1/* BEGIN_HEADER */ 2#include "mbedtls/ccm.h" 3/* END_HEADER */ 4 5/* BEGIN_DEPENDENCIES 6 * depends_on:MBEDTLS_CCM_C 7 * END_DEPENDENCIES 8 */ 9 10/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */ 11void mbedtls_ccm_self_test( ) 12{ 13 TEST_ASSERT( mbedtls_ccm_self_test( 1 ) == 0 ); 14} 15/* END_CASE */ 16 17/* BEGIN_CASE */ 18void mbedtls_ccm_setkey( int cipher_id, int key_size, int result ) 19{ 20 mbedtls_ccm_context ctx; 21 unsigned char key[32]; 22 int ret; 23 24 mbedtls_ccm_init( &ctx ); 25 26 memset( key, 0x2A, sizeof( key ) ); 27 TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) ); 28 29 ret = mbedtls_ccm_setkey( &ctx, cipher_id, key, key_size ); 30 TEST_ASSERT( ret == result ); 31 32exit: 33 mbedtls_ccm_free( &ctx ); 34} 35/* END_CASE */ 36 37/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 38void ccm_lengths( int msg_len, int iv_len, int add_len, int tag_len, int res ) 39{ 40 mbedtls_ccm_context ctx; 41 unsigned char key[16]; 42 unsigned char msg[10]; 43 unsigned char iv[14]; 44 unsigned char *add = NULL; 45 unsigned char out[10]; 46 unsigned char tag[18]; 47 int decrypt_ret; 48 49 mbedtls_ccm_init( &ctx ); 50 51 ASSERT_ALLOC_WEAK( add, add_len ); 52 memset( key, 0, sizeof( key ) ); 53 memset( msg, 0, sizeof( msg ) ); 54 memset( iv, 0, sizeof( iv ) ); 55 memset( out, 0, sizeof( out ) ); 56 memset( tag, 0, sizeof( tag ) ); 57 58 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, 59 key, 8 * sizeof( key ) ) == 0 ); 60 61 TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg_len, iv, iv_len, add, add_len, 62 msg, out, tag, tag_len ) == res ); 63 64 decrypt_ret = mbedtls_ccm_auth_decrypt( &ctx, msg_len, iv, iv_len, add, add_len, 65 msg, out, tag, tag_len ); 66 67 if( res == 0 ) 68 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED ); 69 else 70 TEST_ASSERT( decrypt_ret == res ); 71 72exit: 73 mbedtls_free( add ); 74 mbedtls_ccm_free( &ctx ); 75} 76/* END_CASE */ 77 78/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 79void ccm_star_lengths( int msg_len, int iv_len, int add_len, int tag_len, 80 int res ) 81{ 82 mbedtls_ccm_context ctx; 83 unsigned char key[16]; 84 unsigned char msg[10]; 85 unsigned char iv[14]; 86 unsigned char add[10]; 87 unsigned char out[10]; 88 unsigned char tag[18]; 89 int decrypt_ret; 90 91 mbedtls_ccm_init( &ctx ); 92 93 memset( key, 0, sizeof( key ) ); 94 memset( msg, 0, sizeof( msg ) ); 95 memset( iv, 0, sizeof( iv ) ); 96 memset( add, 0, sizeof( add ) ); 97 memset( out, 0, sizeof( out ) ); 98 memset( tag, 0, sizeof( tag ) ); 99 100 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, MBEDTLS_CIPHER_ID_AES, 101 key, 8 * sizeof( key ) ) == 0 ); 102 103 TEST_ASSERT( mbedtls_ccm_star_encrypt_and_tag( &ctx, msg_len, iv, iv_len, 104 add, add_len, msg, out, tag, tag_len ) == res ); 105 106 decrypt_ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg_len, iv, iv_len, add, 107 add_len, msg, out, tag, tag_len ); 108 109 if( res == 0 && tag_len != 0 ) 110 TEST_ASSERT( decrypt_ret == MBEDTLS_ERR_CCM_AUTH_FAILED ); 111 else 112 TEST_ASSERT( decrypt_ret == res ); 113 114exit: 115 mbedtls_ccm_free( &ctx ); 116} 117/* END_CASE */ 118 119/* BEGIN_CASE */ 120void mbedtls_ccm_encrypt_and_tag( int cipher_id, data_t * key, 121 data_t * msg, data_t * iv, 122 data_t * add, data_t * result ) 123{ 124 mbedtls_ccm_context ctx; 125 size_t tag_len; 126 uint8_t * msg_n_tag = (uint8_t *)malloc( result->len + 2 ); 127 128 mbedtls_ccm_init( &ctx ); 129 130 memset( msg_n_tag, 0, result->len + 2 ); 131 memcpy( msg_n_tag, msg->x, msg->len ); 132 133 tag_len = result->len - msg->len; 134 135 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); 136 137 /* Test with input == output */ 138 TEST_ASSERT( mbedtls_ccm_encrypt_and_tag( &ctx, msg->len, iv->x, iv->len, add->x, add->len, 139 msg_n_tag, msg_n_tag, msg_n_tag + msg->len, tag_len ) == 0 ); 140 141 TEST_ASSERT( memcmp( msg_n_tag, result->x, result->len ) == 0 ); 142 143 /* Check we didn't write past the end */ 144 TEST_ASSERT( msg_n_tag[result->len] == 0 && msg_n_tag[result->len + 1] == 0 ); 145 146exit: 147 mbedtls_ccm_free( &ctx ); 148 free( msg_n_tag ); 149} 150/* END_CASE */ 151 152/* BEGIN_CASE */ 153void mbedtls_ccm_auth_decrypt( int cipher_id, data_t * key, 154 data_t * msg, data_t * iv, 155 data_t * add, int tag_len, int result, 156 data_t * expected_msg ) 157{ 158 unsigned char tag[16]; 159 mbedtls_ccm_context ctx; 160 161 mbedtls_ccm_init( &ctx ); 162 163 memset( tag, 0x00, sizeof( tag ) ); 164 165 msg->len -= tag_len; 166 memcpy( tag, msg->x + msg->len, tag_len ); 167 168 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); 169 170 /* Test with input == output */ 171 TEST_ASSERT( mbedtls_ccm_auth_decrypt( &ctx, msg->len, iv->x, iv->len, add->x, add->len, 172 msg->x, msg->x, msg->x + msg->len, tag_len ) == result ); 173 174 if( result == 0 ) 175 { 176 TEST_ASSERT( memcmp( msg->x, expected_msg->x, expected_msg->len ) == 0 ); 177 } 178 else 179 { 180 size_t i; 181 182 for( i = 0; i < msg->len; i++ ) 183 TEST_ASSERT( msg->x[i] == 0 ); 184 } 185 186 /* Check we didn't write past the end (where the original tag is) */ 187 TEST_ASSERT( memcmp( msg->x + msg->len, tag, tag_len ) == 0 ); 188 189exit: 190 mbedtls_ccm_free( &ctx ); 191} 192/* END_CASE */ 193 194/* BEGIN_CASE */ 195void mbedtls_ccm_star_encrypt_and_tag( int cipher_id, 196 data_t *key, data_t *msg, 197 data_t *source_address, data_t *frame_counter, 198 int sec_level, data_t *add, 199 data_t *expected_result, int output_ret ) 200{ 201 unsigned char iv[13]; 202 unsigned char result[50]; 203 mbedtls_ccm_context ctx; 204 size_t i, iv_len, tag_len; 205 int ret; 206 207 mbedtls_ccm_init( &ctx ); 208 209 memset( iv, 0x00, sizeof( iv ) ); 210 memset( result, 0x00, sizeof( result ) ); 211 212 if( sec_level % 4 == 0) 213 tag_len = 0; 214 else 215 tag_len = 1 << ( sec_level % 4 + 1); 216 217 for( i = 0; i < source_address->len; i++ ) 218 iv[i] = source_address->x[i]; 219 220 for( i = 0; i < frame_counter->len; i++ ) 221 