1 /*
2 * Test driver for cipher functions.
3 * Currently only supports multi-part operations using AES-CTR.
4 */
5 /* Copyright The Mbed TLS Contributors
6 * SPDX-License-Identifier: Apache-2.0
7 *
8 * Licensed under the Apache License, Version 2.0 (the "License"); you may
9 * not use this file except in compliance with the License.
10 * You may obtain a copy of the License at
11 *
12 * http://www.apache.org/licenses/LICENSE-2.0
13 *
14 * Unless required by applicable law or agreed to in writing, software
15 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
16 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
17 * See the License for the specific language governing permissions and
18 * limitations under the License.
19 */
20
21 #if !defined(MBEDTLS_CONFIG_FILE)
22 #include "mbedtls/config.h"
23 #else
24 #include MBEDTLS_CONFIG_FILE
25 #endif
26
27 #if defined(MBEDTLS_PSA_CRYPTO_DRIVERS) && defined(PSA_CRYPTO_DRIVER_TEST)
28 #include "psa/crypto.h"
29 #include "psa_crypto_core.h"
30 #include "mbedtls/cipher.h"
31
32 #include "test/drivers/cipher.h"
33
34 #include "test/random.h"
35
36 #include <string.h>
37
38 /* Test driver implements AES-CTR only. Its default behaviour (when its return
39 * status is not overridden through the hooks) is to take care of all AES-CTR
40 * operations, and return PSA_ERROR_NOT_SUPPORTED for all others.
41 * Set test_driver_cipher_hooks.forced_status to PSA_ERROR_NOT_SUPPORTED to use
42 * fallback even for AES-CTR. */
43 test_driver_cipher_hooks_t test_driver_cipher_hooks = TEST_DRIVER_CIPHER_INIT;
44
test_transparent_cipher_oneshot(mbedtls_operation_t direction,const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)45 static psa_status_t test_transparent_cipher_oneshot(
46 mbedtls_operation_t direction,
47 const psa_key_attributes_t *attributes,
48 const uint8_t *key, size_t key_length,
49 psa_algorithm_t alg,
50 const uint8_t *input, size_t input_length,
51 uint8_t *output, size_t output_size, size_t *output_length)
52 {
53 test_driver_cipher_hooks.hits++;
54
55 /* Test driver supports AES-CTR only, to verify operation calls. */
56 if( alg != PSA_ALG_CTR ||
57 psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
58 return( PSA_ERROR_NOT_SUPPORTED );
59
60 /* If test driver response code is not SUCCESS, we can return early */
61 if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
62 return( test_driver_cipher_hooks.forced_status );
63
64 /* If test driver output is overridden, we don't need to do actual crypto */
65 if( test_driver_cipher_hooks.forced_output != NULL )
66 {
67 if( output_size < test_driver_cipher_hooks.forced_output_length )
68 return( PSA_ERROR_BUFFER_TOO_SMALL );
69
70 memcpy( output,
71 test_driver_cipher_hooks.forced_output,
72 test_driver_cipher_hooks.forced_output_length );
73 *output_length = test_driver_cipher_hooks.forced_output_length;
74
75 return( test_driver_cipher_hooks.forced_status );
76 }
77
78 /* Run AES-CTR using the cipher module */
79 {
80 mbedtls_test_rnd_pseudo_info rnd_info;
81 memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
82
83 const mbedtls_cipher_info_t *cipher_info =
84 mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES,
85 key_length * 8,
86 MBEDTLS_MODE_CTR );
87 mbedtls_cipher_context_t cipher;
88 int ret = 0;
89 uint8_t temp_output_buffer[16] = {0};
90 size_t temp_output_length = 0;
91
92 if( direction == MBEDTLS_ENCRYPT )
93 {
94 /* Oneshot encrypt needs to prepend the IV to the output */
95 if( output_size < ( input_length + 16 ) )
96 return( PSA_ERROR_BUFFER_TOO_SMALL );
97 }
98 else
99 {
100 /* Oneshot decrypt has the IV prepended to the input */
101 if( output_size < ( input_length - 16 ) )
102 return( PSA_ERROR_BUFFER_TOO_SMALL );
103 }
104
105 if( cipher_info == NULL )
106 return( PSA_ERROR_NOT_SUPPORTED );
107
108 mbedtls_cipher_init( &cipher );
109 ret = mbedtls_cipher_setup( &cipher, cipher_info );
110 if( ret != 0 )
111 goto exit;
112
