1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3#include "mbedtls/aes.h" 4 5#if defined(MBEDTLS_GCM_C) 6#include "mbedtls/gcm.h" 7#endif 8 9#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C) 10#define MBEDTLS_CIPHER_AUTH_CRYPT 11#endif 12 13/* Check the internal consistency of a cipher info structure, and 14 * check it against mbedtls_cipher_info_from_xxx(). */ 15static int check_cipher_info(mbedtls_cipher_type_t type, 16 const mbedtls_cipher_info_t *info) 17{ 18 size_t key_bitlen, block_size, iv_size; 19 20 TEST_ASSERT(info != NULL); 21 TEST_EQUAL(type, mbedtls_cipher_info_get_type(info)); 22 TEST_EQUAL(type, info->type); 23 TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info); 24 25 TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info)); 26 27 /* Insist that get_name() return the string from the structure and 28 * not a copy. A copy would have an unknown storage duration. */ 29 TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name); 30 TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info); 31 32 key_bitlen = mbedtls_cipher_info_get_key_bitlen(info); 33 block_size = mbedtls_cipher_info_get_block_size(info); 34 iv_size = mbedtls_cipher_info_get_iv_size(info); 35 if (info->type == MBEDTLS_CIPHER_NULL) { 36 TEST_ASSERT(key_bitlen == 0); 37 TEST_ASSERT(block_size == 1); 38 TEST_ASSERT(iv_size == 0); 39 } else if (info->mode == MBEDTLS_MODE_XTS) { 40 TEST_ASSERT(key_bitlen == 256 || 41 key_bitlen == 384 || 42 key_bitlen == 512); 43 } else if (!strncmp(info->name, "DES-EDE3-", 9)) { 44 TEST_ASSERT(key_bitlen == 192); 45 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 46 TEST_ASSERT(block_size == 8); 47 } else if (!strncmp(info->name, "DES-EDE-", 8)) { 48 TEST_ASSERT(key_bitlen == 128); 49 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 50 TEST_ASSERT(block_size == 8); 51 } else if (!strncmp(info->name, "DES-", 4)) { 52 TEST_ASSERT(key_bitlen == 64); 53 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 54 TEST_ASSERT(block_size == 8); 55 } else if (!strncmp(info->name, "AES", 3)) { 56 TEST_ASSERT(key_bitlen == 128 || 57 key_bitlen == 192 || 58 key_bitlen == 256); 59 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 60 TEST_ASSERT(block_size == 16); 61 } else { 62 TEST_ASSERT(key_bitlen == 128 || 63 key_bitlen == 192 || 64 key_bitlen == 256); 65 } 66 TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8); 67 TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH); 68 TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH); 69 70 if (strstr(info->name, "-ECB") != NULL) { 71 TEST_ASSERT(iv_size == 0); 72 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 73 } else if (strstr(info->name, "-CBC") != NULL || 74 strstr(info->name, "-CTR") != NULL) { 75 TEST_ASSERT(iv_size == block_size); 76 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 77 } else if (strstr(info->name, "-GCM") != NULL) { 78 TEST_ASSERT(iv_size == block_size - 4); 79 TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info)); 80 } 81 82 return 1; 83 84exit: 85 return 0; 86} 87 88#if defined(MBEDTLS_CIPHER_MODE_AEAD) 89/* Helper for resetting key/direction 90 * 91 * The documentation doesn't explicitly say whether calling 92 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 93 * the default software implementation, but only by accident. It isn't 94 * guaranteed to work with new ciphers or with alternative implementations of 95 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 96 * it, and instead start with a fresh context. 97 */ 98static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 99 int use_psa, size_t tag_len, const data_t *key, int direction) 100{ 101 mbedtls_cipher_free(ctx); 102 mbedtls_cipher_init(ctx); 103 104#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 105 (void) use_psa; 106 (void) tag_len; 107#else 108 if (use_psa == 1) { 109 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 110 mbedtls_cipher_info_from_type(cipher_id), 111 tag_len)); 112 } else 113#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 114 { 115 TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 116 mbedtls_cipher_info_from_type(cipher_id))); 117 } 118 119 TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 120 direction)); 121 return 1; 122 123exit: 124 return 0; 125} 126 127/* 128 * Check if a buffer is all-0 bytes: 129 * return 1 if it is, 130 * 0 if it isn't. 131 */ 132int buffer_is_all_zero(const uint8_t *buf, size_t size) 133{ 134 for (size_t i = 0; i < size; i++) { 135 if (buf[i] != 0) { 