1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3 4#if defined(MBEDTLS_AES_C) 5#include "mbedtls/aes.h" 6#endif 7 8#if defined(MBEDTLS_GCM_C) 9#include "mbedtls/gcm.h" 10#endif 11 12#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 13#define MBEDTLS_CIPHER_AUTH_CRYPT 14#endif 15 16#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) 17/* Helper for resetting key/direction 18 * 19 * The documentation doesn't explicitly say whether calling 20 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 21 * the default software implementation, but only by accident. It isn't 22 * guaranteed to work with new ciphers or with alternative implementations of 23 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 24 * it, and instead start with a fresh context. 25 */ 26static int cipher_reset_key( mbedtls_cipher_context_t *ctx, int cipher_id, 27 int use_psa, size_t tag_len, const data_t *key, int direction ) 28{ 29 mbedtls_cipher_free( ctx ); 30 mbedtls_cipher_init( ctx ); 31 32#if !defined(MBEDTLS_USE_PSA_CRYPTO) 33 (void) use_psa; 34 (void) tag_len; 35#else 36 if( use_psa == 1 ) 37 { 38 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( ctx, 39 mbedtls_cipher_info_from_type( cipher_id ), 40 tag_len ) ); 41 } 42 else 43#endif /* MBEDTLS_USE_PSA_CRYPTO */ 44 { 45 TEST_ASSERT( 0 == mbedtls_cipher_setup( ctx, 46 mbedtls_cipher_info_from_type( cipher_id ) ) ); 47 } 48 49 TEST_ASSERT( 0 == mbedtls_cipher_setkey( ctx, key->x, 8 * key->len, 50 direction ) ); 51 return( 1 ); 52 53exit: 54 return( 0 ); 55} 56 57/* 58 * Check if a buffer is all-0 bytes: 59 * return 1 if it is, 60 * 0 if it isn't. 61 */ 62int buffer_is_all_zero( const uint8_t *buf, size_t size ) 63{ 64 for( size_t i = 0; i < size; i++ ) 65 if( buf[i] != 0 ) 66 return 0; 67 return 1; 68} 69#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 70 71/* END_HEADER */ 72 73/* BEGIN_DEPENDENCIES 74 * depends_on:MBEDTLS_CIPHER_C 75 * END_DEPENDENCIES 76 */ 77 78/* BEGIN_CASE */ 79void mbedtls_cipher_list( ) 80{ 81 const int *cipher_type; 82 83 for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ ) 84 TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL ); 85} 86/* END_CASE */ 87 88/* BEGIN_CASE */ 89void cipher_invalid_param_unconditional( ) 90{ 91 mbedtls_cipher_context_t valid_ctx; 92 mbedtls_cipher_context_t invalid_ctx; 93 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 94 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 95 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 96 int valid_size = sizeof(valid_buffer); 97 int valid_bitlen = valid_size * 8; 98 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 99 *( mbedtls_cipher_list() ) ); 100 size_t size_t_var; 101 102 (void)valid_mode; /* In some configurations this is unused */ 103 104 mbedtls_cipher_init( &valid_ctx ); 105 mbedtls_cipher_init( &invalid_ctx ); 106 107 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, valid_info ) == 0 ); 108 109 /* mbedtls_cipher_setup() */ 110 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) == 111 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 112 113 /* mbedtls_cipher_get_block_size() */ 114 TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 ); 115 116 /* mbedtls_cipher_get_cipher_mode() */ 117 TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) == 118 MBEDTLS_MODE_NONE ); 119 120 /* mbedtls_cipher_get_iv_size() */ 121 TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 ); 122 123 /* mbedtls_cipher_get_type() */ 124 TEST_ASSERT( 125 mbedtls_cipher_get_type( &invalid_ctx ) == 126 MBEDTLS_CIPHER_NONE); 127 128 /* mbedtls_cipher_get_name() */ 129 TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 ); 130 131 /* mbedtls_cipher_get_key_bitlen() */ 132 TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) == 133 MBEDTLS_KEY_LENGTH_NONE ); 134 135 /* mbedtls_cipher_get_operation() */ 136 TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) == 137 MBEDTLS_OPERATION_NONE ); 138 139 /* mbedtls_cipher_setkey() */ 140 TEST_ASSERT( 141 mbedtls_cipher_setkey( &invalid_ctx, 142 valid_buffer, 143 valid_bitlen, 144 valid_operation ) == 145 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 146 147 /* mbedtls_cipher_set_iv() */ 148 TEST_ASSERT( 149 mbedtls_cipher_set_iv( &invalid_ctx, 150 valid_buffer, 151 valid_size ) == 152 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 153 154 /* mbedtls_cipher_reset() */ 155 TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) == 156 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 157 158#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 159 /* mbedtls_cipher_update_ad() */ 160 TEST_ASSERT( 161 mbedtls_cipher_update_ad( &invalid_ctx, 162 valid_buffer, 163 valid_size ) == 164 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 165#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 166 167#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 168 /* mbedtls_cipher_set_padding_mode() */ 169 TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) == 170 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 171#endif 172 173 /* mbedtls_cipher_update() */ 174 TEST_ASSERT( 175 mbedtls_cipher_update( &invalid_ctx, 176 valid_buffer, 177 valid_size, 178 valid_buffer, 179 &size_t_var ) == 180 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 181 182 /* mbedtls_cipher_finish() */ 183 TEST_ASSERT( 184 mbedtls_cipher_finish( &invalid_ctx, 185 valid_buffer, 186 &size_t_var ) == 187 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 188 189#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 190 /* mbedtls_cipher_write_tag() */ 191 TEST_ASSERT( 192 mbedtls_cipher_write_tag( &invalid_ctx, 193 valid_buffer, 194 valid_size ) == 195 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 196 197 /* mbedtls_cipher_check_tag() */ 198 TEST_ASSERT( 199 mbedtls_cipher_check_tag( &invalid_ctx, 200 valid_buffer, 201 valid_size ) == 202 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 203#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 204 205exit: 206 mbedtls_cipher_free( &invalid_ctx ); 207 mbedtls_cipher_free( &valid_ctx ); 208} 209/* END_CASE */ 210 211/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ 212void cipher_invalid_param_conditional( ) 213{ 214 