedtls_cipher_set_iv(&valid_ctx, 295 NULL, 296 valid_size)); 297 298 /* mbedtls_cipher_reset() */ 299 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 300 mbedtls_cipher_reset(NULL)); 301 302#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 303 /* mbedtls_cipher_update_ad() */ 304 TEST_INVALID_PARAM_RET( 305 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 306 mbedtls_cipher_update_ad(NULL, 307 valid_buffer, 308 valid_size)); 309 TEST_INVALID_PARAM_RET( 310 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 311 mbedtls_cipher_update_ad(&valid_ctx, 312 NULL, 313 valid_size)); 314#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 315 316#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 317 /* mbedtls_cipher_set_padding_mode() */ 318 TEST_INVALID_PARAM_RET(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 319 mbedtls_cipher_set_padding_mode(NULL, valid_mode)); 320#endif 321 322 /* mbedtls_cipher_update() */ 323 TEST_INVALID_PARAM_RET( 324 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 325 mbedtls_cipher_update(NULL, 326 valid_buffer, 327 valid_size, 328 valid_buffer, 329 &size_t_var)); 330 TEST_INVALID_PARAM_RET( 331 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 332 mbedtls_cipher_update(&valid_ctx, 333 NULL, valid_size, 334 valid_buffer, 335 &size_t_var)); 336 TEST_INVALID_PARAM_RET( 337 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 338 mbedtls_cipher_update(&valid_ctx, 339 valid_buffer, valid_size, 340 NULL, 341 &size_t_var)); 342 TEST_INVALID_PARAM_RET( 343 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 344 mbedtls_cipher_update(&valid_ctx, 345 valid_buffer, valid_size, 346 valid_buffer, 347 NULL)); 348 349 /* mbedtls_cipher_finish() */ 350 TEST_INVALID_PARAM_RET( 351 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 352 mbedtls_cipher_finish(NULL, 353 valid_buffer, 354 &size_t_var)); 355 TEST_INVALID_PARAM_RET( 356 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 357 mbedtls_cipher_finish(&valid_ctx, 358 NULL, 359 &size_t_var)); 360 TEST_INVALID_PARAM_RET( 361 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 362 mbedtls_cipher_finish(&valid_ctx, 363 valid_buffer, 364 NULL)); 365 366#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 367 /* mbedtls_cipher_write_tag() */ 368 TEST_INVALID_PARAM_RET( 369 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 370 mbedtls_cipher_write_tag(NULL, 371 valid_buffer, 372 valid_size)); 373 TEST_INVALID_PARAM_RET( 374 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 375 mbedtls_cipher_write_tag(&valid_ctx, 376 NULL, 377 valid_size)); 378 379 /* mbedtls_cipher_check_tag() */ 380 TEST_INVALID_PARAM_RET( 381 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 382 mbedtls_cipher_check_tag(NULL, 383 valid_buffer, 384 valid_size)); 385 TEST_INVALID_PARAM_RET( 386 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 387 mbedtls_cipher_check_tag(&valid_ctx, 388 NULL, 389 valid_size)); 390#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 391 392 /* mbedtls_cipher_crypt() */ 393 TEST_INVALID_PARAM_RET( 394 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 395 mbedtls_cipher_crypt(NULL, 396 valid_buffer, valid_size, 397 valid_buffer, valid_size, 398 valid_buffer, &size_t_var)); 399 TEST_INVALID_PARAM_RET( 400 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 401 mbedtls_cipher_crypt(&valid_ctx, 402 NULL, valid_size, 403 valid_buffer, valid_size, 404 valid_buffer, &size_t_var)); 405 TEST_INVALID_PARAM_RET( 406 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 407 mbedtls_cipher_crypt(&valid_ctx, 408 valid_buffer, valid_size, 409 NULL, valid_size, 410 valid_buffer, &size_t_var)); 411 TEST_INVALID_PARAM_RET( 412 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 413 mbedtls_cipher_crypt(&valid_ctx, 414 valid_buffer, valid_size, 415 valid_buffer, valid_size, 416 NULL, &size_t_var)); 417 TEST_INVALID_PARAM_RET( 418 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 419 mbedtls_cipher_crypt(&valid_ctx, 420 valid_buffer, valid_size, 421 valid_buffer, valid_size, 422 valid_buffer, NULL)); 423 424#if defined(MBEDTLS_CIPHER_MODE_AEAD) 425 /* mbedtls_cipher_auth_encrypt() */ 426 TEST_INVALID_PARAM_RET( 427 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 428 mbedtls_cipher_auth_encrypt(NULL, 429 valid_buffer, valid_size, 430 valid_buffer, valid_size, 431 valid_buffer, valid_size, 432 valid_buffer, &size_t_var, 433 valid_buffer, valid_size)); 434 TEST_INVALID_PARAM_RET( 435 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 436 mbedtls_cipher_auth_encrypt(&valid_ctx, 437 NULL, valid_size, 438 valid_buffer, valid_size, 439 valid_buffer, valid_size, 440 valid_buffer, &size_t_var, 441 valid_buffer, valid_size)); 442 TEST_INVALID_PARAM_RET( 443 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 444 mbedtls_cipher_auth_encrypt(&valid_ctx, 445 valid_buffer, valid_size, 446 NULL, valid_size, 447 valid_buffer, valid_size, 448 valid_buffer, &size_t_var, 449 valid_buffer, valid_size)); 450 TEST_INVALID_PARAM_RET( 451 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 452 mbedtls_cipher_auth_encrypt(&valid_ctx, 453 valid_buffer, valid_size, 454 valid_buffer, valid_size, 455 NULL, valid_size, 