1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3#include "mbedtls/aes.h" 4 5#if defined(MBEDTLS_GCM_C) 6#include "mbedtls/gcm.h" 7#endif 8 9#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C) 10#define MBEDTLS_CIPHER_AUTH_CRYPT 11#endif 12 13/* Check the internal consistency of a cipher info structure, and 14 * check it against mbedtls_cipher_info_from_xxx(). */ 15static int check_cipher_info(mbedtls_cipher_type_t type, 16 const mbedtls_cipher_info_t *info) 17{ 18 size_t key_bitlen, block_size, iv_size; 19 20 TEST_ASSERT(info != NULL); 21 TEST_EQUAL(type, mbedtls_cipher_info_get_type(info)); 22 TEST_EQUAL(type, info->type); 23 TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info); 24 25 TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info)); 26 27 /* Insist that get_name() return the string from the structure and 28 * not a copy. A copy would have an unknown storage duration. */ 29 TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name); 30 TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info); 31 32 key_bitlen = mbedtls_cipher_info_get_key_bitlen(info); 33 block_size = mbedtls_cipher_info_get_block_size(info); 34 iv_size = mbedtls_cipher_info_get_iv_size(info); 35 if (info->type == MBEDTLS_CIPHER_NULL) { 36 TEST_ASSERT(key_bitlen == 0); 37 TEST_ASSERT(block_size == 1); 38 TEST_ASSERT(iv_size == 0); 39 } else if (info->mode == MBEDTLS_MODE_XTS) { 40 TEST_ASSERT(key_bitlen == 256 || 41 key_bitlen == 384 || 42 key_bitlen == 512); 43 } else if (!strncmp(info->name, "DES-EDE3-", 9)) { 44 TEST_ASSERT(key_bitlen == 192); 45 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 46 TEST_ASSERT(block_size == 8); 47 } else if (!strncmp(info->name, "DES-EDE-", 8)) { 48 TEST_ASSERT(key_bitlen == 128); 49 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 50 TEST_ASSERT(block_size == 8); 51 } else if (!strncmp(info->name, "DES-", 4)) { 52 TEST_ASSERT(key_bitlen == 64); 53 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 54 TEST_ASSERT(block_size == 8); 55 } else if (!strncmp(info->name, "AES", 3)) { 56 TEST_ASSERT(key_bitlen == 128 || 57 key_bitlen == 192 || 58 key_bitlen == 256); 59 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 60 TEST_ASSERT(block_size == 16); 61 } else { 62 TEST_ASSERT(key_bitlen == 128 || 63 key_bitlen == 192 || 64 key_bitlen == 256); 65 } 66 TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8); 67 TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH); 68 TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH); 69 70 if (strstr(info->name, "-ECB") != NULL) { 71 TEST_ASSERT(iv_size == 0); 72 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 73 } else if (strstr(info->name, "-CBC") != NULL || 74 strstr(info->name, "-CTR") != NULL) { 75 TEST_ASSERT(iv_size == block_size); 76 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 77 } else if (strstr(info->name, "-GCM") != NULL) { 78 TEST_ASSERT(iv_size == block_size - 4); 79 TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info)); 80 } 81 82 return 1; 83 84exit: 85 return 0; 86} 87 88#if defined(MBEDTLS_CIPHER_MODE_AEAD) 89/* Helper for resetting key/direction 90 * 91 * The documentation doesn't explicitly say whether calling 92 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 93 * the default software implementation, but only by accident. It isn't 94 * guaranteed to work with new ciphers or with alternative implementations of 95 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 96 * it, and instead start with a fresh context. 97 */ 98static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 99 int use_psa, size_t tag_len, const data_t *key, int direction) 100{ 101 mbedtls_cipher_free(ctx); 102 mbedtls_cipher_init(ctx); 103 104#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 105 (void) use_psa; 106 (void) tag_len; 107#else 108 if (use_psa == 1) { 109 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 110 mbedtls_cipher_info_from_type(cipher_id), 111 tag_len)); 112 } else 113#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 114 { 115 TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 116 mbedtls_cipher_info_from_type(cipher_id))); 117 } 118 119 TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 120 direction)); 121 return 1; 122 123exit: 124 return 0; 125} 126 127/* 128 * Check if a buffer is all-0 bytes: 129 * return 1 if it is, 130 * 0 if it isn't. 131 */ 132static int buffer_is_all_zero(const uint8_t *buf, size_t size) 133{ 134 for (size_t i = 0; i < size; i++) { 135 if (buf[i] != 0) { 136 return 0; 137 } 138 } 139 return 1; 140} 141#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 142 143/* END_HEADER */ 144 145/* BEGIN_DEPENDENCIES 146 * depends_on:MBEDTLS_CIPHER_C 147 * END_DEPENDENCIES 148 */ 149 150/* BEGIN_CASE */ 151void mbedtls_cipher_list() 152{ 153 const