136 return 0; 137 } 138 } 139 return 1; 140} 141#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 142 143/* END_HEADER */ 144 145/* BEGIN_DEPENDENCIES 146 * depends_on:MBEDTLS_CIPHER_C 147 * END_DEPENDENCIES 148 */ 149 150/* BEGIN_CASE */ 151void mbedtls_cipher_list() 152{ 153 const int *cipher_type; 154 155 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 156 const mbedtls_cipher_info_t *info = 157 mbedtls_cipher_info_from_type(*cipher_type); 158 mbedtls_test_set_step(*cipher_type); 159 if (!check_cipher_info(*cipher_type, info)) { 160 goto exit; 161 } 162 } 163} 164/* END_CASE */ 165 166/* BEGIN_CASE */ 167void cipher_invalid_param_unconditional() 168{ 169 mbedtls_cipher_context_t valid_ctx; 170 mbedtls_cipher_context_t invalid_ctx; 171 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 172 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 173 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 174 int valid_size = sizeof(valid_buffer); 175 int valid_bitlen = valid_size * 8; 176 const int *cipher_list = mbedtls_cipher_list(); 177 const mbedtls_cipher_info_t *valid_info; 178 size_t size_t_var; 179 180 (void) valid_mode; /* In some configurations this is unused */ 181 182 mbedtls_cipher_init(&valid_ctx); 183 mbedtls_cipher_init(&invalid_ctx); 184 185 /* Ensure that there is at least 1 supported cipher, otherwise exit gracefully */ 186 TEST_ASSUME(*cipher_list != 0); 187 valid_info = mbedtls_cipher_info_from_type(*cipher_list); 188 189 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 190 191 /* mbedtls_cipher_setup() */ 192 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 193 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 194 195 /* mbedtls_cipher_get_block_size() */ 196 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 197 198 /* mbedtls_cipher_get_cipher_mode() */ 199 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 200 MBEDTLS_MODE_NONE); 201 202 /* mbedtls_cipher_get_iv_size() */ 203 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 204 205 /* mbedtls_cipher_get_type() */ 206 TEST_ASSERT( 207 mbedtls_cipher_get_type(&invalid_ctx) == 208 MBEDTLS_CIPHER_NONE); 209 210 /* mbedtls_cipher_get_name() */ 211 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 212 213 /* mbedtls_cipher_get_key_bitlen() */ 214 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 215 MBEDTLS_KEY_LENGTH_NONE); 216 217 /* mbedtls_cipher_get_operation() */ 218 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 219 MBEDTLS_OPERATION_NONE); 220 221 /* mbedtls_cipher_setkey() */ 222 TEST_ASSERT( 223 mbedtls_cipher_setkey(&invalid_ctx, 224 valid_buffer, 225 valid_bitlen, 226 valid_operation) == 227 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 228 229 /* mbedtls_cipher_set_iv() */ 230 TEST_ASSERT( 231 mbedtls_cipher_set_iv(&invalid_ctx, 232 valid_buffer, 233 valid_size) == 234 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 235 236 /* mbedtls_cipher_reset() */ 237 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 238 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 239 240#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 241 /* mbedtls_cipher_update_ad() */ 242 TEST_ASSERT( 243 mbedtls_cipher_update_ad(&invalid_ctx, 244 valid_buffer, 245 valid_size) == 246 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 247#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 248 249#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 250 /* mbedtls_cipher_set_padding_mode() */ 251 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 252 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 253#endif 254 255 /* mbedtls_cipher_update() */ 256 TEST_ASSERT( 257 mbedtls_cipher_update(&invalid_ctx, 258 valid_buffer, 259 valid_size, 260 valid_buffer, 261 &size_t_var) == 262 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 263 264 /* mbedtls_cipher_finish() */ 265 TEST_ASSERT( 266 mbedtls_cipher_finish(&invalid_ctx, 267 valid_buffer, 268 &size_t_var) == 269 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 270 271#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 272 /* mbedtls_cipher_write_tag() */ 273 TEST_ASSERT( 274 mbedtls_cipher_write_tag(&invalid_ctx, 275 valid_buffer, 276 valid_size) == 277 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 278 279 /* mbedtls_cipher_check_tag() */ 280 TEST_ASSERT( 281 mbedtls_cipher_check_tag(&invalid_ctx, 282 valid_buffer, 283 valid_size) == 284 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 285#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 