456 valid_buffer, &size_t_var, 457 valid_buffer, valid_size)); 458 TEST_INVALID_PARAM_RET( 459 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 460 mbedtls_cipher_auth_encrypt(&valid_ctx, 461 valid_buffer, valid_size, 462 valid_buffer, valid_size, 463 valid_buffer, valid_size, 464 NULL, &size_t_var, 465 valid_buffer, valid_size)); 466 TEST_INVALID_PARAM_RET( 467 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 468 mbedtls_cipher_auth_encrypt(&valid_ctx, 469 valid_buffer, valid_size, 470 valid_buffer, valid_size, 471 valid_buffer, valid_size, 472 valid_buffer, NULL, 473 valid_buffer, valid_size)); 474 TEST_INVALID_PARAM_RET( 475 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 476 mbedtls_cipher_auth_encrypt(&valid_ctx, 477 valid_buffer, valid_size, 478 valid_buffer, valid_size, 479 valid_buffer, valid_size, 480 valid_buffer, &size_t_var, 481 NULL, valid_size)); 482 483 /* mbedtls_cipher_auth_decrypt() */ 484 TEST_INVALID_PARAM_RET( 485 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 486 mbedtls_cipher_auth_decrypt(NULL, 487 valid_buffer, valid_size, 488 valid_buffer, valid_size, 489 valid_buffer, valid_size, 490 valid_buffer, &size_t_var, 491 valid_buffer, valid_size)); 492 TEST_INVALID_PARAM_RET( 493 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 494 mbedtls_cipher_auth_decrypt(&valid_ctx, 495 NULL, valid_size, 496 valid_buffer, valid_size, 497 valid_buffer, valid_size, 498 valid_buffer, &size_t_var, 499 valid_buffer, valid_size)); 500 TEST_INVALID_PARAM_RET( 501 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 502 mbedtls_cipher_auth_decrypt(&valid_ctx, 503 valid_buffer, valid_size, 504 NULL, valid_size, 505 valid_buffer, valid_size, 506 valid_buffer, &size_t_var, 507 valid_buffer, valid_size)); 508 TEST_INVALID_PARAM_RET( 509 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 510 mbedtls_cipher_auth_decrypt(&valid_ctx, 511 valid_buffer, valid_size, 512 valid_buffer, valid_size, 513 NULL, valid_size, 514 valid_buffer, &size_t_var, 515 valid_buffer, valid_size)); 516 TEST_INVALID_PARAM_RET( 517 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 518 mbedtls_cipher_auth_decrypt(&valid_ctx, 519 valid_buffer, valid_size, 520 valid_buffer, valid_size, 521 valid_buffer, valid_size, 522 NULL, &size_t_var, 523 valid_buffer, valid_size)); 524 TEST_INVALID_PARAM_RET( 525 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 526 mbedtls_cipher_auth_decrypt(&valid_ctx, 527 valid_buffer, valid_size, 528 valid_buffer, valid_size, 529 valid_buffer, valid_size, 530 valid_buffer, NULL, 531 valid_buffer, valid_size)); 532 TEST_INVALID_PARAM_RET( 533 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 534 mbedtls_cipher_auth_decrypt(&valid_ctx, 535 valid_buffer, valid_size, 536 valid_buffer, valid_size, 537 valid_buffer, valid_size, 538 valid_buffer, &size_t_var, 539 NULL, valid_size)); 540#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */ 541 542#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 543 /* mbedtls_cipher_auth_encrypt_ext */ 544 TEST_INVALID_PARAM_RET( 545 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 546 mbedtls_cipher_auth_encrypt_ext(NULL, 547 valid_buffer, valid_size, 548 valid_buffer, valid_size, 549 valid_buffer, valid_size, 550 valid_buffer, valid_size, &size_t_var, 551 valid_size)); 552 TEST_INVALID_PARAM_RET( 553 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 554 mbedtls_cipher_auth_encrypt_ext(&valid_ctx, 555 NULL, valid_size, 556 valid_buffer, valid_size, 557 valid_buffer, valid_size, 558 valid_buffer, valid_size, &size_t_var, 559 valid_size)); 560 TEST_INVALID_PARAM_RET( 561 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 562 mbedtls_cipher_auth_encrypt_ext(&valid_ctx, 563 valid_buffer, valid_size, 564 NULL, valid_size, 565 valid_buffer, valid_size, 566 valid_buffer, valid_size, &size_t_var, 567 valid_size)); 568 TEST_INVALID_PARAM_RET( 569 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 570 mbedtls_cipher_auth_encrypt_ext(&valid_ctx, 571 valid_buffer, valid_size, 572 valid_buffer, valid_size, 573 NULL, valid_size, 574 valid_buffer, valid_size, &size_t_var, 575 valid_size)); 576 TEST_INVALID_PARAM_RET( 577 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 578 mbedtls_cipher_auth_encrypt_ext(&valid_ctx, 579 valid_buffer, valid_size, 580 valid_buffer, valid_size, 581 valid_buffer, valid_size, 582 NULL, valid_size, &size_t_var, 583 valid_size)); 584 TEST_INVALID_PARAM_RET( 585 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 586 mbedtls_cipher_auth_encrypt_ext(&valid_ctx, 587 valid_buffer, valid_size, 588 valid_buffer, valid_size, 589 valid_buffer, valid_size, 590 valid_buffer, valid_size, NULL, 591 valid_size)); 592 593 /* mbedtls_cipher_auth_decrypt_ext */ 594 TEST_INVALID_PARAM_RET( 595 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 596 mbedtls_cipher_auth_decrypt_ext(NULL, 597 valid_buffer, valid_size, 598 valid_buffer, valid_size, 599 valid_buffer, valid_size, 600 valid_buffer, valid_size, &size_t_var, 601 valid_size)); 602 TEST_INVALID_PARAM_RET( 603 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 604 mbedtls_cipher_auth_decrypt_ext(&valid_ctx, 605 NULL, valid_size, 606 valid_buffer, valid_size, 607 