113 ret = mbedtls_cipher_setkey( &cipher,
114 key,
115 key_length * 8, direction );
116 if( ret != 0 )
117 goto exit;
118
119 if( direction == MBEDTLS_ENCRYPT )
120 {
121 mbedtls_test_rnd_pseudo_info rnd_info;
122 memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
123
124 ret = mbedtls_test_rnd_pseudo_rand( &rnd_info,
125 temp_output_buffer,
126 16 );
127 if( ret != 0 )
128 goto exit;
129
130 ret = mbedtls_cipher_set_iv( &cipher, temp_output_buffer, 16 );
131 }
132 else
133 ret = mbedtls_cipher_set_iv( &cipher, input, 16 );
134
135 if( ret != 0 )
136 goto exit;
137
138 if( direction == MBEDTLS_ENCRYPT )
139 {
140 ret = mbedtls_cipher_update( &cipher,
141 input, input_length,
142 &output[16], output_length );
143 if( ret == 0 )
144 {
145 memcpy( output, temp_output_buffer, 16 );
146 *output_length += 16;
147 }
148 }
149 else
150 ret = mbedtls_cipher_update( &cipher,
151 &input[16], input_length - 16,
152 output, output_length );
153
154 if( ret != 0 )
155 goto exit;
156
157 ret = mbedtls_cipher_finish( &cipher,
158 temp_output_buffer,
159 &temp_output_length );
160
161 exit:
162 if( ret != 0 )
163 {
164 *output_length = 0;
165 memset(output, 0, output_size);
166 }
167
168 mbedtls_cipher_free( &cipher );
169 return( mbedtls_to_psa_error( ret ) );
170 }
171 }
172
test_transparent_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)173 psa_status_t test_transparent_cipher_encrypt(
174 const psa_key_attributes_t *attributes,
175 const uint8_t *key, size_t key_length,
176 psa_algorithm_t alg,
177 const uint8_t *input, size_t input_length,
178 uint8_t *output, size_t output_size, size_t *output_length)
179 {
180 return (
181 test_transparent_cipher_oneshot(
182 MBEDTLS_ENCRYPT,
183 attributes,
184 key, key_length,
185 alg,
186 input, input_length,
187 output, output_size, output_length) );
188 }
189
test_transparent_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)190 psa_status_t test_transparent_cipher_decrypt(
191 const psa_key_attributes_t *attributes,
192 const uint8_t *key, size_t key_length,
193 psa_algorithm_t alg,
194 const uint8_t *input, size_t input_length,
195 uint8_t *output, size_t output_size, size_t *output_length)
196 {
197 return (
198 test_transparent_cipher_oneshot(
199 MBEDTLS_DECRYPT,
200 attributes,
201 key, key_length,
202 alg,
203 input, input_length,
204 output, output_size, output_length) );
205 }
206
test_transparent_cipher_setup(mbedtls_operation_t direction,test_transparent_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg)207 static psa_status_t test_transparent_cipher_setup(
208 mbedtls_operation_t direction,
209 test_transparent_cipher_operation_t *operation,
210 const psa_key_attributes_t *attributes,
211 const uint8_t *key, size_t key_length,
212 psa_algorithm_t alg)
213 {
214 const mbedtls_cipher_info_t *cipher_info = NULL;
215 int ret = 0;
216
217 test_driver_cipher_hooks.hits++;
218
219 if( operation->alg != 0 )
220 return( PSA_ERROR_BAD_STATE );
221
222 /* Wiping the entire struct here, instead of member-by-member. This is useful
223 * for the test suite, since it gives a chance of catching memory corruption
224 * errors should the core not have allocated (enough) memory for our context
225 * struct. */
226 memset( operation, 0, sizeof( *operation ) );
227
228 /* Allow overriding return value for testing purposes */
229 if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
230 return( test_driver_cipher_hooks.forced_status );
231
232 /* Test driver supports AES-CTR only, to verify operation calls. */
233 if( alg != PSA_ALG_CTR ||
234 psa_get_key_type( attributes ) != PSA_KEY_TYPE_AES )
235 return( PSA_ERROR_NOT_SUPPORTED );
236
237 operation->alg = alg;
238 operation->iv_size = 16;
239
240 cipher_info = mbedtls_cipher_info_from_values( MBEDTLS_CIPHER_ID_AES,
241 key_length * 8,
242 MBEDTLS_MODE_CTR );
243 if( cipher_info == NULL )
244 return( PSA_ERROR_NOT_SUPPORTED );
245
246 mbedtls_cipher_init( &operation->cipher );