mbedtls_cipher_context_t valid_ctx; 215 216 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 217 mbedtls_operation_t invalid_operation = 100; 218 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 219 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 220 int valid_size = sizeof(valid_buffer); 221 int valid_bitlen = valid_size * 8; 222 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 223 *( mbedtls_cipher_list() ) ); 224 225 size_t size_t_var; 226 227 (void)valid_mode; /* In some configurations this is unused */ 228 229 /* mbedtls_cipher_init() */ 230 TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) ); 231 TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) ); 232 233 /* mbedtls_cipher_setup() */ 234 TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) ); 235 TEST_INVALID_PARAM_RET( 236 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 237 mbedtls_cipher_setup( NULL, valid_info ) ); 238 239 /* mbedtls_cipher_get_block_size() */ 240 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) ); 241 242 /* mbedtls_cipher_get_cipher_mode() */ 243 TEST_INVALID_PARAM_RET( 244 MBEDTLS_MODE_NONE, 245 mbedtls_cipher_get_cipher_mode( NULL ) ); 246 247 /* mbedtls_cipher_get_iv_size() */ 248 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) ); 249 250 /* mbedtls_cipher_get_type() */ 251 TEST_INVALID_PARAM_RET( 252 MBEDTLS_CIPHER_NONE, 253 mbedtls_cipher_get_type( NULL ) ); 254 255 /* mbedtls_cipher_get_name() */ 256 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) ); 257 258 /* mbedtls_cipher_get_key_bitlen() */ 259 TEST_INVALID_PARAM_RET( 260 MBEDTLS_KEY_LENGTH_NONE, 261 mbedtls_cipher_get_key_bitlen( NULL ) ); 262 263 /* mbedtls_cipher_get_operation() */ 264 TEST_INVALID_PARAM_RET( 265 MBEDTLS_OPERATION_NONE, 266 mbedtls_cipher_get_operation( NULL ) ); 267 268 /* mbedtls_cipher_setkey() */ 269 TEST_INVALID_PARAM_RET( 270 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 271 mbedtls_cipher_setkey( NULL, 272 valid_buffer, 273 valid_bitlen, 274 valid_operation ) ); 275 TEST_INVALID_PARAM_RET( 276 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 277 mbedtls_cipher_setkey( &valid_ctx, 278 NULL, 279 valid_bitlen, 280 valid_operation ) ); 281 TEST_INVALID_PARAM_RET( 282 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 283 mbedtls_cipher_setkey( &valid_ctx, 284 valid_buffer, 285 valid_bitlen, 286 invalid_operation ) ); 287 288 /* mbedtls_cipher_set_iv() */ 289 TEST_INVALID_PARAM_RET( 290 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 291 mbedtls_cipher_set_iv( NULL, 292 valid_buffer, 293 valid_size ) ); 294 TEST_INVALID_PARAM_RET( 295 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 296 mbedtls_cipher_set_iv( &valid_ctx, 297 NULL, 298 valid_size ) ); 299 300 /* mbedtls_cipher_reset() */ 301 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 302 mbedtls_cipher_reset( NULL ) ); 303 304#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 305 /* mbedtls_cipher_update_ad() */ 306 TEST_INVALID_PARAM_RET( 307 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 308 mbedtls_cipher_update_ad( NULL, 309 valid_buffer, 310 valid_size ) ); 311 TEST_INVALID_PARAM_RET( 312 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 313 mbedtls_cipher_update_ad( &valid_ctx, 314 NULL, 315 valid_size ) ); 316#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 317 318#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 319 /* mbedtls_cipher_set_padding_mode() */ 320 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 321 mbedtls_cipher_set_padding_mode( NULL, valid_mode ) ); 322#endif 323 324 /* mbedtls_cipher_update() */ 325 TEST_INVALID_PARAM_RET( 326 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 327 mbedtls_cipher_update( NULL, 328 valid_buffer, 329 valid_size, 330 valid_buffer, 331 &size_t_var ) ); 332 TEST_INVALID_PARAM_RET( 333 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 334 mbedtls_cipher_update( &valid_ctx, 335 NULL, valid_size, 336 valid_buffer, 337 &size_t_var ) ); 338 TEST_INVALID_PARAM_RET( 339 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 340 mbedtls_cipher_update( &valid_ctx, 341 valid_buffer, valid_size, 342 NULL, 343 &size_t_var ) ); 344 TEST_INVALID_PARAM_RET( 345 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 346 mbedtls_cipher_update( &valid_ctx, 347 valid_buffer, valid_size, 348 valid_buffer, 349 NULL ) ); 350 351 /* mbedtls_cipher_finish() */ 352 TEST_INVALID_PARAM_RET( 353 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 354 mbedtls_cipher_finish( NULL, 355 valid_buffer, 356 &size_t_var ) ); 357 TEST_INVALID_PARAM_RET( 358 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 359 mbedtls_cipher_finish( &valid_ctx, 360 NULL, 361 &size_t_var ) ); 362 TEST_INVALID_PARAM_RET( 363 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 364 mbedtls_cipher_finish( &valid_ctx, 365 valid_buffer, 366 NULL ) ); 367 368#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 369 /* mbedtls_cipher_write_tag() */ 370 TEST_INVALID_PARAM_RET( 371 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 372 mbedtls_cipher_write_tag( NULL, 373 valid_buffer, 374 valid_size ) ); 375 TEST_INVALID_PARAM_RET( 376 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 377 mbedtls_cipher_write_tag( &valid_ctx, 378 NULL, 379 valid_size ) ); 380 381 /* mbedtls_cipher_check_tag() */ 382 TEST_INVALID_PARAM_RET( 383 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 384 mbedtls_cipher_check_tag( NULL, 385 valid_buffer, 386 valid_size ) ); 387 TEST_INVALID_PARAM_RET( 388 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 389 mbedtls_cipher_check_tag( &valid_ctx, 390 NULL, 391 valid_size ) ); 392#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 393 394 /* mbedtls_cipher_crypt() */ 395 TEST_INVALID_PARAM_RET( 396 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 397 mbedtls_cipher_crypt( NULL, 398 valid_buffer, valid_size, 399 valid_buffer, valid_size, 400 valid_buffer, &size_t_var ) ); 401 TEST_INVALID_PARAM_RET( 402 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 403 mbedtls_cipher_crypt( &valid_ctx, 404 NULL, valid_size, 405 valid_buffer, valid_size, 406 valid_buffer, &size_t_var ) ); 407 TEST_INVALID_PARAM_RET( 408 