int *cipher_type; 154 155 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 156 const mbedtls_cipher_info_t *info = 157 mbedtls_cipher_info_from_type(*cipher_type); 158 mbedtls_test_set_step(*cipher_type); 159 if (!check_cipher_info(*cipher_type, info)) { 160 goto exit; 161 } 162 } 163} 164/* END_CASE */ 165 166/* BEGIN_CASE */ 167void cipher_invalid_param_unconditional() 168{ 169 mbedtls_cipher_context_t valid_ctx; 170 mbedtls_cipher_context_t invalid_ctx; 171 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 172 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 173 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 174 int valid_size = sizeof(valid_buffer); 175 int valid_bitlen = valid_size * 8; 176 const int *cipher_list = mbedtls_cipher_list(); 177 const mbedtls_cipher_info_t *valid_info; 178 size_t size_t_var; 179 180 (void) valid_mode; /* In some configurations this is unused */ 181 182 mbedtls_cipher_init(&valid_ctx); 183 mbedtls_cipher_init(&invalid_ctx); 184 185 /* Ensure that there is at least 1 supported cipher, otherwise exit gracefully */ 186 TEST_ASSUME(*cipher_list != 0); 187 valid_info = mbedtls_cipher_info_from_type(*cipher_list); 188 189 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 190 191 /* mbedtls_cipher_setup() */ 192 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 193 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 194 195 /* mbedtls_cipher_get_block_size() */ 196 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 197 198 /* mbedtls_cipher_get_cipher_mode() */ 199 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 200 MBEDTLS_MODE_NONE); 201 202 /* mbedtls_cipher_get_iv_size() */ 203 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 204 205 /* mbedtls_cipher_get_type() */ 206 TEST_ASSERT( 207 mbedtls_cipher_get_type(&invalid_ctx) == 208 MBEDTLS_CIPHER_NONE); 209 210 /* mbedtls_cipher_get_name() */ 211 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 212 213 /* mbedtls_cipher_get_key_bitlen() */ 214 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 215 MBEDTLS_KEY_LENGTH_NONE); 216 217 /* mbedtls_cipher_get_operation() */ 218 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 219 MBEDTLS_OPERATION_NONE); 220 221 /* mbedtls_cipher_setkey() */ 222 TEST_ASSERT( 223 mbedtls_cipher_setkey(&invalid_ctx, 224 valid_buffer, 225 valid_bitlen, 226 valid_operation) == 227 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 228 229 /* mbedtls_cipher_set_iv() */ 230 TEST_ASSERT( 231 mbedtls_cipher_set_iv(&invalid_ctx, 232 valid_buffer, 233 valid_size) == 234 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 235 236 /* mbedtls_cipher_reset() */ 237 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 238 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 239 240#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 241 /* mbedtls_cipher_update_ad() */ 242 TEST_ASSERT( 243 mbedtls_cipher_update_ad(&invalid_ctx, 244 valid_buffer, 245 valid_size) == 246 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 247#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 248 249#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 250 /* mbedtls_cipher_set_padding_mode() */ 251 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 252 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 253#endif 254 255 /* mbedtls_cipher_update() */ 256 TEST_ASSERT( 257 mbedtls_cipher_update(&invalid_ctx, 258 valid_buffer, 259 valid_size, 260 valid_buffer, 261 &size_t_var) == 262 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 263 264 /* mbedtls_cipher_finish() */ 265 TEST_ASSERT( 266 mbedtls_cipher_finish(&invalid_ctx, 267 valid_buffer, 268 &size_t_var) == 269 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 270 271#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 272 /* mbedtls_cipher_write_tag() */ 273 TEST_ASSERT( 274 mbedtls_cipher_write_tag(&invalid_ctx, 275 valid_buffer, 276 valid_size) == 277 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 278 279 /* mbedtls_cipher_check_tag() */ 280 TEST_ASSERT( 281 mbedtls_cipher_check_tag(&invalid_ctx, 282 valid_buffer, 283 valid_size) == 284 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 285#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 286 287exit: 288 mbedtls_cipher_free(&invalid_ctx); 289 mbedtls_cipher_free(&valid_ctx); 290} 291/* END_CASE */ 292 293/* BEGIN_CASE */ 294void cipher_invalid_param_conditional() 295{ 296 mbedtls_cipher_context_t valid_ctx; 297 298 mbedtls_operation_t invalid_operation = 100; 299 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 300 int valid_size = sizeof(valid_buffer); 301 int valid_bitlen = valid_size * 8; 302 303 TEST_EQUAL( 304 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 305 mbedtls_cipher_setkey(&valid_ctx, 306 valid_buffer, 307 valid_bitlen, 