286 287exit: 288 mbedtls_cipher_free(&invalid_ctx); 289 mbedtls_cipher_free(&valid_ctx); 290} 291/* END_CASE */ 292 293/* BEGIN_CASE */ 294void cipher_invalid_param_conditional() 295{ 296 mbedtls_cipher_context_t valid_ctx; 297 298 mbedtls_operation_t invalid_operation = 100; 299 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 300 int valid_size = sizeof(valid_buffer); 301 int valid_bitlen = valid_size * 8; 302 303 TEST_EQUAL( 304 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 305 mbedtls_cipher_setkey(&valid_ctx, 306 valid_buffer, 307 valid_bitlen, 308 invalid_operation)); 309 310exit: 311 ; 312} 313/* END_CASE */ 314 315/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 316void cipher_special_behaviours() 317{ 318 const mbedtls_cipher_info_t *cipher_info; 319 mbedtls_cipher_context_t ctx; 320 unsigned char input[32]; 321 unsigned char output[32]; 322#if defined(MBEDTLS_CIPHER_MODE_CBC) 323 unsigned char iv[32]; 324#endif 325 size_t olen = 0; 326 327 mbedtls_cipher_init(&ctx); 328 memset(input, 0, sizeof(input)); 329 memset(output, 0, sizeof(output)); 330#if defined(MBEDTLS_CIPHER_MODE_CBC) 331 memset(iv, 0, sizeof(iv)); 332 333 /* Check and get info structures */ 334 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 335 TEST_ASSERT(NULL != cipher_info); 336 337 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 338 339 /* IV too big */ 340 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 341 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 342 343 /* IV too small */ 344 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 345 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 346 347 mbedtls_cipher_free(&ctx); 348 mbedtls_cipher_init(&ctx); 349#endif /* MBEDTLS_CIPHER_MODE_CBC */ 350 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 351 TEST_ASSERT(NULL != cipher_info); 352 353 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 354 355 /* Update ECB with partial block */ 356 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 357 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 358 359exit: 360 mbedtls_cipher_free(&ctx); 361} 362/* END_CASE */ 363 364/* BEGIN_CASE */ 365void enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 366 int length_val, int pad_mode) 367{ 368 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 369 unsigned char key[64]; 370 unsigned char iv[16]; 371 unsigned char ad[13]; 372 unsigned char tag[16]; 373 unsigned char inbuf[64]; 374 unsigned char encbuf[64]; 375 unsigned char decbuf[64]; 376 377 const mbedtls_cipher_info_t *cipher_info; 378 mbedtls_cipher_context_t ctx_dec; 379 mbedtls_cipher_context_t ctx_enc; 380 381 /* 382 * Prepare contexts 383 */ 384 mbedtls_cipher_init(&ctx_dec); 385 mbedtls_cipher_init(&ctx_enc); 386 387 memset(key, 0x2a, sizeof(key)); 388 389 /* Check and get info structures */ 390 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 391 TEST_ASSERT(NULL != cipher_info); 392 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 393 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 394 cipher_string) == 0); 395 396 /* Initialise enc and dec contexts */ 397 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 398 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 399 400 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 401 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 402 403#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 404 if (-1 != pad_mode) { 405 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 406 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 407 } 408#else 409 (void) pad_mode; 410#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 411 412 /* 413 * Do a few encode/decode cycles 414 */ 415 for (i = 0; i < 3; i++) { 416 memset(iv, 0x00 + i, sizeof(iv)); 417 memset(ad, 0x10 + i, sizeof(ad)); 418 memset(inbuf, 0x20 + i, sizeof(inbuf)); 419 420 memset(encbuf, 0, sizeof(encbuf)); 421 memset(decbuf, 0, sizeof(decbuf)); 422 memset(tag, 0, sizeof(tag)); 423 424 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 425 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 426 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 427 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 428 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 429 iv_len = 12; 430 } else { 431 iv_len = sizeof(iv); 432 } 433 434 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 435 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 436 437 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 