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 409 mbedtls_cipher_crypt( &valid_ctx, 410 valid_buffer, valid_size, 411 NULL, valid_size, 412 valid_buffer, &size_t_var ) ); 413 TEST_INVALID_PARAM_RET( 414 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 415 mbedtls_cipher_crypt( &valid_ctx, 416 valid_buffer, valid_size, 417 valid_buffer, valid_size, 418 NULL, &size_t_var ) ); 419 TEST_INVALID_PARAM_RET( 420 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 421 mbedtls_cipher_crypt( &valid_ctx, 422 valid_buffer, valid_size, 423 valid_buffer, valid_size, 424 valid_buffer, NULL ) ); 425 426#if defined(MBEDTLS_CIPHER_MODE_AEAD) 427 /* mbedtls_cipher_auth_encrypt() */ 428 TEST_INVALID_PARAM_RET( 429 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 430 mbedtls_cipher_auth_encrypt( NULL, 431 valid_buffer, valid_size, 432 valid_buffer, valid_size, 433 valid_buffer, valid_size, 434 valid_buffer, &size_t_var, 435 valid_buffer, valid_size ) ); 436 TEST_INVALID_PARAM_RET( 437 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 438 mbedtls_cipher_auth_encrypt( &valid_ctx, 439 NULL, valid_size, 440 valid_buffer, valid_size, 441 valid_buffer, valid_size, 442 valid_buffer, &size_t_var, 443 valid_buffer, valid_size ) ); 444 TEST_INVALID_PARAM_RET( 445 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 446 mbedtls_cipher_auth_encrypt( &valid_ctx, 447 valid_buffer, valid_size, 448 NULL, valid_size, 449 valid_buffer, valid_size, 450 valid_buffer, &size_t_var, 451 valid_buffer, valid_size ) ); 452 TEST_INVALID_PARAM_RET( 453 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 454 mbedtls_cipher_auth_encrypt( &valid_ctx, 455 valid_buffer, valid_size, 456 valid_buffer, valid_size, 457 NULL, valid_size, 458 valid_buffer, &size_t_var, 459 valid_buffer, valid_size ) ); 460 TEST_INVALID_PARAM_RET( 461 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 462 mbedtls_cipher_auth_encrypt( &valid_ctx, 463 valid_buffer, valid_size, 464 valid_buffer, valid_size, 465 valid_buffer, valid_size, 466 NULL, &size_t_var, 467 valid_buffer, valid_size ) ); 468 TEST_INVALID_PARAM_RET( 469 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 470 mbedtls_cipher_auth_encrypt( &valid_ctx, 471 valid_buffer, valid_size, 472 valid_buffer, valid_size, 473 valid_buffer, valid_size, 474 valid_buffer, NULL, 475 valid_buffer, valid_size ) ); 476 TEST_INVALID_PARAM_RET( 477 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 478 mbedtls_cipher_auth_encrypt( &valid_ctx, 479 valid_buffer, valid_size, 480 valid_buffer, valid_size, 481 valid_buffer, valid_size, 482 valid_buffer, &size_t_var, 483 NULL, valid_size ) ); 484 485 /* mbedtls_cipher_auth_decrypt() */ 486 TEST_INVALID_PARAM_RET( 487 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 488 mbedtls_cipher_auth_decrypt( NULL, 489 valid_buffer, valid_size, 490 valid_buffer, valid_size, 491 valid_buffer, valid_size, 492 valid_buffer, &size_t_var, 493 valid_buffer, valid_size ) ); 494 TEST_INVALID_PARAM_RET( 495 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 496 mbedtls_cipher_auth_decrypt( &valid_ctx, 497 NULL, valid_size, 498 valid_buffer, valid_size, 499 valid_buffer, valid_size, 500 valid_buffer, &size_t_var, 501 valid_buffer, valid_size ) ); 502 TEST_INVALID_PARAM_RET( 503 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 504 mbedtls_cipher_auth_decrypt( &valid_ctx, 505 valid_buffer, valid_size, 506 NULL, valid_size, 507 valid_buffer, valid_size, 508 valid_buffer, &size_t_var, 509 valid_buffer, valid_size ) ); 510 TEST_INVALID_PARAM_RET( 511 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 512 mbedtls_cipher_auth_decrypt( &valid_ctx, 513 valid_buffer, valid_size, 514 valid_buffer, valid_size, 515 NULL, valid_size, 516 valid_buffer, &size_t_var, 517 valid_buffer, valid_size ) ); 518 TEST_INVALID_PARAM_RET( 519 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 520 mbedtls_cipher_auth_decrypt( &valid_ctx, 521 valid_buffer, valid_size, 522 valid_buffer, valid_size, 523 valid_buffer, valid_size, 524 NULL, &size_t_var, 525 valid_buffer, valid_size ) ); 526 TEST_INVALID_PARAM_RET( 527 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 528 mbedtls_cipher_auth_decrypt( &valid_ctx, 529 valid_buffer, valid_size, 530 valid_buffer, valid_size, 531 valid_buffer, valid_size, 532 valid_buffer, NULL, 533 valid_buffer, valid_size ) ); 534 TEST_INVALID_PARAM_RET( 535 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 536 mbedtls_cipher_auth_decrypt( &valid_ctx, 537 valid_buffer, valid_size, 538 valid_buffer, valid_size, 539 valid_buffer, valid_size, 540 valid_buffer, &size_t_var, 541 NULL, valid_size ) ); 542#endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */ 543 544#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 545 /* mbedtls_cipher_auth_encrypt_ext */ 546 TEST_INVALID_PARAM_RET( 547 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 548 mbedtls_cipher_auth_encrypt_ext( NULL, 549 valid_buffer, valid_size, 550 valid_buffer, valid_size, 551 valid_buffer, valid_size, 552 valid_buffer, valid_size, &size_t_var, 553 valid_size ) ); 554 TEST_INVALID_PARAM_RET( 555 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 556 mbedtls_cipher_auth_encrypt_ext( &valid_ctx, 557 NULL, valid_size, 558 valid_buffer, valid_size, 559 valid_buffer, valid_size, 560 valid_buffer, valid_size, &size_t_var, 561 valid_size ) ); 562 TEST_INVALID_PARAM_RET( 563 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 564 mbedtls_cipher_auth_encrypt_ext( &valid_ctx, 565 valid_buffer, valid_size, 566 NULL, valid_size, 567 valid_buffer, valid_size, 568 valid_buffer, valid_size, &size_t_var, 569 valid_size ) ); 570 TEST_INVALID_PARAM_RET( 571 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 572 mbedtls_cipher_auth_encrypt_ext( &valid_ctx, 573 valid_buffer, valid_size, 574 valid_buffer, valid_size, 575 NULL, valid_size, 576 valid_buffer, valid_size, &size_t_var, 577 valid_size ) ); 578 TEST_INVALID_PARAM_RET( 579 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 580 mbedtls_cipher_auth_encrypt_ext( &valid_ctx, 581 valid_buffer, valid_size, 582 valid_buffer, valid_size, 583 valid_buffer, valid_size, 584 NULL, valid_size, &size_t_var, 585 valid_size ) ); 586 TEST_INVALID_PARAM_RET( 587 