308 invalid_operation)); 309 310exit: 311 ; 312} 313/* END_CASE */ 314 315/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 316void cipher_special_behaviours() 317{ 318 const mbedtls_cipher_info_t *cipher_info; 319 mbedtls_cipher_context_t ctx; 320 unsigned char input[32]; 321 unsigned char output[32]; 322#if defined(MBEDTLS_CIPHER_MODE_CBC) 323 unsigned char iv[32]; 324#endif 325 size_t olen = 0; 326 327 mbedtls_cipher_init(&ctx); 328 memset(input, 0, sizeof(input)); 329 memset(output, 0, sizeof(output)); 330#if defined(MBEDTLS_CIPHER_MODE_CBC) 331 memset(iv, 0, sizeof(iv)); 332 333 /* Check and get info structures */ 334 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 335 TEST_ASSERT(NULL != cipher_info); 336 337 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 338 339 /* IV too big */ 340 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 341 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 342 343 /* IV too small */ 344 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 345 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 346 347 mbedtls_cipher_free(&ctx); 348 mbedtls_cipher_init(&ctx); 349#endif /* MBEDTLS_CIPHER_MODE_CBC */ 350 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 351 TEST_ASSERT(NULL != cipher_info); 352 353 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 354 355 /* Update ECB with partial block */ 356 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 357 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 358 359exit: 360 mbedtls_cipher_free(&ctx); 361} 362/* END_CASE */ 363 364/* BEGIN_CASE */ 365void enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 366 int length_val, int pad_mode) 367{ 368 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 369 unsigned char key[64]; 370 unsigned char iv[16]; 371 unsigned char ad[13]; 372 unsigned char tag[16]; 373 unsigned char inbuf[64]; 374 unsigned char encbuf[64]; 375 unsigned char decbuf[64]; 376 377 const mbedtls_cipher_info_t *cipher_info; 378 mbedtls_cipher_context_t ctx_dec; 379 mbedtls_cipher_context_t ctx_enc; 380 381 /* 382 * Prepare contexts 383 */ 384 mbedtls_cipher_init(&ctx_dec); 385 mbedtls_cipher_init(&ctx_enc); 386 387 memset(key, 0x2a, sizeof(key)); 388 389 /* Check and get info structures */ 390 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 391 TEST_ASSERT(NULL != cipher_info); 392 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 393 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 394 cipher_string) == 0); 395 396 /* Initialise enc and dec contexts */ 397 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 398 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 399 400 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 401 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 402 403#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 404 if (-1 != pad_mode) { 405 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 406 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 407 } 408#else 409 (void) pad_mode; 410#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 411 412 /* 413 * Do a few encode/decode cycles 414 */ 415 for (i = 0; i < 3; i++) { 416 memset(iv, 0x00 + i, sizeof(iv)); 417 memset(ad, 0x10 + i, sizeof(ad)); 418 memset(inbuf, 0x20 + i, sizeof(inbuf)); 419 420 memset(encbuf, 0, sizeof(encbuf)); 421 memset(decbuf, 0, sizeof(decbuf)); 422 memset(tag, 0, sizeof(tag)); 423 424 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 425 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 426 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 427 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 428 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 429 iv_len = 12; 430 } else { 431 iv_len = sizeof(iv); 432 } 433 434 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 435 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 436 437 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 438 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 439 440#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 441 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 442 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 443 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 444 445 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 446 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 447#endif 448 449 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 450 TEST_ASSERT(block_size != 0); 451 452 /* encode length number of bytes from inbuf */ 453 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 454 total_len = outlen; 455 456 TEST_ASSERT(total_len == length || 457 (total_len % block_size == 0 && 458 total_len < length && 459 total_len + block_size > length)); 460 461 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 462 