valid_buffer, valid_size, 608 valid_buffer, valid_size, &size_t_var, 609 valid_size)); 610 TEST_INVALID_PARAM_RET( 611 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 612 mbedtls_cipher_auth_decrypt_ext(&valid_ctx, 613 valid_buffer, valid_size, 614 NULL, valid_size, 615 valid_buffer, valid_size, 616 valid_buffer, valid_size, &size_t_var, 617 valid_size)); 618 TEST_INVALID_PARAM_RET( 619 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 620 mbedtls_cipher_auth_decrypt_ext(&valid_ctx, 621 valid_buffer, valid_size, 622 valid_buffer, valid_size, 623 NULL, valid_size, 624 valid_buffer, valid_size, &size_t_var, 625 valid_size)); 626 TEST_INVALID_PARAM_RET( 627 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 628 mbedtls_cipher_auth_decrypt_ext(&valid_ctx, 629 valid_buffer, valid_size, 630 valid_buffer, valid_size, 631 valid_buffer, valid_size, 632 NULL, valid_size, &size_t_var, 633 valid_size)); 634 TEST_INVALID_PARAM_RET( 635 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 636 mbedtls_cipher_auth_decrypt_ext(&valid_ctx, 637 valid_buffer, valid_size, 638 valid_buffer, valid_size, 639 valid_buffer, valid_size, 640 valid_buffer, valid_size, NULL, 641 valid_size)); 642#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ 643 644 /* mbedtls_cipher_free() */ 645 TEST_VALID_PARAM(mbedtls_cipher_free(NULL)); 646exit: 647 TEST_VALID_PARAM(mbedtls_cipher_free(&valid_ctx)); 648} 649/* END_CASE */ 650 651/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 652void cipher_special_behaviours() 653{ 654 const mbedtls_cipher_info_t *cipher_info; 655 mbedtls_cipher_context_t ctx; 656 unsigned char input[32]; 657 unsigned char output[32]; 658#if defined(MBEDTLS_CIPHER_MODE_CBC) 659 unsigned char iv[32]; 660#endif 661 size_t olen = 0; 662 663 mbedtls_cipher_init(&ctx); 664 memset(input, 0, sizeof(input)); 665 memset(output, 0, sizeof(output)); 666#if defined(MBEDTLS_CIPHER_MODE_CBC) 667 memset(iv, 0, sizeof(iv)); 668 669 /* Check and get info structures */ 670 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 671 TEST_ASSERT(NULL != cipher_info); 672 673 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 674 675 /* IV too big */ 676 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 677 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 678 679 /* IV too small */ 680 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 681 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 682 683 mbedtls_cipher_free(&ctx); 684 mbedtls_cipher_init(&ctx); 685#endif /* MBEDTLS_CIPHER_MODE_CBC */ 686 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 687 TEST_ASSERT(NULL != cipher_info); 688 689 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 690 691 /* Update ECB with partial block */ 692 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 693 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 694 695exit: 696 mbedtls_cipher_free(&ctx); 697} 698/* END_CASE */ 699 700/* BEGIN_CASE */ 701void enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 702 int length_val, int pad_mode) 703{ 704 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 705 unsigned char key[64]; 706 unsigned char iv[16]; 707 unsigned char ad[13]; 708 unsigned char tag[16]; 709 unsigned char inbuf[64]; 710 unsigned char encbuf[64]; 711 unsigned char decbuf[64]; 712 713 const mbedtls_cipher_info_t *cipher_info; 714 mbedtls_cipher_context_t ctx_dec; 715 mbedtls_cipher_context_t ctx_enc; 716 717 /* 718 * Prepare contexts 719 */ 720 mbedtls_cipher_init(&ctx_dec); 721 mbedtls_cipher_init(&ctx_enc); 722 723 memset(key, 0x2a, sizeof(key)); 724 725 /* Check and get info structures */ 726 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 727 TEST_ASSERT(NULL != cipher_info); 728 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 729 730 /* Initialise enc and dec contexts */ 731 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 732 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 733 734 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 735 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 736 737#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 738 if (-1 != pad_mode) { 739 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 740 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 741 } 742#else 743 (void) pad_mode; 744#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 745 746 /* 747 * Do a few encode/decode cycles 748 */ 749 for (i = 0; i < 3; i++) { 750 memset(iv, 0x00 + i, sizeof(iv)); 751 memset(ad, 0x10 + i, sizeof(ad)); 752 memset(inbuf, 0x20 + i, sizeof(inbuf)); 753 754 memset(encbuf, 0, sizeof(encbuf)); 755 memset(decbuf, 0, sizeof(decbuf)); 756 memset(tag, 0, sizeof(tag)); 757 758 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 759 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 760 iv_len = 12; 761 } else { 762 iv_len = sizeof(iv); 763 } 764 765 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 766 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 767 768 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 769 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 770 771#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 772 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 