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 588 mbedtls_cipher_auth_encrypt_ext( &valid_ctx, 589 valid_buffer, valid_size, 590 valid_buffer, valid_size, 591 valid_buffer, valid_size, 592 valid_buffer, valid_size, NULL, 593 valid_size ) ); 594 595 /* mbedtls_cipher_auth_decrypt_ext */ 596 TEST_INVALID_PARAM_RET( 597 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 598 mbedtls_cipher_auth_decrypt_ext( NULL, 599 valid_buffer, valid_size, 600 valid_buffer, valid_size, 601 valid_buffer, valid_size, 602 valid_buffer, valid_size, &size_t_var, 603 valid_size ) ); 604 TEST_INVALID_PARAM_RET( 605 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 606 mbedtls_cipher_auth_decrypt_ext( &valid_ctx, 607 NULL, valid_size, 608 valid_buffer, valid_size, 609 valid_buffer, valid_size, 610 valid_buffer, valid_size, &size_t_var, 611 valid_size ) ); 612 TEST_INVALID_PARAM_RET( 613 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 614 mbedtls_cipher_auth_decrypt_ext( &valid_ctx, 615 valid_buffer, valid_size, 616 NULL, valid_size, 617 valid_buffer, valid_size, 618 valid_buffer, valid_size, &size_t_var, 619 valid_size ) ); 620 TEST_INVALID_PARAM_RET( 621 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 622 mbedtls_cipher_auth_decrypt_ext( &valid_ctx, 623 valid_buffer, valid_size, 624 valid_buffer, valid_size, 625 NULL, valid_size, 626 valid_buffer, valid_size, &size_t_var, 627 valid_size ) ); 628 TEST_INVALID_PARAM_RET( 629 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 630 mbedtls_cipher_auth_decrypt_ext( &valid_ctx, 631 valid_buffer, valid_size, 632 valid_buffer, valid_size, 633 valid_buffer, valid_size, 634 NULL, valid_size, &size_t_var, 635 valid_size ) ); 636 TEST_INVALID_PARAM_RET( 637 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 638 mbedtls_cipher_auth_decrypt_ext( &valid_ctx, 639 valid_buffer, valid_size, 640 valid_buffer, valid_size, 641 valid_buffer, valid_size, 642 valid_buffer, valid_size, NULL, 643 valid_size ) ); 644#endif /* MBEDTLS_CIPHER_MODE_AEAD || MBEDTLS_NIST_KW_C */ 645 646 /* mbedtls_cipher_free() */ 647 TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) ); 648exit: 649 TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) ); 650} 651/* END_CASE */ 652 653/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 654void cipher_special_behaviours( ) 655{ 656 const mbedtls_cipher_info_t *cipher_info; 657 mbedtls_cipher_context_t ctx; 658 unsigned char input[32]; 659 unsigned char output[32]; 660#if defined (MBEDTLS_CIPHER_MODE_CBC) 661 unsigned char iv[32]; 662#endif 663 size_t olen = 0; 664 665 mbedtls_cipher_init( &ctx ); 666 memset( input, 0, sizeof( input ) ); 667 memset( output, 0, sizeof( output ) ); 668#if defined(MBEDTLS_CIPHER_MODE_CBC) 669 memset( iv, 0, sizeof( iv ) ); 670 671 /* Check and get info structures */ 672 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC ); 673 TEST_ASSERT( NULL != cipher_info ); 674 675 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 676 677 /* IV too big */ 678 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 ) 679 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); 680 681 /* IV too small */ 682 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 ) 683 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 684 685 mbedtls_cipher_free( &ctx ); 686 mbedtls_cipher_init( &ctx ); 687#endif /* MBEDTLS_CIPHER_MODE_CBC */ 688 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB ); 689 TEST_ASSERT( NULL != cipher_info ); 690 691 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 692 693 /* Update ECB with partial block */ 694 TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen ) 695 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED ); 696 697exit: 698 mbedtls_cipher_free( &ctx ); 699} 700/* END_CASE */ 701 702/* BEGIN_CASE */ 703void enc_dec_buf( int cipher_id, char * cipher_string, int key_len, 704 int length_val, int pad_mode ) 705{ 706 size_t length = length_val, outlen, total_len, i, block_size; 707 unsigned char key[64]; 708 unsigned char iv[16]; 709 unsigned char ad[13]; 710 unsigned char tag[16]; 711 unsigned char inbuf[64]; 712 unsigned char encbuf[64]; 713 unsigned char decbuf[64]; 714 715 const mbedtls_cipher_info_t *cipher_info; 716 mbedtls_cipher_context_t ctx_dec; 717 mbedtls_cipher_context_t ctx_enc; 718 719 /* 720 * Prepare contexts 721 */ 722 mbedtls_cipher_init( &ctx_dec ); 723 mbedtls_cipher_init( &ctx_enc ); 724 725 memset( key, 0x2a, sizeof( key ) ); 726 727 /* Check and get info structures */ 728 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 729 TEST_ASSERT( NULL != cipher_info ); 730 TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info ); 731 732 /* Initialise enc and dec contexts */ 733 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 734 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); 735 736 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); 737 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); 738 739#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 740 if( -1 != pad_mode ) 741 { 742 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); 743 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); 744 } 745#else 746 (void) pad_mode; 747#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 748 749 /* 750 * Do a few encode/decode cycles 751 */ 752 for( i = 0; i < 3; i++ ) 753 { 754 memset( iv , 0x00 + i, sizeof( iv ) ); 755 memset( ad, 0x10 + i, sizeof( ad ) ); 756 memset( inbuf, 0x20 + i, sizeof( inbuf ) ); 757 758 memset( encbuf, 0, sizeof( encbuf ) ); 759 memset( decbuf, 0, sizeof( decbuf ) ); 760 memset( tag, 0, sizeof( tag ) ); 761 762 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) ); 763 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) ); 764 765 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 766 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); 767 768#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 769 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) ); 770 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) ); 771#endif 772 773 block_size = mbedtls_cipher_get_block_size( &ctx_enc ); 774 TEST_ASSERT( block_size != 0 ); 775 776 /* encode length number of bytes from inbuf */ 777 