438 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 439 440#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 441 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 442 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 443 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 444 445 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 446 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 447#endif 448 449 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 450 TEST_ASSERT(block_size != 0); 451 452 /* encode length number of bytes from inbuf */ 453 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 454 total_len = outlen; 455 456 TEST_ASSERT(total_len == length || 457 (total_len % block_size == 0 && 458 total_len < length && 459 total_len + block_size > length)); 460 461 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 462 total_len += outlen; 463 464#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 465 TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 466#endif 467 468 TEST_ASSERT(total_len == length || 469 (total_len % block_size == 0 && 470 total_len > length && 471 total_len <= length + block_size)); 472 473 /* decode the previously encoded string */ 474 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 475 total_len = outlen; 476 477 TEST_ASSERT(total_len == length || 478 (total_len % block_size == 0 && 479 total_len < length && 480 total_len + block_size >= length)); 481 482 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 483 total_len += outlen; 484 485#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 486 TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 487#endif 488 489 /* check result */ 490 TEST_ASSERT(total_len == length); 491 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 492 } 493 494 /* 495 * Done 496 */ 497exit: 498 mbedtls_cipher_free(&ctx_dec); 499 mbedtls_cipher_free(&ctx_enc); 500} 501/* END_CASE */ 502 503/* BEGIN_CASE */ 504void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 505 int ret) 506{ 507 size_t length = length_val; 508 unsigned char key[32]; 509 unsigned char iv[16]; 510 511 const mbedtls_cipher_info_t *cipher_info; 512 mbedtls_cipher_context_t ctx; 513 514 unsigned char inbuf[64]; 515 unsigned char encbuf[64]; 516 517 size_t outlen = 0; 518 519 memset(key, 0, 32); 520 memset(iv, 0, 16); 521 522 mbedtls_cipher_init(&ctx); 523 524 memset(inbuf, 5, 64); 525 memset(encbuf, 0, 64); 526 527 /* Check and get info structures */ 528 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 529 TEST_ASSERT(NULL != cipher_info); 530 531 /* Initialise context */ 532 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 533 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 534#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 535 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 536#else 537 (void) pad_mode; 538#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 539 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 540 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 541#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 542 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 543 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 544 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 545 546 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0)); 547#endif 548 549 /* encode length number of bytes from inbuf */ 550 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 551 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 552 553 /* done */ 554exit: 555 mbedtls_cipher_free(&ctx); 556} 557/* END_CASE */ 558 559/* BEGIN_CASE */ 560void dec_empty_buf(int cipher, 561 int expected_update_ret, 562 int expected_finish_ret) 563{ 564 unsigned char key[32]; 565 566 unsigned char *iv = NULL; 567 size_t iv_len = 16; 568 569 mbedtls_cipher_context_t ctx_dec; 570 const mbedtls_cipher_info_t *cipher_info; 571 572 unsigned char encbuf[64]; 573 unsigned char decbuf[64]; 574 575 size_t outlen = 0; 576 577 memset(key, 0, 32); 578 579 mbedtls_cipher_init(&ctx_dec); 580 581 memset(encbuf, 0, 64); 582 memset(decbuf, 0, 64); 583 584 /* Initialise context */ 585 cipher_info = mbedtls_cipher_info_from_type(cipher); 586 TEST_ASSERT(NULL != cipher_info); 587 588 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 589 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 590 iv_len = 12; 591 } 592 593 TEST_CALLOC(iv, iv_len); 594 memset(iv, 0, iv_len); 595 596 TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); 597 598 