247 ret = mbedtls_cipher_setup( &operation->cipher, cipher_info );
248 if( ret != 0 ) {
249 mbedtls_cipher_free( &operation->cipher );
250 return( mbedtls_to_psa_error( ret ) );
251 }
252
253 ret = mbedtls_cipher_setkey( &operation->cipher,
254 key,
255 key_length * 8, direction );
256 if( ret != 0 ) {
257 mbedtls_cipher_free( &operation->cipher );
258 return( mbedtls_to_psa_error( ret ) );
259 }
260
261 operation->iv_set = 0;
262 operation->iv_required = 1;
263 operation->key_set = 1;
264
265 return( test_driver_cipher_hooks.forced_status );
266 }
267
test_transparent_cipher_encrypt_setup(test_transparent_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg)268 psa_status_t test_transparent_cipher_encrypt_setup(
269 test_transparent_cipher_operation_t *operation,
270 const psa_key_attributes_t *attributes,
271 const uint8_t *key, size_t key_length,
272 psa_algorithm_t alg)
273 {
274 return ( test_transparent_cipher_setup( MBEDTLS_ENCRYPT,
275 operation,
276 attributes,
277 key,
278 key_length,
279 alg ) );
280 }
281
test_transparent_cipher_decrypt_setup(test_transparent_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg)282 psa_status_t test_transparent_cipher_decrypt_setup(
283 test_transparent_cipher_operation_t *operation,
284 const psa_key_attributes_t *attributes,
285 const uint8_t *key, size_t key_length,
286 psa_algorithm_t alg)
287 {
288 return ( test_transparent_cipher_setup( MBEDTLS_DECRYPT,
289 operation,
290 attributes,
291 key,
292 key_length,
293 alg ) );
294 }
295
test_transparent_cipher_abort(test_transparent_cipher_operation_t * operation)296 psa_status_t test_transparent_cipher_abort(
297 test_transparent_cipher_operation_t *operation)
298 {
299 test_driver_cipher_hooks.hits++;
300
301 if( operation->alg == 0 )
302 return( PSA_SUCCESS );
303 if( operation->alg != PSA_ALG_CTR )
304 return( PSA_ERROR_BAD_STATE );
305
306 mbedtls_cipher_free( &operation->cipher );
307
308 /* Wiping the entire struct here, instead of member-by-member. This is useful
309 * for the test suite, since it gives a chance of catching memory corruption
310 * errors should the core not have allocated (enough) memory for our context
311 * struct. */
312 memset( operation, 0, sizeof( *operation ) );
313
314 return( PSA_SUCCESS );
315 }
316
test_transparent_cipher_generate_iv(test_transparent_cipher_operation_t * operation,uint8_t * iv,size_t iv_size,size_t * iv_length)317 psa_status_t test_transparent_cipher_generate_iv(
318 test_transparent_cipher_operation_t *operation,
319 uint8_t *iv,
320 size_t iv_size,
321 size_t *iv_length)
322 {
323 psa_status_t status;
324 mbedtls_test_rnd_pseudo_info rnd_info;
325 memset( &rnd_info, 0x5A, sizeof( mbedtls_test_rnd_pseudo_info ) );
326
327 test_driver_cipher_hooks.hits++;
328
329 if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
330 return( test_driver_cipher_hooks.forced_status );
331
332 if( operation->alg != PSA_ALG_CTR )
333 return( PSA_ERROR_BAD_STATE );
334
335 if( operation->iv_set || ! operation->iv_required )
336 return( PSA_ERROR_BAD_STATE );
337
338 if( iv_size < operation->iv_size )
339 return( PSA_ERROR_BUFFER_TOO_SMALL );
340
341 status = mbedtls_to_psa_error(
342 mbedtls_test_rnd_pseudo_rand( &rnd_info,
343 iv,
344 operation->iv_size ) );
345 if( status != PSA_SUCCESS )
346 return( status );
347
348 *iv_length = operation->iv_size;
349 status = test_transparent_cipher_set_iv( operation, iv, *iv_length );
350
351 return( status );
352 }
353
test_transparent_cipher_set_iv(test_transparent_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)354 psa_status_t test_transparent_cipher_set_iv(
355 test_transparent_cipher_operation_t *operation,
356 const uint8_t *iv,
357 size_t iv_length)
358 {
359 psa_status_t status;
360
361 test_driver_cipher_hooks.hits++;
362
363 if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
364 return( test_driver_cipher_hooks.forced_status );
365
366 if( operation->alg != PSA_ALG_CTR )