773 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 774#endif 775 776 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 777 TEST_ASSERT(block_size != 0); 778 779 /* encode length number of bytes from inbuf */ 780 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 781 total_len = outlen; 782 783 TEST_ASSERT(total_len == length || 784 (total_len % block_size == 0 && 785 total_len < length && 786 total_len + block_size > length)); 787 788 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 789 total_len += outlen; 790 791#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 792 TEST_ASSERT(0 == mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 793#endif 794 795 TEST_ASSERT(total_len == length || 796 (total_len % block_size == 0 && 797 total_len > length && 798 total_len <= length + block_size)); 799 800 /* decode the previously encoded string */ 801 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 802 total_len = outlen; 803 804 TEST_ASSERT(total_len == length || 805 (total_len % block_size == 0 && 806 total_len < length && 807 total_len + block_size >= length)); 808 809 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 810 total_len += outlen; 811 812#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 813 TEST_ASSERT(0 == mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 814#endif 815 816 /* check result */ 817 TEST_ASSERT(total_len == length); 818 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 819 } 820 821 /* 822 * Done 823 */ 824exit: 825 mbedtls_cipher_free(&ctx_dec); 826 mbedtls_cipher_free(&ctx_enc); 827} 828/* END_CASE */ 829 830/* BEGIN_CASE */ 831void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 832 int ret) 833{ 834 size_t length = length_val; 835 unsigned char key[32]; 836 unsigned char iv[16]; 837 838 const mbedtls_cipher_info_t *cipher_info; 839 mbedtls_cipher_context_t ctx; 840 841 unsigned char inbuf[64]; 842 unsigned char encbuf[64]; 843 844 size_t outlen = 0; 845 846 memset(key, 0, 32); 847 memset(iv, 0, 16); 848 849 mbedtls_cipher_init(&ctx); 850 851 memset(inbuf, 5, 64); 852 memset(encbuf, 0, 64); 853 854 /* Check and get info structures */ 855 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 856 TEST_ASSERT(NULL != cipher_info); 857 858 /* Initialise context */ 859 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 860 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 861#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 862 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 863#else 864 (void) pad_mode; 865#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 866 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 867 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 868#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 869 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx, NULL, 0)); 870#endif 871 872 /* encode length number of bytes from inbuf */ 873 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 874 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 875 876 /* done */ 877exit: 878 mbedtls_cipher_free(&ctx); 879} 880/* END_CASE */ 881 882/* BEGIN_CASE */ 883void dec_empty_buf(int cipher, 884 int expected_update_ret, 885 int expected_finish_ret) 886{ 887 unsigned char key[32]; 888 unsigned char iv[16]; 889 size_t iv_len = sizeof(iv); 890 891 mbedtls_cipher_context_t ctx_dec; 892 const mbedtls_cipher_info_t *cipher_info; 893 894 unsigned char encbuf[64]; 895 unsigned char decbuf[64]; 896 897 size_t outlen = 0; 898 899 memset(key, 0, 32); 900 memset(iv, 0, 16); 901 902 mbedtls_cipher_init(&ctx_dec); 903 904 memset(encbuf, 0, 64); 905 memset(decbuf, 0, 64); 906 907 /* Initialise context */ 908 cipher_info = mbedtls_cipher_info_from_type(cipher); 909 TEST_ASSERT(NULL != cipher_info); 910 911 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 912 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 913 iv_len = 12; 914 } 915 916 TEST_ASSERT(sizeof(key) * 8 >= cipher_info->key_bitlen); 917 918 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 919 920 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 921 key, cipher_info->key_bitlen, 922 MBEDTLS_DECRYPT)); 923 924 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 925 926 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 927 928#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 929 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 930#endif 931 932 /* decode 0-byte string */ 933 TEST_ASSERT(expected_update_ret == 934 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 935 TEST_ASSERT(0 == outlen); 936 937 if (expected_finish_ret == 0 && 938 (cipher_info->mode == MBEDTLS_MODE_CBC || 939 cipher_info->mode == MBEDTLS_MODE_ECB)) { 940 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 941 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 942 * decrypting an empty buffer. 943 * On the other hand, CBC and ECB ciphers need a full block of input. 