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 599 600 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 601 key, mbedtls_cipher_info_get_key_bitlen(cipher_info), 602 MBEDTLS_DECRYPT)); 603 604 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 605 606 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 607 608#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) 609 if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) { 610 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, 611 MBEDTLS_PADDING_PKCS7)); 612 } 613#endif 614 615#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 616 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 617 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 618 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 619 620 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 621#endif 622 623 /* decode 0-byte string */ 624 TEST_ASSERT(expected_update_ret == 625 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 626 TEST_ASSERT(0 == outlen); 627 628 if (expected_finish_ret == 0 && 629 (cipher_info->mode == MBEDTLS_MODE_CBC || 630 cipher_info->mode == MBEDTLS_MODE_ECB)) { 631 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 632 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 633 * decrypting an empty buffer. 634 * On the other hand, CBC and ECB ciphers need a full block of input. 635 */ 636 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 637 } 638 639 TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 640 &ctx_dec, decbuf + outlen, &outlen)); 641 TEST_ASSERT(0 == outlen); 642 643exit: 644 mbedtls_free(iv); 645 mbedtls_cipher_free(&ctx_dec); 646} 647/* END_CASE */ 648 649/* BEGIN_CASE */ 650void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 651 int second_length_val, int pad_mode, 652 int first_encrypt_output_len, int second_encrypt_output_len, 653 int first_decrypt_output_len, int second_decrypt_output_len) 654{ 655 size_t first_length = first_length_val; 656 size_t second_length = second_length_val; 657 size_t length = first_length + second_length; 658 size_t block_size; 659 size_t iv_len; 660 unsigned char key[32]; 661 unsigned char iv[16]; 662 663 mbedtls_cipher_context_t ctx_dec; 664 mbedtls_cipher_context_t ctx_enc; 665 const mbedtls_cipher_info_t *cipher_info; 666 667 unsigned char inbuf[64]; 668 unsigned char encbuf[64]; 669 unsigned char decbuf[64]; 670 671 size_t outlen = 0; 672 size_t totaloutlen = 0; 673 674 memset(key, 0, 32); 675 memset(iv, 0, 16); 676 677 mbedtls_cipher_init(&ctx_dec); 678 mbedtls_cipher_init(&ctx_enc); 679 680 memset(inbuf, 5, 64); 681 memset(encbuf, 0, 64); 682 memset(decbuf, 0, 64); 683 684 /* Initialise enc and dec contexts */ 685 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 686 TEST_ASSERT(NULL != cipher_info); 687 688 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 689 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 690 691 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 692 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 693 694#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 695 if (-1 != pad_mode) { 696 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 697 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 698 } 699#else 700 (void) pad_mode; 701#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 702 703 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 704 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 705 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 706 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 707 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 708 iv_len = 12; 709 } else { 710 iv_len = sizeof(iv); 711 } 712 713 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 714 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 715 716 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 717 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 718 719#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 720 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 721 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 722 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 723 724 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 725 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 726#endif 727 728 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 729 TEST_ASSERT(block_size != 0); 730 731 /* encode length number of bytes from inbuf */ 732 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 733 TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 734 totaloutlen = outlen; 735 TEST_ASSERT(0 == 736 mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 737 encbuf + totaloutlen, 738 &outlen)); 739 TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 740 totaloutlen += outlen; 741 TEST_ASSERT(totaloutlen == length || 742 (totaloutlen % block_size == 0 && 743 totaloutlen < length && 744 totaloutlen + block_size > length)); 745 746 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 747 totaloutlen += outlen; 748 TEST_ASSERT(totaloutlen == length || 749 (totaloutlen % block_size == 0 && 750 totaloutlen > length && 751 totaloutlen <= length + block_size)); 752 753 /* decode the previously encoded string */ 754 second_length = totaloutlen - first_length; 755 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 756 TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 757 totaloutlen = outlen; 758 TEST_ASSERT(0 == 759 mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 760 decbuf + totaloutlen, 761 &outlen)); 762 TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 763 totaloutlen += outlen; 764 765 TEST_ASSERT(totaloutlen == length || 766 (totaloutlen % block_size == 0 && 767 totaloutlen < length && 768 totaloutlen + block_size >= length)); 769 770 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 771 totaloutlen += outlen; 772 773 TEST_ASSERT(totaloutlen == length); 774 775 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 776 777exit: 778 mbedtls_cipher_free(&ctx_dec); 779 mbedtls_cipher_free(&ctx_enc); 780} 781/* END_CASE */ 782 783/* BEGIN_CASE */ 784void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 785 data_t *iv, data_t *cipher, 786 data_t *clear, data_t *ad, data_t *tag, 787 int finish_result, int tag_result) 788{ 789 unsigned char output[265]; 790 mbedtls_cipher_context_t ctx; 791 size_t outlen, total_len; 792 793 mbedtls_cipher_init(&ctx); 794 795 memset(output, 0x00, sizeof(output)); 796 797#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 798 ((void) ad); 799 ((void) tag); 800#endif 801 802 /* Prepare context */ 803 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 804 mbedtls_cipher_info_from_type(cipher_id))); 805 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 806#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 807 if (pad_mode != -1) { 808 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 809 } 810#else 811 (void) pad_mode; 812#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 813 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 814 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 815#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 816 int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 817 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 818 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 819 820 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 821#endif 822 823 /* decode buffer and check tag->x */ 824 total_len = 0; 825 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 826 total_len += outlen; 827 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 828 &outlen)); 829 total_len += outlen; 830#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 831 int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 832 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 833 tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 834 835 TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 836#endif 837 838 /* check plaintext only if everything went fine */ 839 if (0 == finish_result && 0 == tag_result) { 840 TEST_ASSERT(total_len == clear->len); 841 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 842 } 843 844exit: 845 mbedtls_cipher_free(&ctx); 846} 847/* END_CASE */ 848 849/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */ 850void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 851 data_t *ad, data_t *cipher, data_t *tag, 852 char *result, data_t *clear, int use_psa) 853{ 854 /* 855 * Take an AEAD ciphertext + tag and perform a pair 856 * of AEAD decryption and AEAD encryption. Check that 857 * this results in the expected plaintext, and that 858 * decryption and encryption are inverse to one another. 859 */ 860 861 int ret; 862 int using_nist_kw, using_nist_kw_padding; 863 864 mbedtls_cipher_context_t ctx; 865 size_t outlen; 866 867 unsigned char *cipher_plus_tag = NULL; 868 size_t cipher_plus_tag_len; 869 unsigned char *decrypt_buf = NULL; 870 size_t decrypt_buf_len = 0; 871 unsigned char *encrypt_buf = NULL; 872 size_t encrypt_buf_len = 0; 873 874 /* Null pointers are documented as valid for inputs of length 0. 