367 return( PSA_ERROR_BAD_STATE );
368
369 if( operation->iv_set || ! operation->iv_required )
370 return( PSA_ERROR_BAD_STATE );
371
372 if( iv_length != operation->iv_size )
373 return( PSA_ERROR_INVALID_ARGUMENT );
374
375 status = mbedtls_to_psa_error(
376 mbedtls_cipher_set_iv( &operation->cipher, iv, iv_length ) );
377
378 if( status == PSA_SUCCESS )
379 operation->iv_set = 1;
380
381 return( status );
382 }
383
test_transparent_cipher_update(test_transparent_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)384 psa_status_t test_transparent_cipher_update(
385 test_transparent_cipher_operation_t *operation,
386 const uint8_t *input,
387 size_t input_length,
388 uint8_t *output,
389 size_t output_size,
390 size_t *output_length)
391 {
392 psa_status_t status;
393
394 test_driver_cipher_hooks.hits++;
395
396 if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
397 return( test_driver_cipher_hooks.forced_status );
398
399 if( operation->alg != PSA_ALG_CTR )
400 return( PSA_ERROR_BAD_STATE );
401
402 /* CTR is a stream cipher, so data in and out are always the same size */
403 if( output_size < input_length )
404 return( PSA_ERROR_BUFFER_TOO_SMALL );
405
406 status = mbedtls_to_psa_error(
407 mbedtls_cipher_update( &operation->cipher, input,
408 input_length, output, output_length ) );
409
410 if( status != PSA_SUCCESS )
411 return status;
412
413 if( test_driver_cipher_hooks.forced_output != NULL )
414 {
415 if( output_size < test_driver_cipher_hooks.forced_output_length )
416 return PSA_ERROR_BUFFER_TOO_SMALL;
417
418 memcpy( output,
419 test_driver_cipher_hooks.forced_output,
420 test_driver_cipher_hooks.forced_output_length );
421 *output_length = test_driver_cipher_hooks.forced_output_length;
422 }
423
424 return( test_driver_cipher_hooks.forced_status );
425 }
426
test_transparent_cipher_finish(test_transparent_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)427 psa_status_t test_transparent_cipher_finish(
428 test_transparent_cipher_operation_t *operation,
429 uint8_t *output,
430 size_t output_size,
431 size_t *output_length)
432 {
433 psa_status_t status = PSA_ERROR_GENERIC_ERROR;
434 uint8_t temp_output_buffer[MBEDTLS_MAX_BLOCK_LENGTH];
435
436 test_driver_cipher_hooks.hits++;
437
438 if( test_driver_cipher_hooks.forced_status != PSA_SUCCESS )
439 return( test_driver_cipher_hooks.forced_status );
440
441 if( operation->alg != PSA_ALG_CTR )
442 return( PSA_ERROR_BAD_STATE );
443
444 if( ! operation->key_set )
445 return( PSA_ERROR_BAD_STATE );
446
447 if( operation->iv_required && ! operation->iv_set )
448 return( PSA_ERROR_BAD_STATE );
449
450 status = mbedtls_to_psa_error(
451 mbedtls_cipher_finish( &operation->cipher,
452 temp_output_buffer,
453 output_length ) );
454
455 mbedtls_cipher_free( &operation->cipher );
456
457 if( status != PSA_SUCCESS )
458 return( status );
459
460 if( *output_length == 0 )
461 ; /* Nothing to copy. Note that output may be NULL in this case. */
462 else if( output_size >= *output_length )
463 memcpy( output, temp_output_buffer, *output_length );
464 else
465 return( PSA_ERROR_BUFFER_TOO_SMALL );
466
467
468 if( test_driver_cipher_hooks.forced_output != NULL )
469 {
470 if( output_size < test_driver_cipher_hooks.forced_output_length )
471 return PSA_ERROR_BUFFER_TOO_SMALL;
472
473 memcpy( output,
474 test_driver_cipher_hooks.forced_output,
475 test_driver_cipher_hooks.forced_output_length );
476 *output_length = test_driver_cipher_hooks.forced_output_length;
477 }
478
479 return( test_driver_cipher_hooks.forced_status );
480 }
481
482 /*
483 * opaque versions, to do
484 */
test_opaque_cipher_encrypt(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)485 psa_status_t test_opaque_cipher_encrypt(
486 const psa_key_attributes_t *attributes,
487 const uint8_t *key, size_t key_length,
488 psa_algorithm_t alg,
489 const uint8_t *input, size_t input_length,
490 uint8_t *output, size_t output_size, size_t *output_length)