944 */ 945 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 946 } 947 948 TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 949 &ctx_dec, decbuf + outlen, &outlen)); 950 TEST_ASSERT(0 == outlen); 951 952exit: 953 mbedtls_cipher_free(&ctx_dec); 954} 955/* END_CASE */ 956 957/* BEGIN_CASE */ 958void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 959 int second_length_val, int pad_mode, 960 int first_encrypt_output_len, int second_encrypt_output_len, 961 int first_decrypt_output_len, int second_decrypt_output_len) 962{ 963 size_t first_length = first_length_val; 964 size_t second_length = second_length_val; 965 size_t length = first_length + second_length; 966 size_t block_size, iv_len; 967 unsigned char key[32]; 968 unsigned char iv[16]; 969 970 mbedtls_cipher_context_t ctx_dec; 971 mbedtls_cipher_context_t ctx_enc; 972 const mbedtls_cipher_info_t *cipher_info; 973 974 unsigned char inbuf[64]; 975 unsigned char encbuf[64]; 976 unsigned char decbuf[64]; 977 978 size_t outlen = 0; 979 size_t totaloutlen = 0; 980 981 memset(key, 0, 32); 982 memset(iv, 0, 16); 983 984 mbedtls_cipher_init(&ctx_dec); 985 mbedtls_cipher_init(&ctx_enc); 986 987 memset(inbuf, 5, 64); 988 memset(encbuf, 0, 64); 989 memset(decbuf, 0, 64); 990 991 /* Initialise enc and dec contexts */ 992 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 993 TEST_ASSERT(NULL != cipher_info); 994 995 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 996 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 997 998 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 999 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 1000 1001#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 1002 if (-1 != pad_mode) { 1003 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 1004 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 1005 } 1006#else 1007 (void) pad_mode; 1008#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1009 1010 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 1011 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 1012 iv_len = 12; 1013 } else { 1014 iv_len = sizeof(iv); 1015 } 1016 1017 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1018 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1019 1020 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 1021 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 1022 1023#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 1024 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 1025 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 1026#endif 1027 1028 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 1029 TEST_ASSERT(block_size != 0); 1030 1031 /* encode length number of bytes from inbuf */ 1032 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 1033 TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 1034 totaloutlen = outlen; 1035 TEST_ASSERT(0 == 1036 mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 1037 encbuf + totaloutlen, 1038 &outlen)); 1039 TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 1040 totaloutlen += outlen; 1041 TEST_ASSERT(totaloutlen == length || 1042 (totaloutlen % block_size == 0 && 1043 totaloutlen < length && 1044 totaloutlen + block_size > length)); 1045 1046 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 1047 totaloutlen += outlen; 1048 TEST_ASSERT(totaloutlen == length || 1049 (totaloutlen % block_size == 0 && 1050 totaloutlen > length && 1051 totaloutlen <= length + block_size)); 1052 1053 /* decode the previously encoded string */ 1054 second_length = totaloutlen - first_length; 1055 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 1056 TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 1057 totaloutlen = outlen; 1058 TEST_ASSERT(0 == 1059 mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 1060 decbuf + totaloutlen, 1061 &outlen)); 1062 TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 1063 totaloutlen += outlen; 1064 1065 TEST_ASSERT(totaloutlen == length || 1066 (totaloutlen % block_size == 0 && 1067 totaloutlen < length && 1068 totaloutlen + block_size >= length)); 1069 1070 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 1071 totaloutlen += outlen; 1072 1073 TEST_ASSERT(totaloutlen == length); 1074 1075 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 1076 1077exit: 1078 mbedtls_cipher_free(&ctx_dec); 1079 mbedtls_cipher_free(&ctx_enc); 1080} 1081/* END_CASE */ 1082 1083/* BEGIN_CASE */ 1084void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 1085 data_t *iv, data_t *cipher, 1086 data_t *clear, data_t *ad, data_t *tag, 1087 int finish_result, int tag_result) 1088{ 1089 unsigned char output[265]; 1090 mbedtls_cipher_context_t ctx; 1091 size_t outlen, total_len; 1092 1093 mbedtls_cipher_init(&ctx); 1094 1095 memset(output, 0x00, sizeof(output)); 1096 1097#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 1098 ((void) ad); 1099 ((void) tag); 1100#endif 1101 1102 /* Prepare context */ 1103 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1104 mbedtls_cipher_info_from_type(cipher_id))); 1105 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 1106#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 1107 if (pad_mode != -1) { 1108 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1109 } 1110#else 1111 (void) pad_mode; 1112#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1113 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 1114 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 