total_len += outlen; 463 464#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 465 TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 466#endif 467 468 TEST_ASSERT(total_len == length || 469 (total_len % block_size == 0 && 470 total_len > length && 471 total_len <= length + block_size)); 472 473 /* decode the previously encoded string */ 474 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 475 total_len = outlen; 476 477 TEST_ASSERT(total_len == length || 478 (total_len % block_size == 0 && 479 total_len < length && 480 total_len + block_size >= length)); 481 482 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 483 total_len += outlen; 484 485#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 486 TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 487#endif 488 489 /* check result */ 490 TEST_ASSERT(total_len == length); 491 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 492 } 493 494 /* 495 * Done 496 */ 497exit: 498 mbedtls_cipher_free(&ctx_dec); 499 mbedtls_cipher_free(&ctx_enc); 500} 501/* END_CASE */ 502 503/* BEGIN_CASE */ 504void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 505 int ret) 506{ 507 size_t length = length_val; 508 unsigned char key[32]; 509 unsigned char iv[16]; 510 511 const mbedtls_cipher_info_t *cipher_info; 512 mbedtls_cipher_context_t ctx; 513 514 unsigned char inbuf[64]; 515 unsigned char encbuf[64]; 516 517 size_t outlen = 0; 518 519 memset(key, 0, 32); 520 memset(iv, 0, 16); 521 522 mbedtls_cipher_init(&ctx); 523 524 memset(inbuf, 5, 64); 525 memset(encbuf, 0, 64); 526 527 /* Check and get info structures */ 528 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 529 TEST_ASSERT(NULL != cipher_info); 530 531 /* Initialise context */ 532 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 533 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 534#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 535 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 536#else 537 (void) pad_mode; 538#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 539 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 540 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 541#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 542 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 543 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 544 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 545 546 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0)); 547#endif 548 549 /* encode length number of bytes from inbuf */ 550 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 551 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 552 if (0 != ret) { 553 /* Check output parameter is set to the least-harmful value on error */ 554 TEST_ASSERT(0 == outlen); 555 } 556 557 /* done */ 558exit: 559 mbedtls_cipher_free(&ctx); 560} 561/* END_CASE */ 562 563/* BEGIN_CASE */ 564void dec_empty_buf(int cipher, 565 int expected_update_ret, 566 int expected_finish_ret) 567{ 568 unsigned char key[32]; 569 570 unsigned char *iv = NULL; 571 size_t iv_len = 16; 572 573 mbedtls_cipher_context_t ctx_dec; 574 const mbedtls_cipher_info_t *cipher_info; 575 576 unsigned char encbuf[64]; 577 unsigned char decbuf[64]; 578 579 size_t outlen = 0; 580 581 memset(key, 0, 32); 582 583 mbedtls_cipher_init(&ctx_dec); 584 585 memset(encbuf, 0, 64); 586 memset(decbuf, 0, 64); 587 588 /* Initialise context */ 589 cipher_info = mbedtls_cipher_info_from_type(cipher); 590 TEST_ASSERT(NULL != cipher_info); 591 592 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 593 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 594 iv_len = 12; 595 } 596 597 TEST_CALLOC(iv, iv_len); 598 memset(iv, 0, iv_len); 599 600 TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); 601 602 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 603 604 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 605 key, mbedtls_cipher_info_get_key_bitlen(cipher_info), 606 MBEDTLS_DECRYPT)); 607 608 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 609 610 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 611 612#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) 613 if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) { 614 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, 615 MBEDTLS_PADDING_PKCS7)); 616 } 617#endif 618 619#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 620 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 621 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 622 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 623 624 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 625#endif 626 627 /* decode 0-byte string */ 628 TEST_ASSERT(expected_update_ret == 629 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 630 TEST_ASSERT(0 == outlen); 631 632 if (expected_finish_ret == 0 && 633 (cipher_info->mode == MBEDTLS_MODE_CBC || 634 cipher_info->mode == MBEDTLS_MODE_ECB)) { 635 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 636 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 637 * decrypting an empty buffer. 