491 {
492 (void) attributes;
493 (void) key;
494 (void) key_length;
495 (void) alg;
496 (void) input;
497 (void) input_length;
498 (void) output;
499 (void) output_size;
500 (void) output_length;
501 return( PSA_ERROR_NOT_SUPPORTED );
502 }
503
test_opaque_cipher_decrypt(const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)504 psa_status_t test_opaque_cipher_decrypt(
505 const psa_key_attributes_t *attributes,
506 const uint8_t *key, size_t key_length,
507 psa_algorithm_t alg,
508 const uint8_t *input, size_t input_length,
509 uint8_t *output, size_t output_size, size_t *output_length)
510 {
511 (void) attributes;
512 (void) key;
513 (void) key_length;
514 (void) alg;
515 (void) input;
516 (void) input_length;
517 (void) output;
518 (void) output_size;
519 (void) output_length;
520 return( PSA_ERROR_NOT_SUPPORTED );
521 }
522
test_opaque_cipher_encrypt_setup(test_opaque_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg)523 psa_status_t test_opaque_cipher_encrypt_setup(
524 test_opaque_cipher_operation_t *operation,
525 const psa_key_attributes_t *attributes,
526 const uint8_t *key, size_t key_length,
527 psa_algorithm_t alg)
528 {
529 (void) operation;
530 (void) attributes;
531 (void) key;
532 (void) key_length;
533 (void) alg;
534 return( PSA_ERROR_NOT_SUPPORTED );
535 }
536
test_opaque_cipher_decrypt_setup(test_opaque_cipher_operation_t * operation,const psa_key_attributes_t * attributes,const uint8_t * key,size_t key_length,psa_algorithm_t alg)537 psa_status_t test_opaque_cipher_decrypt_setup(
538 test_opaque_cipher_operation_t *operation,
539 const psa_key_attributes_t *attributes,
540 const uint8_t *key, size_t key_length,
541 psa_algorithm_t alg)
542 {
543 (void) operation;
544 (void) attributes;
545 (void) key;
546 (void) key_length;
547 (void) alg;
548 return( PSA_ERROR_NOT_SUPPORTED );
549 }
550
test_opaque_cipher_abort(test_opaque_cipher_operation_t * operation)551 psa_status_t test_opaque_cipher_abort(
552 test_opaque_cipher_operation_t *operation)
553 {
554 (void) operation;
555 return( PSA_ERROR_NOT_SUPPORTED );
556 }
557
test_opaque_cipher_generate_iv(test_opaque_cipher_operation_t * operation,uint8_t * iv,size_t iv_size,size_t * iv_length)558 psa_status_t test_opaque_cipher_generate_iv(
559 test_opaque_cipher_operation_t *operation,
560 uint8_t *iv,
561 size_t iv_size,
562 size_t *iv_length)
563 {
564 (void) operation;
565 (void) iv;
566 (void) iv_size;
567 (void) iv_length;
568 return( PSA_ERROR_NOT_SUPPORTED );
569 }
570
test_opaque_cipher_set_iv(test_opaque_cipher_operation_t * operation,const uint8_t * iv,size_t iv_length)571 psa_status_t test_opaque_cipher_set_iv(
572 test_opaque_cipher_operation_t *operation,
573 const uint8_t *iv,
574 size_t iv_length)
575 {
576 (void) operation;
577 (void) iv;
578 (void) iv_length;
579 return( PSA_ERROR_NOT_SUPPORTED );
580 }
581
test_opaque_cipher_update(test_opaque_cipher_operation_t * operation,const uint8_t * input,size_t input_length,uint8_t * output,size_t output_size,size_t * output_length)582 psa_status_t test_opaque_cipher_update(
583 test_opaque_cipher_operation_t *operation,
584 const uint8_t *input,
585 size_t input_length,
586 uint8_t *output,
587 size_t output_size,
588 size_t *output_length)
589 {
590 (void) operation;
591 (void) input;
592 (void) input_length;
593 (void) output;
594 (void) output_size;
595 (void) output_length;
596 return( PSA_ERROR_NOT_SUPPORTED );
597 }
598
test_opaque_cipher_finish(test_opaque_cipher_operation_t * operation,uint8_t * output,size_t output_size,size_t * output_length)599 psa_status_t test_opaque_cipher_finish(
600 test_opaque_cipher_operation_t *operation,
601 uint8_t *output,
602 size_t output_size,
603 size_t *output_length)
604 {
605 (void) operation;
606 (void) output;
607 (void) output_size;
608 (void) output_length;
609 return( PSA_ERROR_NOT_SUPPORTED );
610 }
611 #endif /* MBEDTLS_PSA_CRYPTO_DRIVERS && PSA_CRYPTO_DRIVER_TEST */
612