1115#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 1116 TEST_ASSERT(0 == mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 1117#endif 1118 1119 /* decode buffer and check tag->x */ 1120 total_len = 0; 1121 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 1122 total_len += outlen; 1123 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1124 &outlen)); 1125 total_len += outlen; 1126#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 1127 TEST_ASSERT(tag_result == mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 1128#endif 1129 1130 /* check plaintext only if everything went fine */ 1131 if (0 == finish_result && 0 == tag_result) { 1132 TEST_ASSERT(total_len == clear->len); 1133 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 1134 } 1135 1136exit: 1137 mbedtls_cipher_free(&ctx); 1138} 1139/* END_CASE */ 1140 1141/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ 1142void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 1143 data_t *ad, data_t *cipher, data_t *tag, 1144 char *result, data_t *clear, int use_psa) 1145{ 1146 /* 1147 * Take an AEAD ciphertext + tag and perform a pair 1148 * of AEAD decryption and AEAD encryption. Check that 1149 * this results in the expected plaintext, and that 1150 * decryption and encryption are inverse to one another. 1151 * 1152 * Do that twice: 1153 * - once with legacy functions auth_decrypt/auth_encrypt 1154 * - once with new functions auth_decrypt_ext/auth_encrypt_ext 1155 * This allows testing both without duplicating test cases. 1156 */ 1157 1158 int ret; 1159 int using_nist_kw, using_nist_kw_padding; 1160 1161 mbedtls_cipher_context_t ctx; 1162 size_t outlen; 1163 1164 unsigned char *cipher_plus_tag = NULL; 1165 size_t cipher_plus_tag_len; 1166 unsigned char *decrypt_buf = NULL; 1167 size_t decrypt_buf_len = 0; 1168 unsigned char *encrypt_buf = NULL; 1169 size_t encrypt_buf_len = 0; 1170 1171#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ 1172 !defined(MBEDTLS_DEPRECATED_REMOVED) 1173 unsigned char *tmp_tag = NULL; 1174 unsigned char *tmp_cipher = NULL; 1175 unsigned char *tag_buf = NULL; 1176#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ 1177 1178 /* Null pointers are documented as valid for inputs of length 0. 1179 * The test framework passes non-null pointers, so set them to NULL. 1180 * key, cipher and tag can't be empty. */ 1181 if (iv->len == 0) { 1182 iv->x = NULL; 1183 } 1184 if (ad->len == 0) { 1185 ad->x = NULL; 1186 } 1187 if (clear->len == 0) { 1188 clear->x = NULL; 1189 } 1190 1191 mbedtls_cipher_init(&ctx); 1192 1193 /* Initialize PSA Crypto */ 1194#if defined(MBEDTLS_USE_PSA_CRYPTO) 1195 if (use_psa == 1) { 1196 PSA_ASSERT(psa_crypto_init()); 1197 } 1198#else 1199 (void) use_psa; 1200#endif 1201 1202 /* 1203 * Are we using NIST_KW? with padding? 1204 */ 1205 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 1206 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 1207 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 1208 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 1209 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 1210 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 1211 using_nist_kw_padding; 1212 1213 /**************************************************************** 1214 * * 1215 * Part 1: non-deprecated API * 1216 * * 1217 ****************************************************************/ 1218 1219 /* 1220 * Prepare context for decryption 1221 */ 1222 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 1223 MBEDTLS_DECRYPT)) { 1224 goto exit; 1225 } 1226 1227 /* 1228 * prepare buffer for decryption 1229 * (we need the tag appended to the ciphertext) 1230 */ 1231 cipher_plus_tag_len = cipher->len + tag->len; 1232 TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); 1233 memcpy(cipher_plus_tag, cipher->x, cipher->len); 1234 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 1235 1236 /* 1237 * Compute length of output buffer according to the documentation 1238 */ 1239 if (using_nist_kw) { 1240 decrypt_buf_len = cipher_plus_tag_len - 8; 1241 } else { 1242 decrypt_buf_len = cipher_plus_tag_len - tag->len; 1243 } 1244 1245 1246 /* 1247 * Try decrypting to a buffer that's 1B too small 1248 */ 1249 if (decrypt_buf_len != 0) { 1250 TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); 1251 1252 outlen = 0; 1253 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 1254 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 1255 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 1256 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 1257 1258 mbedtls_free(decrypt_buf); 1259 decrypt_buf = NULL; 1260 } 1261 1262 /* 1263 * Authenticate and decrypt, and check result 1264 */ 1265 TEST_CALLOC(decrypt_buf, decrypt_buf_len); 1266 1267 outlen = 0; 1268 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 1269 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 1270 decrypt_buf, decrypt_buf_len, &outlen, tag->len); 1271 1272 if (strcmp(result, "FAIL") == 0) { 1273 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 1274 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 1275 } else { 1276 TEST_ASSERT(ret == 0); 1277 TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 