638 * On the other hand, CBC and ECB ciphers need a full block of input. 639 */ 640 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 641 } 642 643 TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 644 &ctx_dec, decbuf + outlen, &outlen)); 645 TEST_ASSERT(0 == outlen); 646 647exit: 648 mbedtls_free(iv); 649 mbedtls_cipher_free(&ctx_dec); 650} 651/* END_CASE */ 652 653/* BEGIN_CASE */ 654void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 655 int second_length_val, int pad_mode, 656 int first_encrypt_output_len, int second_encrypt_output_len, 657 int first_decrypt_output_len, int second_decrypt_output_len) 658{ 659 size_t first_length = first_length_val; 660 size_t second_length = second_length_val; 661 size_t length = first_length + second_length; 662 size_t block_size; 663 size_t iv_len; 664 unsigned char key[32]; 665 unsigned char iv[16]; 666 667 mbedtls_cipher_context_t ctx_dec; 668 mbedtls_cipher_context_t ctx_enc; 669 const mbedtls_cipher_info_t *cipher_info; 670 671 unsigned char inbuf[64]; 672 unsigned char encbuf[64]; 673 unsigned char decbuf[64]; 674 675 size_t outlen = 0; 676 size_t totaloutlen = 0; 677 678 memset(key, 0, 32); 679 memset(iv, 0, 16); 680 681 mbedtls_cipher_init(&ctx_dec); 682 mbedtls_cipher_init(&ctx_enc); 683 684 memset(inbuf, 5, 64); 685 memset(encbuf, 0, 64); 686 memset(decbuf, 0, 64); 687 688 /* Initialise enc and dec contexts */ 689 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 690 TEST_ASSERT(NULL != cipher_info); 691 692 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 693 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 694 695 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 696 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 697 698#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 699 if (-1 != pad_mode) { 700 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 701 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 702 } 703#else 704 (void) pad_mode; 705#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 706 707 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 708 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 709 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 710 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 711 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 712 iv_len = 12; 713 } else { 714 iv_len = sizeof(iv); 715 } 716 717 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 718 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 719 720 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 721 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 722 723#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 724 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 725 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 726 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 727 728 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 729 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 730#endif 731 732 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 733 TEST_ASSERT(block_size != 0); 734 735 /* encode length number of bytes from inbuf */ 736 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 737 TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 738 totaloutlen = outlen; 739 TEST_ASSERT(0 == 740 mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 741 encbuf + totaloutlen, 742 &outlen)); 743 TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 744 totaloutlen += outlen; 745 TEST_ASSERT(totaloutlen == length || 746 (totaloutlen % block_size == 0 && 747 totaloutlen < length && 748 totaloutlen + block_size > length)); 749 750 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 751 totaloutlen += outlen; 752 TEST_ASSERT(totaloutlen == length || 753 (totaloutlen % block_size == 0 && 754 totaloutlen > length && 755 totaloutlen <= length + block_size)); 756 757 /* decode the previously encoded string */ 758 second_length = totaloutlen - first_length; 759 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 760 TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 761 totaloutlen = outlen; 762 TEST_ASSERT(0 == 763 mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 764 decbuf + totaloutlen, 765 &outlen)); 766 TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 767 totaloutlen += outlen; 768 769 TEST_ASSERT(totaloutlen == length || 770 (totaloutlen % block_size == 0 && 771 totaloutlen < length && 772 totaloutlen + block_size >= length)); 773 774 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 