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) ); 778 total_len = outlen; 779 780 TEST_ASSERT( total_len == length || 781 ( total_len % block_size == 0 && 782 total_len < length && 783 total_len + block_size > length ) ); 784 785 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) ); 786 total_len += outlen; 787 788#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 789 TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) ); 790#endif 791 792 TEST_ASSERT( total_len == length || 793 ( total_len % block_size == 0 && 794 total_len > length && 795 total_len <= length + block_size ) ); 796 797 /* decode the previously encoded string */ 798 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, total_len, decbuf, &outlen ) ); 799 total_len = outlen; 800 801 TEST_ASSERT( total_len == length || 802 ( total_len % block_size == 0 && 803 total_len < length && 804 total_len + block_size >= length ) ); 805 806 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) ); 807 total_len += outlen; 808 809#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 810 TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) ); 811#endif 812 813 /* check result */ 814 TEST_ASSERT( total_len == length ); 815 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) ); 816 } 817 818 /* 819 * Done 820 */ 821exit: 822 mbedtls_cipher_free( &ctx_dec ); 823 mbedtls_cipher_free( &ctx_enc ); 824} 825/* END_CASE */ 826 827/* BEGIN_CASE */ 828void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val, 829 int ret ) 830{ 831 size_t length = length_val; 832 unsigned char key[32]; 833 unsigned char iv[16]; 834 835 const mbedtls_cipher_info_t *cipher_info; 836 mbedtls_cipher_context_t ctx; 837 838 unsigned char inbuf[64]; 839 unsigned char encbuf[64]; 840 841 size_t outlen = 0; 842 843 memset( key, 0, 32 ); 844 memset( iv , 0, 16 ); 845 846 mbedtls_cipher_init( &ctx ); 847 848 memset( inbuf, 5, 64 ); 849 memset( encbuf, 0, 64 ); 850 851 /* Check and get info structures */ 852 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 853 TEST_ASSERT( NULL != cipher_info ); 854 855 /* Initialise context */ 856 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 857 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, key_len, MBEDTLS_ENCRYPT ) ); 858#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 859 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 860#else 861 (void) pad_mode; 862#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 863 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) ); 864 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); 865#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 866 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) ); 867#endif 868 869 /* encode length number of bytes from inbuf */ 870 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, inbuf, length, encbuf, &outlen ) ); 871 TEST_ASSERT( ret == mbedtls_cipher_finish( &ctx, encbuf + outlen, &outlen ) ); 872 873 /* done */ 874exit: 875 mbedtls_cipher_free( &ctx ); 876} 877/* END_CASE */ 878 879/* BEGIN_CASE */ 880void dec_empty_buf( int cipher, 881 int expected_update_ret, 882 int expected_finish_ret ) 883{ 884 unsigned char key[32]; 885 unsigned char iv[16]; 886 887 mbedtls_cipher_context_t ctx_dec; 888 const mbedtls_cipher_info_t *cipher_info; 889 890 unsigned char encbuf[64]; 891 unsigned char decbuf[64]; 892 893 size_t outlen = 0; 894 895 memset( key, 0, 32 ); 896 memset( iv , 0, 16 ); 897 898 mbedtls_cipher_init( &ctx_dec ); 899 900 memset( encbuf, 0, 64 ); 901 memset( decbuf, 0, 64 ); 902 903 /* Initialise context */ 904 cipher_info = mbedtls_cipher_info_from_type( cipher ); 905 TEST_ASSERT( NULL != cipher_info); 906 TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen ); 907 908 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 909 910 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, 911 key, cipher_info->key_bitlen, 912 MBEDTLS_DECRYPT ) ); 913 914 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); 915 916 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 917 918#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 919 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); 920#endif 921 922 /* decode 0-byte string */ 923 TEST_ASSERT( expected_update_ret == 924 mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) ); 925 TEST_ASSERT( 0 == outlen ); 926 927 if ( expected_finish_ret == 0 && 928 ( cipher_info->mode == MBEDTLS_MODE_CBC || 929 cipher_info->mode == MBEDTLS_MODE_ECB ) ) 930 { 931 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 932 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 933 * decrypting an empty buffer. 934 * On the other hand, CBC and ECB ciphers need a full block of input. 935 */ 936 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 937 } 938 939 TEST_ASSERT( expected_finish_ret == mbedtls_cipher_finish( 940 &ctx_dec, decbuf + outlen, &outlen ) ); 941 TEST_ASSERT( 0 == outlen ); 942 943exit: 944 mbedtls_cipher_free( &ctx_dec ); 945} 946/* END_CASE */ 947 948/* BEGIN_CASE */ 949void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val, 950 int second_length_val, int pad_mode, 951 int first_encrypt_output_len, int second_encrypt_output_len, 952 int first_decrypt_output_len, int second_decrypt_output_len ) 953{ 954 size_t first_length = first_length_val; 955 size_t second_length = second_length_val; 956 size_t length = first_length + second_length; 957 size_t block_size; 958 unsigned char key[32]; 959 unsigned char iv[16]; 960 961 mbedtls_cipher_context_t ctx_dec; 962 mbedtls_cipher_context_t ctx_enc; 963 const mbedtls_cipher_info_t *cipher_info; 964 965 unsigned char inbuf[64]; 966 unsigned char encbuf[64]; 967 unsigned char decbuf[64]; 968 969 size_t outlen = 0; 970 size_t totaloutlen = 0; 971 972 memset( key, 0, 32 ); 973 memset( iv , 0, 16 ); 974 975 mbedtls_cipher_init( &ctx_dec ); 976 mbedtls_cipher_init( &ctx_enc ); 977 978 memset( inbuf, 5, 64 ); 979 memset( encbuf, 0, 64 ); 980 memset( decbuf, 0, 64 ); 981 982 /* Initialise enc and dec contexts */ 983 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 984 TEST_ASSERT( NULL != cipher_info); 985 986 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) ); 987 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) ); 