1278 } 1279 1280 /* Free this, but keep cipher_plus_tag for deprecated function with PSA */ 1281 mbedtls_free(decrypt_buf); 1282 decrypt_buf = NULL; 1283 1284 /* 1285 * Encrypt back if test data was authentic 1286 */ 1287 if (strcmp(result, "FAIL") != 0) { 1288 /* prepare context for encryption */ 1289 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 1290 MBEDTLS_ENCRYPT)) { 1291 goto exit; 1292 } 1293 1294 /* 1295 * Compute size of output buffer according to documentation 1296 */ 1297 if (using_nist_kw) { 1298 encrypt_buf_len = clear->len + 8; 1299 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 1300 encrypt_buf_len += 8 - encrypt_buf_len % 8; 1301 } 1302 } else { 1303 encrypt_buf_len = clear->len + tag->len; 1304 } 1305 1306 /* 1307 * Try encrypting with an output buffer that's 1B too small 1308 */ 1309 TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); 1310 1311 outlen = 0; 1312 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1313 ad->x, ad->len, clear->x, clear->len, 1314 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 1315 TEST_ASSERT(ret != 0); 1316 1317 mbedtls_free(encrypt_buf); 1318 encrypt_buf = NULL; 1319 1320 /* 1321 * Encrypt and check the result 1322 */ 1323 TEST_CALLOC(encrypt_buf, encrypt_buf_len); 1324 1325 outlen = 0; 1326 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1327 ad->x, ad->len, clear->x, clear->len, 1328 encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1329 TEST_ASSERT(ret == 0); 1330 1331 TEST_ASSERT(outlen == cipher->len + tag->len); 1332 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1333 TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1334 tag->x, tag->len) == 0); 1335 1336 mbedtls_free(encrypt_buf); 1337 encrypt_buf = NULL; 1338 } 1339 1340 /**************************************************************** 1341 * * 1342 * Part 2: deprecated API * 1343 * * 1344 ****************************************************************/ 1345 1346#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ 1347 !defined(MBEDTLS_DEPRECATED_REMOVED) 1348 1349 /* 1350 * Prepare context for decryption 1351 */ 1352 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 1353 MBEDTLS_DECRYPT)) { 1354 goto exit; 1355 } 1356 1357 /* 1358 * Prepare pointers for decryption 1359 */ 1360#if defined(MBEDTLS_USE_PSA_CRYPTO) 1361 if (use_psa == 1) { 1362 /* PSA requires that the tag immediately follows the ciphertext. 1363 * Fortunately, we already have that from testing the new API. */ 1364 tmp_cipher = cipher_plus_tag; 1365 tmp_tag = tmp_cipher + cipher->len; 1366 } else 1367#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1368 { 1369 tmp_cipher = cipher->x; 1370 tmp_tag = tag->x; 1371 } 1372 1373 /* 1374 * Authenticate and decrypt, and check result 1375 */ 1376 1377 TEST_CALLOC(decrypt_buf, cipher->len); 1378 outlen = 0; 1379 ret = mbedtls_cipher_auth_decrypt(&ctx, iv->x, iv->len, ad->x, ad->len, 1380 tmp_cipher, cipher->len, decrypt_buf, &outlen, 1381 tmp_tag, tag->len); 1382 1383 if (using_nist_kw) { 1384 /* NIST_KW with legacy API */ 1385 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 1386 } else if (strcmp(result, "FAIL") == 0) { 1387 /* unauthentic message */ 1388 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 1389 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, cipher->len)); 1390 } else { 1391 /* authentic message: is the plaintext correct? */ 1392 TEST_ASSERT(ret == 0); 1393 TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 1394 } 1395 1396 mbedtls_free(decrypt_buf); 1397 decrypt_buf = NULL; 1398 mbedtls_free(cipher_plus_tag); 1399 cipher_plus_tag = NULL; 1400 1401 /* 1402 * Encrypt back if test data was authentic 1403 */ 1404 if (strcmp(result, "FAIL") != 0) { 1405 /* prepare context for encryption */ 1406 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 1407 MBEDTLS_ENCRYPT)) { 1408 goto exit; 1409 } 1410 1411 /* prepare buffers for encryption */ 1412#if defined(MBEDTLS_USE_PSA_CRYPTO) 1413 if (use_psa) { 1414 TEST_CALLOC(cipher_plus_tag, cipher->len + tag->len); 1415 tmp_cipher = cipher_plus_tag; 1416 tmp_tag = cipher_plus_tag + cipher->len; 1417 } else 1418#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1419 { 1420 TEST_CALLOC(encrypt_buf, cipher->len); 1421 TEST_CALLOC(tag_buf, tag->len); 1422 tmp_cipher = encrypt_buf; 1423 tmp_tag = tag_buf; 1424 } 1425 1426 /* 1427 * Encrypt and check the result 1428 */ 1429 outlen = 0; 1430 ret = mbedtls_cipher_auth_encrypt(&ctx, iv->x, iv->len, ad->x, ad->len, 1431 clear->x, clear->len, tmp_cipher, &outlen, 1432 tmp_tag, tag->len); 1433 1434 if (using_nist_kw) { 1435 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 1436 } else { 1437 TEST_ASSERT(ret == 0); 1438 1439 TEST_ASSERT(outlen == cipher->len); 1440 if (cipher->len != 0) { 1441 TEST_ASSERT(memcmp(tmp_cipher, cipher->x, cipher->len) == 0); 1442 } 1443 TEST_ASSERT(memcmp(tmp_tag, tag->x, tag->len) == 0); 1444 } 1445 } 1446 1447#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ 1448 1449exit: 1450 1451 mbedtls_cipher_free(&ctx); 1452 mbedtls_free(decrypt_buf); 1453 mbedtls_free(encrypt_buf); 1454 mbedtls_free(cipher_plus_tag); 1455#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ 1456 !defined(MBEDTLS_DEPRECATED_REMOVED) 1457 mbedtls_free(tag_buf); 1458#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ 1459 1460#if defined(MBEDTLS_USE_PSA_CRYPTO) 1461 if (use_psa == 1) { 1462 PSA_DONE(); 1463 } 1464#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1465} 1466/* END_CASE */ 1467 1468/* BEGIN_CASE */ 1469void test_vec_ecb(int cipher_id, int operation, data_t *key, 1470 data_t *input, data_t *result, int finish_result 1471 ) 1472{ 1473 mbedtls_cipher_context_t ctx; 1474 unsigned char output[32]; 1475 size_t outlen; 1476 1477 mbedtls_cipher_init(&ctx); 1478 1479 memset(output, 0x00, sizeof(output)); 1480 1481 /* Prepare context */ 1482 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1483 mbedtls_cipher_info_from_type(cipher_id))); 1484 1485 1486 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1487 1488 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1489 mbedtls_cipher_get_block_size(&ctx), 1490 output, &outlen)); 1491 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1492 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1493 &outlen)); 1494 TEST_ASSERT(0 == outlen); 1495 1496 /* check plaintext only if everything went fine */ 1497 if (0 == finish_result) { 1498 TEST_ASSERT(0 == memcmp(output, result->x, 1499 mbedtls_cipher_get_block_size(&ctx))); 1500 } 1501 1502exit: 1503 mbedtls_cipher_free(&ctx); 1504} 1505/* END_CASE */ 1506 1507/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1508void test_vec_crypt(int cipher_id, int operation, data_t *key, 1509 data_t *iv, data_t *input, data_t *result, 1510 int finish_result, int use_psa) 1511{ 1512 mbedtls_cipher_context_t ctx; 1513 unsigned char output[32]; 1514 size_t outlen; 1515 1516 mbedtls_cipher_init(&ctx); 1517 1518 memset(output, 0x00, sizeof(output)); 1519 1520 /* Prepare context */ 1521#if !defined(MBEDTLS_USE_PSA_CRYPTO) 1522 (void) use_psa; 1523#else 1524 if (use_psa == 1) { 1525 PSA_ASSERT(psa_crypto_init()); 1526 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1527 mbedtls_cipher_info_from_type(cipher_id), 0)); 1528 } else 1529#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1530 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1531 mbedtls_cipher_info_from_type(cipher_id))); 1532 1533 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1534 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1535 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1536 } 1537 1538 TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1539 iv->len, input->x, input->len, 1540 output, &outlen)); 1541 TEST_ASSERT(result->len == outlen); 1542 /* check plaintext only if everything went fine */ 1543 if (0 == finish_result) { 1544 TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1545 } 1546 1547exit: 1548 mbedtls_cipher_free(&ctx); 1549#if defined(MBEDTLS_USE_PSA_CRYPTO) 1550 PSA_DONE(); 1551#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1552} 1553/* END_CASE */ 1554 1555/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1556void set_padding(int cipher_id, int pad_mode, int ret) 1557{ 1558 const mbedtls_cipher_info_t *cipher_info; 1559 mbedtls_cipher_context_t ctx; 1560 1561 mbedtls_cipher_init(&ctx); 1562 1563 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1564 TEST_ASSERT(NULL != cipher_info); 1565 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1566 1567 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1568 1569exit: 1570 mbedtls_cipher_free(&ctx); 1571} 1572/* END_CASE */ 1573 1574/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1575void check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1576 ) 1577{ 1578 mbedtls_cipher_info_t cipher_info; 1579 mbedtls_cipher_context_t ctx; 1580 size_t dlen; 1581 1582 /* build a fake context just for getting access to get_padding */ 1583 mbedtls_cipher_init(&ctx); 1584 cipher_info.mode = MBEDTLS_MODE_CBC; 1585 ctx.cipher_info = &cipher_info; 1586 1587 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1588 1589 1590 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1591 if (0 == ret) { 1592 TEST_ASSERT(dlen == (size_t) dlen_check); 1593 } 1594} 1595/* END_CASE */ 1596 1597/* BEGIN_CASE */ 1598void iv_len_validity(int cipher_id, char *cipher_string, 1599 int iv_len_val, int ret) 1600{ 1601 size_t iv_len = iv_len_val; 1602 unsigned char iv[16]; 1603 1604 /* Initialise iv buffer */ 1605 memset(iv, 0, sizeof(iv)); 1606 1607 const mbedtls_cipher_info_t *cipher_info; 1608 mbedtls_cipher_context_t ctx_dec; 1609 mbedtls_cipher_context_t ctx_enc; 1610 1611 /* 1612 * Prepare contexts 1613 */ 1614 mbedtls_cipher_init(&ctx_dec); 1615 mbedtls_cipher_init(&ctx_enc); 1616 1617 /* Check and get info structures */ 1618 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1619 TEST_ASSERT(NULL != cipher_info); 1620 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1621 1622 /* Initialise enc and dec contexts */ 1623 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1624 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1625 1626 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1627 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1628 1629exit: 1630 mbedtls_cipher_free(&ctx_dec); 1631 mbedtls_cipher_free(&ctx_enc); 1632} 1633/* END_CASE */ 1634