775 totaloutlen += outlen; 776 777 TEST_ASSERT(totaloutlen == length); 778 779 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 780 781exit: 782 mbedtls_cipher_free(&ctx_dec); 783 mbedtls_cipher_free(&ctx_enc); 784} 785/* END_CASE */ 786 787/* BEGIN_CASE */ 788void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 789 data_t *iv, data_t *cipher, 790 data_t *clear, data_t *ad, data_t *tag, 791 int finish_result, int tag_result) 792{ 793 unsigned char output[265]; 794 mbedtls_cipher_context_t ctx; 795 size_t outlen, total_len; 796 797 mbedtls_cipher_init(&ctx); 798 799 memset(output, 0x00, sizeof(output)); 800 801#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 802 ((void) ad); 803 ((void) tag); 804#endif 805 806 /* Prepare context */ 807 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 808 mbedtls_cipher_info_from_type(cipher_id))); 809 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 810#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 811 if (pad_mode != -1) { 812 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 813 } 814#else 815 (void) pad_mode; 816#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 817 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 818 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 819#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 820 int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 821 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 822 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 823 824 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 825#endif 826 827 /* decode buffer and check tag->x */ 828 total_len = 0; 829 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 830 total_len += outlen; 831 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 832 &outlen)); 833 if (0 != finish_result) { 834 /* Check output parameter is set to the least-harmful value on error */ 835 TEST_ASSERT(0 == outlen); 836 } 837 total_len += outlen; 838#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 839 int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 840 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 841 tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 842 843 TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 844#endif 845 846 /* check plaintext only if everything went fine */ 847 if (0 == finish_result && 0 == tag_result) { 848 TEST_ASSERT(total_len == clear->len); 849 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 850 } 851 852exit: 853 mbedtls_cipher_free(&ctx); 854} 855/* END_CASE */ 856 857/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */ 858void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 859 data_t *ad, data_t *cipher, data_t *tag, 860 char *result, data_t *clear, int use_psa) 861{ 862 /* 863 * Take an AEAD ciphertext + tag and perform a pair 864 * of AEAD decryption and AEAD encryption. Check that 865 * this results in the expected plaintext, and that 866 * decryption and encryption are inverse to one another. 867 */ 868 869 int ret; 870 int using_nist_kw, using_nist_kw_padding; 871 872 mbedtls_cipher_context_t ctx; 873 size_t outlen; 874 875 unsigned char *cipher_plus_tag = NULL; 876 size_t cipher_plus_tag_len; 877 unsigned char *decrypt_buf = NULL; 878 size_t decrypt_buf_len = 0; 879 unsigned char *encrypt_buf = NULL; 880 size_t encrypt_buf_len = 0; 881 882 /* Null pointers are documented as valid for inputs of length 0. 883 * The test framework passes non-null pointers, so set them to NULL. 884 * key, cipher and tag can't be empty. */ 885 if (iv->len == 0) { 886 iv->x = NULL; 887 } 888 if (ad->len == 0) { 889 ad->x = NULL; 890 } 891 if (clear->len == 0) { 892 clear->x = NULL; 893 } 894 895 mbedtls_cipher_init(&ctx); 896 897 /* Initialize PSA Crypto */ 898#if defined(MBEDTLS_USE_PSA_CRYPTO) 899 if (use_psa == 1) { 900 PSA_ASSERT(psa_crypto_init()); 901 } 902#else 903 (void) use_psa; 904#endif 905 906 /* 907 * Are we using NIST_KW? with padding? 908 */ 909 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 910 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 911 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 912 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 913 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 914 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 915 using_nist_kw_padding; 916 917 /* 918 * Prepare context for decryption 919 */ 920 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 921 MBEDTLS_DECRYPT)) { 922 goto exit; 923 } 924 925 /* 926 * prepare buffer for decryption 927 * (we need the tag appended to the ciphertext) 928 */ 929 cipher_plus_tag_len = cipher->len + tag->len; 930 TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); 931 memcpy(cipher_plus_tag, cipher->x, cipher->len); 932 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 