| /* BEGIN_HEADER */ |
| #include "mbedtls/chachapoly.h" |
| /* END_HEADER */ |
| |
| /* BEGIN_DEPENDENCIES |
| * depends_on:MBEDTLS_CHACHAPOLY_C |
| * END_DEPENDENCIES |
| */ |
| |
| /* BEGIN_CASE */ |
| void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str ) |
| { |
| unsigned char output[265]; |
| unsigned char mac[16]; /* size set by the standard */ |
| mbedtls_chachapoly_context ctx; |
| |
| TEST_ASSERT( key_str->len == 32 ); |
| TEST_ASSERT( nonce_str->len == 12 ); |
| TEST_ASSERT( mac_str->len == 16 ); |
| |
| mbedtls_chachapoly_init( &ctx ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| input_str->len, nonce_str->x, |
| aad_str->x, aad_str->len, |
| input_str->x, output, mac ) == 0 ); |
| |
| TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); |
| TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 ); |
| |
| exit: |
| mbedtls_chachapoly_free( &ctx ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp ) |
| { |
| unsigned char output[265]; |
| int ret; |
| mbedtls_chachapoly_context ctx; |
| |
| TEST_ASSERT( key_str->len == 32 ); |
| TEST_ASSERT( nonce_str->len == 12 ); |
| TEST_ASSERT( mac_str->len == 16 ); |
| |
| mbedtls_chachapoly_init( &ctx ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 ); |
| |
| ret = mbedtls_chachapoly_auth_decrypt( &ctx, |
| input_str->len, nonce_str->x, |
| aad_str->x, aad_str->len, |
| mac_str->x, input_str->x, output ); |
| |
| TEST_ASSERT( ret == ret_exp ); |
| if( ret_exp == 0 ) |
| { |
| TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 ); |
| } |
| |
| exit: |
| mbedtls_chachapoly_free( &ctx ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ |
| void chachapoly_bad_params() |
| { |
| unsigned char key[32]; |
| unsigned char nonce[12]; |
| unsigned char aad[1]; |
| unsigned char input[1]; |
| unsigned char output[1]; |
| unsigned char mac[16]; |
| size_t input_len = sizeof( input ); |
| size_t aad_len = sizeof( aad ); |
| mbedtls_chachapoly_context ctx; |
| |
| memset( key, 0x00, sizeof( key ) ); |
| memset( nonce, 0x00, sizeof( nonce ) ); |
| memset( aad, 0x00, sizeof( aad ) ); |
| memset( input, 0x00, sizeof( input ) ); |
| memset( output, 0x00, sizeof( output ) ); |
| memset( mac, 0x00, sizeof( mac ) ); |
| |
| TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) ); |
| TEST_VALID_PARAM( mbedtls_chachapoly_free( NULL ) ); |
| |
| /* setkey */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_setkey( NULL, key ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_setkey( &ctx, NULL ) ); |
| |
| /* encrypt_and_tag */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( NULL, |
| 0, nonce, |
| aad, 0, |
| input, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| 0, NULL, |
| aad, 0, |
| input, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| 0, nonce, |
| NULL, aad_len, |
| input, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| input_len, nonce, |
| aad, 0, |
| NULL, output, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| input_len, nonce, |
| aad, 0, |
| input, NULL, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_encrypt_and_tag( &ctx, |
| 0, nonce, |
| aad, 0, |
| input, output, NULL ) ); |
| |
| /* auth_decrypt */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( NULL, |
| 0, nonce, |
| aad, 0, |
| mac, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| 0, NULL, |
| aad, 0, |
| mac, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| 0, nonce, |
| NULL, aad_len, |
| mac, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| 0, nonce, |
| aad, 0, |
| NULL, input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| input_len, nonce, |
| aad, 0, |
| mac, NULL, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_auth_decrypt( &ctx, |
| input_len, nonce, |
| aad, 0, |
| mac, input, NULL ) ); |
| |
| /* starts */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_starts( NULL, nonce, |
| MBEDTLS_CHACHAPOLY_ENCRYPT ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_starts( &ctx, NULL, |
| MBEDTLS_CHACHAPOLY_ENCRYPT ) ); |
| |
| /* update_aad */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update_aad( NULL, aad, |
| aad_len ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update_aad( &ctx, NULL, |
| aad_len ) ); |
| |
| /* update */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update( NULL, input_len, |
| input, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update( &ctx, input_len, |
| NULL, output ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_update( &ctx, input_len, |
| input, NULL ) ); |
| |
| /* finish */ |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_finish( NULL, mac ) ); |
| TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, |
| mbedtls_chachapoly_finish( &ctx, NULL ) ); |
| |
| exit: |
| return; |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE */ |
| void chachapoly_state() |
| { |
| unsigned char key[32]; |
| unsigned char nonce[12]; |
| unsigned char aad[1]; |
| unsigned char input[1]; |
| unsigned char output[1]; |
| unsigned char mac[16]; |
| size_t input_len = sizeof( input ); |
| size_t aad_len = sizeof( aad ); |
| mbedtls_chachapoly_context ctx; |
| |
| memset( key, 0x00, sizeof( key ) ); |
| memset( nonce, 0x00, sizeof( nonce ) ); |
| memset( aad, 0x00, sizeof( aad ) ); |
| memset( input, 0x00, sizeof( input ) ); |
| memset( output, 0x00, sizeof( output ) ); |
| memset( mac, 0x00, sizeof( mac ) ); |
| |
| /* Initial state: finish, update, update_aad forbidden */ |
| mbedtls_chachapoly_init( &ctx ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Still initial state: finish, update, update_aad forbidden */ |
| TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key ) |
| == 0 ); |
| |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Starts -> finish OK */ |
| TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == 0 ); |
| |
| /* After finish: update, update_aad forbidden */ |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Starts -> update* OK */ |
| TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) |
| == 0 ); |
| |
| /* After update: update_aad forbidden */ |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); |
| |
| /* Starts -> update_aad* -> finish OK */ |
| TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) |
| == 0 ); |
| TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) |
| == 0 ); |
| |
| exit: |
| mbedtls_chachapoly_free( &ctx ); |
| } |
| /* END_CASE */ |
| |
| /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ |
| void chachapoly_selftest() |
| { |
| TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 ); |
| } |
| /* END_CASE */ |