iv[source_address->len + i] = frame_counter->x[i]; 222 223 iv[source_address->len + frame_counter->len] = sec_level; 224 iv_len = sizeof( iv ); 225 226 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, 227 key->x, key->len * 8 ) == 0 ); 228 229 ret = mbedtls_ccm_star_encrypt_and_tag( &ctx, msg->len, iv, iv_len, 230 add->x, add->len, msg->x, 231 result, result + msg->len, tag_len ); 232 233 TEST_ASSERT( ret == output_ret ); 234 235 TEST_ASSERT( memcmp( result, 236 expected_result->x, expected_result->len ) == 0 ); 237 238 /* Check we didn't write past the end */ 239 TEST_ASSERT( result[expected_result->len] == 0 && 240 result[expected_result->len + 1] == 0 ); 241 242exit: 243 mbedtls_ccm_free( &ctx ); 244} 245/* END_CASE */ 246 247/* BEGIN_CASE */ 248void mbedtls_ccm_star_auth_decrypt( int cipher_id, 249 data_t *key, data_t *msg, 250 data_t *source_address, data_t *frame_counter, 251 int sec_level, data_t *add, 252 data_t *expected_result, int output_ret ) 253{ 254 unsigned char iv[13]; 255 unsigned char result[50]; 256 mbedtls_ccm_context ctx; 257 size_t i, iv_len, tag_len; 258 int ret; 259 260 mbedtls_ccm_init( &ctx ); 261 262 memset( iv, 0x00, sizeof( iv ) ); 263 memset( result, '+', sizeof( result ) ); 264 265 if( sec_level % 4 == 0) 266 tag_len = 0; 267 else 268 tag_len = 1 << ( sec_level % 4 + 1); 269 270 for( i = 0; i < source_address->len; i++ ) 271 iv[i] = source_address->x[i]; 272 273 for( i = 0; i < frame_counter->len; i++ ) 274 iv[source_address->len + i] = frame_counter->x[i]; 275 276 iv[source_address->len + frame_counter->len] = sec_level; 277 iv_len = sizeof( iv ); 278 279 TEST_ASSERT( mbedtls_ccm_setkey( &ctx, cipher_id, key->x, key->len * 8 ) == 0 ); 280 281 ret = mbedtls_ccm_star_auth_decrypt( &ctx, msg->len - tag_len, iv, iv_len, 282 add->x, add->len, msg->x, result, 283 msg->x + msg->len - tag_len, tag_len ); 284 285 TEST_ASSERT( ret == output_ret ); 286 287 TEST_ASSERT( memcmp( result, expected_result->x, 288 expected_result->len ) == 0 ); 289 290 /* Check we didn't write past the end (where the original tag is) */ 291 TEST_ASSERT( ( msg->len + 2 ) <= sizeof( result ) ); 292 TEST_EQUAL( result[msg->len], '+' ); 293 TEST_EQUAL( result[msg->len + 1], '+' ); 294 295exit: 296 mbedtls_ccm_free( &ctx ); 297} 298/* END_CASE */ 299 300/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 301void ccm_invalid_param( ) 302{ 303 struct mbedtls_ccm_context ctx; 304 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06 }; 305 mbedtls_cipher_id_t valid_cipher = MBEDTLS_CIPHER_ID_AES; 306 int valid_len = sizeof(valid_buffer); 307 int valid_bitlen = valid_len * 8; 308 309 mbedtls_ccm_init( &ctx ); 310 311 /* mbedtls_ccm_init() */ 312 TEST_INVALID_PARAM( mbedtls_ccm_init( NULL ) ); 313 314 /* mbedtls_ccm_setkey() */ 315 TEST_INVALID_PARAM_RET( 316 MBEDTLS_ERR_CCM_BAD_INPUT, 317 mbedtls_ccm_setkey( NULL, valid_cipher, valid_buffer, valid_bitlen ) ); 318 TEST_INVALID_PARAM_RET( 319 MBEDTLS_ERR_CCM_BAD_INPUT, 320 mbedtls_ccm_setkey( &ctx, valid_cipher, NULL, valid_bitlen ) ); 321 322 /* mbedtls_ccm_encrypt_and_tag() */ 323 TEST_INVALID_PARAM_RET( 324 MBEDTLS_ERR_CCM_BAD_INPUT, 325 mbedtls_ccm_encrypt_and_tag( NULL, valid_len, 326 valid_buffer, valid_len, 327 valid_buffer, valid_len, 328 valid_buffer, valid_buffer, 329 valid_buffer, valid_len ) ); 330 TEST_INVALID_PARAM_RET( 331 MBEDTLS_ERR_CCM_BAD_INPUT, 332 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 333 NULL, valid_len, 334 valid_buffer, valid_len, 335 valid_buffer, valid_buffer, 336 valid_buffer, valid_len ) ); 337 TEST_INVALID_PARAM_RET( 338 MBEDTLS_ERR_CCM_BAD_INPUT, 339 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 340 valid_buffer, valid_len, 341 NULL, valid_len, 342 valid_buffer, valid_buffer, 343 valid_buffer, valid_len ) ); 344 TEST_INVALID_PARAM_RET( 345 MBEDTLS_ERR_CCM_BAD_INPUT, 346 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 347 valid_buffer, valid_len, 348 valid_buffer, valid_len, 349 NULL, valid_buffer, 350 valid_buffer, valid_len ) ); 351 TEST_INVALID_PARAM_RET( 352 MBEDTLS_ERR_CCM_BAD_INPUT, 353 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 354 valid_buffer, valid_len, 355 valid_buffer, valid_len, 356 valid_buffer, NULL, 357 valid_buffer, valid_len ) ); 358 TEST_INVALID_PARAM_RET( 359 MBEDTLS_ERR_CCM_BAD_INPUT, 360 mbedtls_ccm_encrypt_and_tag( &ctx, valid_len, 361 valid_buffer, valid_len, 362 valid_buffer, valid_len, 363 valid_buffer, valid_buffer, 364 NULL, valid_len ) ); 365 366 /* mbedtls_ccm_star_encrypt_and_tag() */ 367 TEST_INVALID_PARAM_RET( 368 MBEDTLS_ERR_CCM_BAD_INPUT, 369 mbedtls_ccm_star_encrypt_and_tag( NULL, valid_len, 370 valid_buffer, valid_len, 371 valid_buffer, valid_len, 372 valid_buffer, valid_buffer, 373 valid_buffer, valid_len) ); 374 TEST_INVALID_PARAM_RET( 375 MBEDTLS_ERR_CCM_BAD_INPUT, 376 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 377 NULL, valid_len, 378 valid_buffer, valid_len, 379 valid_buffer, valid_buffer, 380 valid_buffer, valid_len ) ); 381 TEST_INVALID_PARAM_RET( 382 MBEDTLS_ERR_CCM_BAD_INPUT, 383 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 384 valid_buffer, valid_len, 385 NULL, valid_len, 386 valid_buffer, valid_buffer, 387 valid_buffer, valid_len ) ); 388 TEST_INVALID_PARAM_RET( 389 MBEDTLS_ERR_CCM_BAD_INPUT, 390 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 391 valid_buffer, valid_len, 392 valid_buffer, valid_len, 393 NULL, valid_buffer, 394 valid_buffer, valid_len ) ); 395 TEST_INVALID_PARAM_RET( 396 MBEDTLS_ERR_CCM_BAD_INPUT, 397 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 398 valid_buffer, valid_len, 399 valid_buffer, valid_len, 400 valid_buffer, NULL, 401 valid_buffer, valid_len ) ); 402 TEST_INVALID_PARAM_RET( 403 MBEDTLS_ERR_CCM_BAD_INPUT, 404 mbedtls_ccm_star_encrypt_and_tag( &ctx, valid_len, 405 valid_buffer, valid_len, 406 valid_buffer, valid_len, 407 valid_buffer, valid_buffer, 408 NULL, valid_len ) ); 409 410 /* mbedtls_ccm_auth_decrypt() */ 411 TEST_INVALID_PARAM_RET( 412 MBEDTLS_ERR_CCM_BAD_INPUT, 