988 989 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) ); 990 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) ); 991 992#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 993 if( -1 != pad_mode ) 994 { 995 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) ); 996 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) ); 997 } 998#else 999 (void) pad_mode; 1000#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1001 1002 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) ); 1003 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) ); 1004 1005 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) ); 1006 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) ); 1007 1008#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 1009 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) ); 1010 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) ); 1011#endif 1012 1013 block_size = mbedtls_cipher_get_block_size( &ctx_enc ); 1014 TEST_ASSERT( block_size != 0 ); 1015 1016 /* encode length number of bytes from inbuf */ 1017 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) ); 1018 TEST_ASSERT( (size_t)first_encrypt_output_len == outlen ); 1019 totaloutlen = outlen; 1020 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) ); 1021 TEST_ASSERT( (size_t)second_encrypt_output_len == outlen ); 1022 totaloutlen += outlen; 1023 TEST_ASSERT( totaloutlen == length || 1024 ( totaloutlen % block_size == 0 && 1025 totaloutlen < length && 1026 totaloutlen + block_size > length ) ); 1027 1028 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + totaloutlen, &outlen ) ); 1029 totaloutlen += outlen; 1030 TEST_ASSERT( totaloutlen == length || 1031 ( totaloutlen % block_size == 0 && 1032 totaloutlen > length && 1033 totaloutlen <= length + block_size ) ); 1034 1035 /* decode the previously encoded string */ 1036 second_length = totaloutlen - first_length; 1037 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) ); 1038 TEST_ASSERT( (size_t)first_decrypt_output_len == outlen ); 1039 totaloutlen = outlen; 1040 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) ); 1041 TEST_ASSERT( (size_t)second_decrypt_output_len == outlen ); 1042 totaloutlen += outlen; 1043 1044 TEST_ASSERT( totaloutlen == length || 1045 ( totaloutlen % block_size == 0 && 1046 totaloutlen < length && 1047 totaloutlen + block_size >= length ) ); 1048 1049 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) ); 1050 totaloutlen += outlen; 1051 1052 TEST_ASSERT( totaloutlen == length ); 1053 1054 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) ); 1055 1056exit: 1057 mbedtls_cipher_free( &ctx_dec ); 1058 mbedtls_cipher_free( &ctx_enc ); 1059} 1060/* END_CASE */ 1061 1062/* BEGIN_CASE */ 1063void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key, 1064 data_t * iv, data_t * cipher, 1065 data_t * clear, data_t * ad, data_t * tag, 1066 int finish_result, int tag_result ) 1067{ 1068 unsigned char output[265]; 1069 mbedtls_cipher_context_t ctx; 1070 size_t outlen, total_len; 1071 1072 mbedtls_cipher_init( &ctx ); 1073 1074 memset( output, 0x00, sizeof( output ) ); 1075 1076#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 1077 ((void) ad); 1078 ((void) tag); 1079#endif 1080 1081 /* Prepare context */ 1082 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 1083 mbedtls_cipher_info_from_type( cipher_id ) ) ); 1084 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) ); 1085#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 1086 if( pad_mode != -1 ) 1087 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 1088#else 1089 (void) pad_mode; 1090#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1091 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) ); 1092 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) ); 1093#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 1094 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) ); 1095#endif 1096 1097 /* decode buffer and check tag->x */ 1098 total_len = 0; 1099 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) ); 1100 total_len += outlen; 1101 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen, 1102 &outlen ) ); 1103 total_len += outlen; 1104#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 1105 TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) ); 1106#endif 1107 1108 /* check plaintext only if everything went fine */ 1109 if( 0 == finish_result && 0 == tag_result ) 1110 { 1111 TEST_ASSERT( total_len == clear->len ); 1112 TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) ); 1113 } 1114 1115exit: 1116 mbedtls_cipher_free( &ctx ); 1117} 1118/* END_CASE */ 1119 1120/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ 1121void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv, 1122 data_t * ad, data_t * cipher, data_t * tag, 1123 char * result, data_t * clear, int use_psa ) 1124{ 1125 /* 1126 * Take an AEAD ciphertext + tag and perform a pair 1127 * of AEAD decryption and AEAD encryption. Check that 1128 * this results in the expected plaintext, and that 1129 * decryption and encryption are inverse to one another. 1130 * 1131 * Do that twice: 1132 * - once with legacy functions auth_decrypt/auth_encrypt 1133 * - once with new functions auth_decrypt_ext/auth_encrypt_ext 1134 * This allows testing both without duplicating test cases. 1135 */ 1136 1137 int ret; 1138 int using_nist_kw, using_nist_kw_padding; 1139 1140 mbedtls_cipher_context_t ctx; 1141 size_t outlen; 1142 1143 unsigned char *cipher_plus_tag = NULL; 1144 size_t cipher_plus_tag_len; 1145 unsigned char *decrypt_buf = NULL; 1146 size_t decrypt_buf_len = 0; 1147 unsigned char *encrypt_buf = NULL; 1148 size_t encrypt_buf_len = 0; 1149 1150#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ 1151 !defined(MBEDTLS_DEPRECATED_REMOVED) 1152 unsigned char *tmp_tag = NULL; 1153 unsigned char *tmp_cipher = NULL; 1154 unsigned char *tag_buf = NULL; 1155#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ 1156 1157 /* Null pointers are documented as valid for inputs of length 0. 