933 934 /* 935 * Compute length of output buffer according to the documentation 936 */ 937 if (using_nist_kw) { 938 decrypt_buf_len = cipher_plus_tag_len - 8; 939 } else { 940 decrypt_buf_len = cipher_plus_tag_len - tag->len; 941 } 942 943 944 /* 945 * Try decrypting to a buffer that's 1B too small 946 */ 947 if (decrypt_buf_len != 0) { 948 TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); 949 950 outlen = 0; 951 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 952 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 953 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 954 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 955 956 mbedtls_free(decrypt_buf); 957 decrypt_buf = NULL; 958 } 959 960 /* 961 * Authenticate and decrypt, and check result 962 */ 963 TEST_CALLOC(decrypt_buf, decrypt_buf_len); 964 965 outlen = 0; 966 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 967 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 968 decrypt_buf, decrypt_buf_len, &outlen, tag->len); 969 970 if (strcmp(result, "FAIL") == 0) { 971 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 972 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 973 } else { 974 TEST_ASSERT(ret == 0); 975 TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 976 } 977 978 mbedtls_free(decrypt_buf); 979 decrypt_buf = NULL; 980 981 /* 982 * Encrypt back if test data was authentic 983 */ 984 if (strcmp(result, "FAIL") != 0) { 985 /* prepare context for encryption */ 986 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 987 MBEDTLS_ENCRYPT)) { 988 goto exit; 989 } 990 991 /* 992 * Compute size of output buffer according to documentation 993 */ 994 if (using_nist_kw) { 995 encrypt_buf_len = clear->len + 8; 996 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 997 encrypt_buf_len += 8 - encrypt_buf_len % 8; 998 } 999 } else { 1000 encrypt_buf_len = clear->len + tag->len; 1001 } 1002 1003 /* 1004 * Try encrypting with an output buffer that's 1B too small 1005 */ 1006 TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); 1007 1008 outlen = 0; 1009 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1010 ad->x, ad->len, clear->x, clear->len, 1011 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 1012 TEST_ASSERT(ret != 0); 1013 1014 mbedtls_free(encrypt_buf); 1015 encrypt_buf = NULL; 1016 1017 /* 1018 * Encrypt and check the result 1019 */ 1020 TEST_CALLOC(encrypt_buf, encrypt_buf_len); 1021 1022 outlen = 0; 1023 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1024 ad->x, ad->len, clear->x, clear->len, 1025 encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1026 TEST_ASSERT(ret == 0); 1027 1028 TEST_ASSERT(outlen == cipher->len + tag->len); 1029 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1030 TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1031 tag->x, tag->len) == 0); 1032 1033 mbedtls_free(encrypt_buf); 1034 encrypt_buf = NULL; 1035 } 1036 1037exit: 1038 1039 mbedtls_cipher_free(&ctx); 1040 mbedtls_free(decrypt_buf); 1041 mbedtls_free(encrypt_buf); 1042 mbedtls_free(cipher_plus_tag); 1043 1044#if defined(MBEDTLS_USE_PSA_CRYPTO) 1045 if (use_psa == 1) { 1046 PSA_DONE(); 1047 } 1048#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1049} 1050/* END_CASE */ 1051 1052/* BEGIN_CASE */ 1053void test_vec_ecb(int cipher_id, int operation, data_t *key, 1054 data_t *input, data_t *result, int finish_result 1055 ) 1056{ 1057 mbedtls_cipher_context_t ctx; 1058 unsigned char output[32]; 1059 size_t outlen; 1060 1061 mbedtls_cipher_init(&ctx); 1062 1063 memset(output, 0x00, sizeof(output)); 1064 1065 /* Prepare context */ 1066 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1067 mbedtls_cipher_info_from_type(cipher_id))); 1068 1069 1070 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1071 1072 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1073 mbedtls_cipher_get_block_size(&ctx), 1074 output, &outlen)); 1075 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1076 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1077 &outlen)); 1078 TEST_ASSERT(0 == outlen); 1079 1080 /* check plaintext only if everything went fine */ 1081 if (0 == finish_result) { 1082 TEST_ASSERT(0 == memcmp(output, result->x, 1083 mbedtls_cipher_get_block_size(&ctx))); 1084 } 1085 1086exit: 1087 mbedtls_cipher_free(&ctx); 1088} 1089/* END_CASE */ 1090 1091/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1092void test_vec_crypt(int cipher_id, int operation, data_t *key, 1093 data_t *iv, data_t *input, data_t *result, 1094 int finish_result, int use_psa) 1095{ 1096 mbedtls_cipher_context_t ctx; 1097 unsigned char output[32]; 1098 size_t outlen; 1099 1100 mbedtls_cipher_init(&ctx); 1101 1102 memset(output, 0x00, sizeof(output)); 1103 1104 /* Prepare context */ 