875 * The test framework passes non-null pointers, so set them to NULL. 876 * key, cipher and tag can't be empty. */ 877 if (iv->len == 0) { 878 iv->x = NULL; 879 } 880 if (ad->len == 0) { 881 ad->x = NULL; 882 } 883 if (clear->len == 0) { 884 clear->x = NULL; 885 } 886 887 mbedtls_cipher_init(&ctx); 888 889 /* Initialize PSA Crypto */ 890#if defined(MBEDTLS_USE_PSA_CRYPTO) 891 if (use_psa == 1) { 892 PSA_ASSERT(psa_crypto_init()); 893 } 894#else 895 (void) use_psa; 896#endif 897 898 /* 899 * Are we using NIST_KW? with padding? 900 */ 901 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 902 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 903 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 904 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 905 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 906 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 907 using_nist_kw_padding; 908 909 /* 910 * Prepare context for decryption 911 */ 912 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 913 MBEDTLS_DECRYPT)) { 914 goto exit; 915 } 916 917 /* 918 * prepare buffer for decryption 919 * (we need the tag appended to the ciphertext) 920 */ 921 cipher_plus_tag_len = cipher->len + tag->len; 922 TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); 923 memcpy(cipher_plus_tag, cipher->x, cipher->len); 924 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 925 926 /* 927 * Compute length of output buffer according to the documentation 928 */ 929 if (using_nist_kw) { 930 decrypt_buf_len = cipher_plus_tag_len - 8; 931 } else { 932 decrypt_buf_len = cipher_plus_tag_len - tag->len; 933 } 934 935 936 /* 937 * Try decrypting to a buffer that's 1B too small 938 */ 939 if (decrypt_buf_len != 0) { 940 TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); 941 942 outlen = 0; 943 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 944 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 945 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 946 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 947 948 mbedtls_free(decrypt_buf); 949 decrypt_buf = NULL; 950 } 951 952 /* 953 * Authenticate and decrypt, and check result 954 */ 955 TEST_CALLOC(decrypt_buf, decrypt_buf_len); 956 957 outlen = 0; 958 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 959 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 960 decrypt_buf, decrypt_buf_len, &outlen, tag->len); 961 962 if (strcmp(result, "FAIL") == 0) { 963 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 964 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 965 } else { 966 TEST_ASSERT(ret == 0); 967 TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 968 } 969 970 mbedtls_free(decrypt_buf); 971 decrypt_buf = NULL; 972 973 /* 974 * Encrypt back if test data was authentic 975 */ 976 if (strcmp(result, "FAIL") != 0) { 977 /* prepare context for encryption */ 978 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 979 MBEDTLS_ENCRYPT)) { 980 goto exit; 981 } 982 983 /* 984 * Compute size of output buffer according to documentation 985 */ 986 if (using_nist_kw) { 987 encrypt_buf_len = clear->len + 8; 988 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 989 encrypt_buf_len += 8 - encrypt_buf_len % 8; 990 } 991 } else { 992 encrypt_buf_len = clear->len + tag->len; 993 } 994 995 /* 996 * Try encrypting with an output buffer that's 1B too small 997 */ 998 TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); 999 1000 outlen = 0; 1001 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1002 ad->x, ad->len, clear->x, clear->len, 1003 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 1004 TEST_ASSERT(ret != 0); 1005 1006 mbedtls_free(encrypt_buf); 1007 encrypt_buf = NULL; 1008 1009 /* 1010 * Encrypt and check the result 1011 */ 1012 TEST_CALLOC(encrypt_buf, encrypt_buf_len); 1013 1014 outlen = 0; 1015 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1016 ad->x, ad->len, clear->x, clear->len, 1017 encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1018 TEST_ASSERT(ret == 0); 1019 1020 TEST_ASSERT(outlen == cipher->len + tag->len); 1021 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1022 TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1023 tag->x, tag->len) == 0); 1024 1025 mbedtls_free(encrypt_buf); 1026 encrypt_buf = NULL; 1027 } 1028 1029exit: 1030 1031 mbedtls_cipher_free(&ctx); 1032 mbedtls_free(decrypt_buf); 1033 mbedtls_free(encrypt_buf); 