413 mbedtls_ccm_auth_decrypt( NULL, valid_len, 414 valid_buffer, valid_len, 415 valid_buffer, valid_len, 416 valid_buffer, valid_buffer, 417 valid_buffer, valid_len ) ); 418 TEST_INVALID_PARAM_RET( 419 MBEDTLS_ERR_CCM_BAD_INPUT, 420 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 421 NULL, valid_len, 422 valid_buffer, valid_len, 423 valid_buffer, valid_buffer, 424 valid_buffer, valid_len ) ); 425 TEST_INVALID_PARAM_RET( 426 MBEDTLS_ERR_CCM_BAD_INPUT, 427 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 428 valid_buffer, valid_len, 429 NULL, valid_len, 430 valid_buffer, valid_buffer, 431 valid_buffer, valid_len ) ); 432 TEST_INVALID_PARAM_RET( 433 MBEDTLS_ERR_CCM_BAD_INPUT, 434 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 435 valid_buffer, valid_len, 436 valid_buffer, valid_len, 437 NULL, valid_buffer, 438 valid_buffer, valid_len ) ); 439 TEST_INVALID_PARAM_RET( 440 MBEDTLS_ERR_CCM_BAD_INPUT, 441 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 442 valid_buffer, valid_len, 443 valid_buffer, valid_len, 444 valid_buffer, NULL, 445 valid_buffer, valid_len ) ); 446 TEST_INVALID_PARAM_RET( 447 MBEDTLS_ERR_CCM_BAD_INPUT, 448 mbedtls_ccm_auth_decrypt( &ctx, valid_len, 449 valid_buffer, valid_len, 450 valid_buffer, valid_len, 451 valid_buffer, valid_buffer, 452 NULL, valid_len ) ); 453 454 /* mbedtls_ccm_star_auth_decrypt() */ 455 TEST_INVALID_PARAM_RET( 456 MBEDTLS_ERR_CCM_BAD_INPUT, 457 mbedtls_ccm_star_auth_decrypt( NULL, valid_len, 458 valid_buffer, valid_len, 459 valid_buffer, valid_len, 460 valid_buffer, valid_buffer, 461 valid_buffer, valid_len ) ); 462 TEST_INVALID_PARAM_RET( 463 MBEDTLS_ERR_CCM_BAD_INPUT, 464 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 465 NULL, valid_len, 466 valid_buffer, valid_len, 467 valid_buffer, valid_buffer, 468 valid_buffer, valid_len ) ); 469 TEST_INVALID_PARAM_RET( 470 MBEDTLS_ERR_CCM_BAD_INPUT, 471 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 472 valid_buffer, valid_len, 473 NULL, valid_len, 474 valid_buffer, valid_buffer, 475 valid_buffer, valid_len ) ); 476 TEST_INVALID_PARAM_RET( 477 MBEDTLS_ERR_CCM_BAD_INPUT, 478 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 479 valid_buffer, valid_len, 480 valid_buffer, valid_len, 481 NULL, valid_buffer, 482 valid_buffer, valid_len ) ); 483 TEST_INVALID_PARAM_RET( 484 MBEDTLS_ERR_CCM_BAD_INPUT, 485 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 486 valid_buffer, valid_len, 487 valid_buffer, valid_len, 488 valid_buffer, NULL, 489 valid_buffer, valid_len ) ); 490 TEST_INVALID_PARAM_RET( 491 MBEDTLS_ERR_CCM_BAD_INPUT, 492 mbedtls_ccm_star_auth_decrypt( &ctx, valid_len, 493 valid_buffer, valid_len, 494 valid_buffer, valid_len, 495 valid_buffer, valid_buffer, 496 NULL, valid_len ) ); 497 498exit: 499 mbedtls_ccm_free( &ctx ); 500 return; 501} 502/* END_CASE */ 503 504/* BEGIN_CASE */ 505void ccm_valid_param( ) 506{ 507 TEST_VALID_PARAM( mbedtls_ccm_free( NULL ) ); 508exit: 509 return; 510} 511/* END_CASE */ 512