1105#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1106 (void) use_psa; 1107#else 1108 if (use_psa == 1) { 1109 PSA_ASSERT(psa_crypto_init()); 1110 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1111 mbedtls_cipher_info_from_type(cipher_id), 0)); 1112 } else 1113#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1114 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1115 mbedtls_cipher_info_from_type(cipher_id))); 1116 1117 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1118 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1119 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1120 } 1121 1122 TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1123 iv->len, input->x, input->len, 1124 output, &outlen)); 1125 TEST_ASSERT(result->len == outlen); 1126 /* check plaintext only if everything went fine */ 1127 if (0 == finish_result) { 1128 TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1129 } 1130 1131exit: 1132 mbedtls_cipher_free(&ctx); 1133#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1134 PSA_DONE(); 1135#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1136} 1137/* END_CASE */ 1138 1139/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1140void set_padding(int cipher_id, int pad_mode, int ret) 1141{ 1142 const mbedtls_cipher_info_t *cipher_info; 1143 mbedtls_cipher_context_t ctx; 1144 1145 mbedtls_cipher_init(&ctx); 1146 1147 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1148 TEST_ASSERT(NULL != cipher_info); 1149 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1150 1151 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1152 1153exit: 1154 mbedtls_cipher_free(&ctx); 1155} 1156/* END_CASE */ 1157 1158/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1159void check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1160 ) 1161{ 1162 mbedtls_cipher_info_t cipher_info; 1163 mbedtls_cipher_context_t ctx; 1164 size_t dlen; 1165 1166 /* build a fake context just for getting access to get_padding */ 1167 mbedtls_cipher_init(&ctx); 1168 cipher_info.mode = MBEDTLS_MODE_CBC; 1169 ctx.cipher_info = &cipher_info; 1170 1171 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1172 1173 1174 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1175 if (0 == ret) { 1176 TEST_ASSERT(dlen == (size_t) dlen_check); 1177 } 1178} 1179/* END_CASE */ 1180 1181/* BEGIN_CASE */ 1182void iv_len_validity(int cipher_id, char *cipher_string, 1183 int iv_len_val, int ret) 1184{ 1185 size_t iv_len = iv_len_val; 1186 unsigned char iv[16]; 1187 1188 /* Initialise iv buffer */ 1189 memset(iv, 0, sizeof(iv)); 1190 1191 const mbedtls_cipher_info_t *cipher_info; 1192 mbedtls_cipher_context_t ctx_dec; 1193 mbedtls_cipher_context_t ctx_enc; 1194 1195 /* 1196 * Prepare contexts 1197 */ 1198 mbedtls_cipher_init(&ctx_dec); 1199 mbedtls_cipher_init(&ctx_enc); 1200 1201 /* Check and get info structures */ 1202 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1203 TEST_ASSERT(NULL != cipher_info); 1204 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1205 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 1206 cipher_string) == 0); 1207 1208 /* Initialise enc and dec contexts */ 1209 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1210 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1211 1212 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1213 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1214 1215exit: 1216 mbedtls_cipher_free(&ctx_dec); 1217 mbedtls_cipher_free(&ctx_enc); 1218} 1219/* END_CASE */ 1220 1221/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1222void check_set_padding(int cipher_id) 1223{ 1224 mbedtls_cipher_context_t ctx; 1225 unsigned char *key = NULL; 1226 unsigned char iv[16] = { 0 }; 1227 unsigned char input[16] = { 0 }; 1228 unsigned char output[32] = { 0 }; 1229 size_t outlen = 0; 1230 const mbedtls_cipher_info_t *cipher_info; 1231 size_t keylen = 0; 1232 1233 mbedtls_cipher_init(&ctx); 1234 1235 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1236 1237 if (cipher_info->mode != MBEDTLS_MODE_CBC) { 1238 TEST_FAIL("Cipher mode must be CBC"); 1239 } 1240 1241 keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info); 1242 TEST_CALLOC(key, keylen/8); 1243 memset(key, 0, keylen/8); 1244 1245 TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); 1246 1247 TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, 1248 MBEDTLS_ENCRYPT)); 1249 1250 TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 1251 mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1252 sizeof(input), output, &outlen)); 1253 1254 TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1255 TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1256 sizeof(input), output, &outlen)); 1257 1258exit: 1259 mbedtls_cipher_free(&ctx); 1260 mbedtls_free(key); 1261} 1262/* END_CASE */ 1263