1158 * The test framework passes non-null pointers, so set them to NULL. 1159 * key, cipher and tag can't be empty. */ 1160 if( iv->len == 0 ) 1161 iv->x = NULL; 1162 if( ad->len == 0 ) 1163 ad->x = NULL; 1164 if( clear->len == 0 ) 1165 clear->x = NULL; 1166 1167 mbedtls_cipher_init( &ctx ); 1168 1169 /* Initialize PSA Crypto */ 1170#if defined(MBEDTLS_USE_PSA_CRYPTO) 1171 if( use_psa == 1 ) 1172 PSA_ASSERT( psa_crypto_init( ) ); 1173#else 1174 (void) use_psa; 1175#endif 1176 1177 /* 1178 * Are we using NIST_KW? with padding? 1179 */ 1180 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 1181 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 1182 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 1183 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 1184 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 1185 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 1186 using_nist_kw_padding; 1187 1188 /**************************************************************** 1189 * * 1190 * Part 1: non-deprecated API * 1191 * * 1192 ****************************************************************/ 1193 1194 /* 1195 * Prepare context for decryption 1196 */ 1197 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 1198 MBEDTLS_DECRYPT ) ) 1199 goto exit; 1200 1201 /* 1202 * prepare buffer for decryption 1203 * (we need the tag appended to the ciphertext) 1204 */ 1205 cipher_plus_tag_len = cipher->len + tag->len; 1206 ASSERT_ALLOC( cipher_plus_tag, cipher_plus_tag_len ); 1207 memcpy( cipher_plus_tag, cipher->x, cipher->len ); 1208 memcpy( cipher_plus_tag + cipher->len, tag->x, tag->len ); 1209 1210 /* 1211 * Compute length of output buffer according to the documentation 1212 */ 1213 if( using_nist_kw ) 1214 decrypt_buf_len = cipher_plus_tag_len - 8; 1215 else 1216 decrypt_buf_len = cipher_plus_tag_len - tag->len; 1217 1218 1219 /* 1220 * Try decrypting to a buffer that's 1B too small 1221 */ 1222 if( decrypt_buf_len != 0 ) 1223 { 1224 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len - 1 ); 1225 1226 outlen = 0; 1227 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len, 1228 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 1229 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len ); 1230 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA ); 1231 1232 mbedtls_free( decrypt_buf ); 1233 decrypt_buf = NULL; 1234 } 1235 1236 /* 1237 * Authenticate and decrypt, and check result 1238 */ 1239 ASSERT_ALLOC( decrypt_buf, decrypt_buf_len ); 1240 1241 outlen = 0; 1242 ret = mbedtls_cipher_auth_decrypt_ext( &ctx, iv->x, iv->len, 1243 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 1244 decrypt_buf, decrypt_buf_len, &outlen, tag->len ); 1245 1246 if( strcmp( result, "FAIL" ) == 0 ) 1247 { 1248 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ); 1249 TEST_ASSERT( buffer_is_all_zero( decrypt_buf, decrypt_buf_len ) ); 1250 } 1251 else 1252 { 1253 TEST_ASSERT( ret == 0 ); 1254 ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len ); 1255 } 1256 1257 /* Free this, but keep cipher_plus_tag for deprecated function with PSA */ 1258 mbedtls_free( decrypt_buf ); 1259 decrypt_buf = NULL; 1260 1261 /* 1262 * Encrypt back if test data was authentic 1263 */ 1264 if( strcmp( result, "FAIL" ) != 0 ) 1265 { 1266 /* prepare context for encryption */ 1267 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 1268 MBEDTLS_ENCRYPT ) ) 1269 goto exit; 1270 1271 /* 1272 * Compute size of output buffer according to documentation 1273 */ 1274 if( using_nist_kw ) 1275 { 1276 encrypt_buf_len = clear->len + 8; 1277 if( using_nist_kw_padding && encrypt_buf_len % 8 != 0 ) 1278 encrypt_buf_len += 8 - encrypt_buf_len % 8; 1279 } 1280 else 1281 { 1282 encrypt_buf_len = clear->len + tag->len; 1283 } 1284 1285 /* 1286 * Try encrypting with an output buffer that's 1B too small 1287 */ 1288 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len - 1 ); 1289 1290 outlen = 0; 1291 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len, 1292 ad->x, ad->len, clear->x, clear->len, 1293 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len ); 1294 TEST_ASSERT( ret != 0 ); 1295 1296 mbedtls_free( encrypt_buf ); 1297 encrypt_buf = NULL; 1298 1299 /* 1300 * Encrypt and check the result 1301 */ 1302 ASSERT_ALLOC( encrypt_buf, encrypt_buf_len ); 1303 1304 outlen = 0; 1305 ret = mbedtls_cipher_auth_encrypt_ext( &ctx, iv->x, iv->len, 1306 ad->x, ad->len, clear->x, clear->len, 1307 encrypt_buf, encrypt_buf_len, &outlen, tag->len ); 1308 TEST_ASSERT( ret == 0 ); 1309 1310 TEST_ASSERT( outlen == cipher->len + tag->len ); 1311 TEST_ASSERT( memcmp( encrypt_buf, cipher->x, cipher->len ) == 0 ); 1312 TEST_ASSERT( memcmp( encrypt_buf + cipher->len, 1313 tag->x, tag->len ) == 0 ); 1314 1315 mbedtls_free( encrypt_buf ); 1316 encrypt_buf = NULL; 1317 } 1318 1319 /**************************************************************** 1320 * * 1321 * Part 2: deprecated API * 1322 * * 1323 ****************************************************************/ 1324 1325#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ 1326 !defined(MBEDTLS_DEPRECATED_REMOVED) 1327 1328 /* 1329 * Prepare context for decryption 1330 */ 1331 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 1332 MBEDTLS_DECRYPT ) ) 1333 goto exit; 1334 1335 /* 1336 * Prepare pointers for decryption 1337 */ 1338#if defined(MBEDTLS_USE_PSA_CRYPTO) 1339 if( use_psa == 1 ) 1340 { 1341 /* PSA requires that the tag immediately follows the ciphertext. 1342 * Fortunately, we already have that from testing the new API. */ 1343 tmp_cipher = cipher_plus_tag; 1344 tmp_tag = tmp_cipher + cipher->len; 1345 } 1346 else 1347#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1348 { 1349 tmp_cipher = cipher->x; 1350 tmp_tag = tag->x; 1351 } 1352 1353 /* 1354 * Authenticate and decrypt, and check result 1355 */ 1356 1357 ASSERT_ALLOC( decrypt_buf, cipher->len ); 1358 outlen = 0; 1359 ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len, 1360 tmp_cipher, cipher->len, decrypt_buf, &outlen, 1361 tmp_tag, tag->len ); 1362 1363 if( using_nist_kw ) 1364 { 1365 /* NIST_KW with legacy API */ 1366 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); 1367 } 1368 else if( strcmp( result, "FAIL" ) == 0 ) 1369 { 1370 /* unauthentic message */ 1371 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED ); 1372 TEST_ASSERT( buffer_is_all_zero( decrypt_buf, cipher->len ) ); 1373 } 1374 else 1375 { 1376 /* authentic message: is the plaintext correct? */ 1377 TEST_ASSERT( ret == 0 ); 1378 ASSERT_COMPARE( decrypt_buf, outlen, clear->x, clear->len ); 1379 } 1380 1381 mbedtls_free( decrypt_buf ); 1382 decrypt_buf = NULL; 1383 mbedtls_free( cipher_plus_tag ); 1384 cipher_plus_tag = NULL; 1385 1386 /* 1387 * Encrypt back if test data was authentic 1388 */ 1389 if( strcmp( result, "FAIL" ) != 0 ) 1390 { 1391 /* prepare context for encryption */ 1392 if( ! cipher_reset_key( &ctx, cipher_id, use_psa, tag->len, key, 1393 MBEDTLS_ENCRYPT ) ) 1394 goto exit; 1395 1396 /* prepare buffers for encryption */ 1397#if defined(MBEDTLS_USE_PSA_CRYPTO) 1398 if( use_psa ) 1399 { 1400 ASSERT_ALLOC( cipher_plus_tag, cipher->len + tag->len ); 1401 tmp_cipher = cipher_plus_tag; 1402 tmp_tag = cipher_plus_tag + cipher->len; 1403 } 1404 else 1405#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1406 { 1407 ASSERT_ALLOC( encrypt_buf, cipher->len ); 1408 ASSERT_ALLOC( tag_buf, tag->len ); 1409 tmp_cipher = encrypt_buf; 1410 tmp_tag = tag_buf; 1411 } 1412 1413 /* 1414 * Encrypt and check the result 1415 */ 1416 outlen = 0; 1417 ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len, 1418 clear->x, clear->len, tmp_cipher, &outlen, 1419 tmp_tag, tag->len ); 1420 1421 if( using_nist_kw ) 1422 { 1423 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE ); 1424 } 1425 else 1426 { 1427 TEST_ASSERT( ret == 0 ); 1428 1429 TEST_ASSERT( outlen == cipher->len ); 1430 if( cipher->len != 0 ) 1431 TEST_ASSERT( memcmp( tmp_cipher, cipher->x, cipher->len ) == 0 ); 1432 TEST_ASSERT( memcmp( tmp_tag, tag->x, tag->len ) == 0 ); 1433 } 1434 } 1435 1436#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ 1437 1438exit: 1439 1440 mbedtls_cipher_free( &ctx ); 1441 mbedtls_free( decrypt_buf ); 1442 mbedtls_free( encrypt_buf ); 1443 mbedtls_free( cipher_plus_tag ); 1444#if !defined(MBEDTLS_DEPRECATED_WARNING) && \ 1445 !defined(MBEDTLS_DEPRECATED_REMOVED) 1446 mbedtls_free( tag_buf ); 1447#endif /* !MBEDTLS_DEPRECATED_WARNING && !MBEDTLS_DEPRECATED_REMOVED */ 1448 1449#if defined(MBEDTLS_USE_PSA_CRYPTO) 1450 if( use_psa == 1 ) 1451 PSA_DONE( ); 1452#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1453} 1454/* END_CASE */ 1455 1456/* BEGIN_CASE */ 1457void test_vec_ecb( int cipher_id, int operation, data_t * key, 1458 data_t * input, data_t * result, int finish_result 1459 ) 1460{ 1461 mbedtls_cipher_context_t ctx; 1462 unsigned char output[32]; 1463 size_t outlen; 1464 1465 mbedtls_cipher_init( &ctx ); 1466 1467 memset( output, 0x00, sizeof( output ) ); 1468 1469 /* Prepare context */ 1470 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 1471 mbedtls_cipher_info_from_type( cipher_id ) ) ); 1472 1473 1474 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); 1475 1476 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x, 1477 mbedtls_cipher_get_block_size( &ctx ), 1478 output, &outlen ) ); 1479 TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) ); 1480 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen, 1481 &outlen ) ); 1482 TEST_ASSERT( 0 == outlen ); 1483 1484 /* check plaintext only if everything went fine */ 1485 if( 0 == finish_result ) 1486 TEST_ASSERT( 0 == memcmp( output, result->x, 1487 mbedtls_cipher_get_block_size( &ctx ) ) ); 1488 1489exit: 1490 mbedtls_cipher_free( &ctx ); 1491} 1492/* END_CASE */ 1493 1494/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1495void test_vec_crypt( int cipher_id, int operation, data_t *key, 1496 data_t *iv, data_t *input, data_t *result, 1497 int finish_result, int use_psa ) 1498{ 1499 mbedtls_cipher_context_t ctx; 1500 unsigned char output[32]; 1501 size_t outlen; 1502 1503 mbedtls_cipher_init( &ctx ); 1504 1505 memset( output, 0x00, sizeof( output ) ); 1506 1507 /* Prepare context */ 1508#if !defined(MBEDTLS_USE_PSA_CRYPTO) 1509 (void) use_psa; 1510#else 1511 if( use_psa == 1 ) 1512 { 1513 PSA_ASSERT( psa_crypto_init( ) ); 1514 TEST_ASSERT( 0 == mbedtls_cipher_setup_psa( &ctx, 1515 mbedtls_cipher_info_from_type( cipher_id ), 0 ) ); 1516 } 1517 else 1518#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1519 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, 1520 mbedtls_cipher_info_from_type( cipher_id ) ) ); 1521 1522 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) ); 1523 if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode ) 1524 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) ); 1525 1526 TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv->len ? iv->x : NULL, 1527 iv->len, input->x, input->len, 1528 output, &outlen ) ); 1529 TEST_ASSERT( result->len == outlen ); 1530 /* check plaintext only if everything went fine */ 1531 if( 0 == finish_result ) 1532 TEST_ASSERT( 0 == memcmp( output, result->x, outlen ) ); 1533 1534exit: 1535 mbedtls_cipher_free( &ctx ); 1536#if defined(MBEDTLS_USE_PSA_CRYPTO) 1537 PSA_DONE( ); 1538#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1539} 1540/* END_CASE */ 1541 1542/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1543void set_padding( int cipher_id, int pad_mode, int ret ) 1544{ 1545 const mbedtls_cipher_info_t *cipher_info; 1546 mbedtls_cipher_context_t ctx; 1547 1548 mbedtls_cipher_init( &ctx ); 1549 1550 cipher_info = mbedtls_cipher_info_from_type( cipher_id ); 1551 TEST_ASSERT( NULL != cipher_info ); 1552 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) ); 1553 1554 TEST_ASSERT( ret == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 1555 1556exit: 1557 mbedtls_cipher_free( &ctx ); 1558} 1559/* END_CASE */ 1560 1561/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1562void check_padding( int pad_mode, data_t * input, int ret, int dlen_check 1563 ) 1564{ 1565 mbedtls_cipher_info_t cipher_info; 1566 mbedtls_cipher_context_t ctx; 1567 size_t dlen; 1568 1569 /* build a fake context just for getting access to get_padding */ 1570 mbedtls_cipher_init( &ctx ); 1571 cipher_info.mode = MBEDTLS_MODE_CBC; 1572 ctx.cipher_info = &cipher_info; 1573 1574 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) ); 1575 1576 1577 TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) ); 1578 if( 0 == ret ) 1579 TEST_ASSERT( dlen == (size_t) dlen_check ); 1580} 1581/* END_CASE */ 1582