1034 mbedtls_free(cipher_plus_tag); 1035 1036#if defined(MBEDTLS_USE_PSA_CRYPTO) 1037 if (use_psa == 1) { 1038 PSA_DONE(); 1039 } 1040#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1041} 1042/* END_CASE */ 1043 1044/* BEGIN_CASE */ 1045void test_vec_ecb(int cipher_id, int operation, data_t *key, 1046 data_t *input, data_t *result, int finish_result 1047 ) 1048{ 1049 mbedtls_cipher_context_t ctx; 1050 unsigned char output[32]; 1051 size_t outlen; 1052 1053 mbedtls_cipher_init(&ctx); 1054 1055 memset(output, 0x00, sizeof(output)); 1056 1057 /* Prepare context */ 1058 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1059 mbedtls_cipher_info_from_type(cipher_id))); 1060 1061 1062 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1063 1064 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1065 mbedtls_cipher_get_block_size(&ctx), 1066 output, &outlen)); 1067 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1068 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1069 &outlen)); 1070 TEST_ASSERT(0 == outlen); 1071 1072 /* check plaintext only if everything went fine */ 1073 if (0 == finish_result) { 1074 TEST_ASSERT(0 == memcmp(output, result->x, 1075 mbedtls_cipher_get_block_size(&ctx))); 1076 } 1077 1078exit: 1079 mbedtls_cipher_free(&ctx); 1080} 1081/* END_CASE */ 1082 1083/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1084void test_vec_crypt(int cipher_id, int operation, data_t *key, 1085 data_t *iv, data_t *input, data_t *result, 1086 int finish_result, int use_psa) 1087{ 1088 mbedtls_cipher_context_t ctx; 1089 unsigned char output[32]; 1090 size_t outlen; 1091 1092 mbedtls_cipher_init(&ctx); 1093 1094 memset(output, 0x00, sizeof(output)); 1095 1096 /* Prepare context */ 1097#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1098 (void) use_psa; 1099#else 1100 if (use_psa == 1) { 1101 PSA_ASSERT(psa_crypto_init()); 1102 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1103 mbedtls_cipher_info_from_type(cipher_id), 0)); 1104 } else 1105#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1106 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1107 mbedtls_cipher_info_from_type(cipher_id))); 1108 1109 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1110 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1111 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1112 } 1113 1114 TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1115 iv->len, input->x, input->len, 1116 output, &outlen)); 1117 TEST_ASSERT(result->len == outlen); 1118 /* check plaintext only if everything went fine */ 1119 if (0 == finish_result) { 1120 TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1121 } 1122 1123exit: 1124 mbedtls_cipher_free(&ctx); 1125#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1126 PSA_DONE(); 1127#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1128} 1129/* END_CASE */ 1130 1131/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1132void set_padding(int cipher_id, int pad_mode, int ret) 1133{ 1134 const mbedtls_cipher_info_t *cipher_info; 1135 mbedtls_cipher_context_t ctx; 1136 1137 mbedtls_cipher_init(&ctx); 1138 1139 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1140 TEST_ASSERT(NULL != cipher_info); 1141 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1142 1143 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1144 1145exit: 1146 mbedtls_cipher_free(&ctx); 1147} 1148/* END_CASE */ 1149 1150/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1151void check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1152 ) 1153{ 1154 mbedtls_cipher_info_t cipher_info; 1155 mbedtls_cipher_context_t ctx; 1156 size_t dlen; 1157 1158 /* build a fake context just for getting access to get_padding */ 1159 mbedtls_cipher_init(&ctx); 1160 cipher_info.mode = MBEDTLS_MODE_CBC; 1161 ctx.cipher_info = &cipher_info; 1162 1163 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1164 1165 1166 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1167 if (0 == ret) { 1168 TEST_ASSERT(dlen == (size_t) dlen_check); 1169 } 1170} 1171/* END_CASE */ 1172 1173/* BEGIN_CASE */ 1174void iv_len_validity(int cipher_id, char *cipher_string, 1175 int iv_len_val, int ret) 1176{ 1177 size_t iv_len = iv_len_val; 1178 unsigned char iv[16]; 1179 1180 /* Initialise iv buffer */ 1181 memset(iv, 0, sizeof(iv)); 1182 1183 const mbedtls_cipher_info_t *cipher_info; 1184 mbedtls_cipher_context_t ctx_dec; 1185 mbedtls_cipher_context_t ctx_enc; 1186 1187 /* 1188 * Prepare contexts 1189 */ 1190 mbedtls_cipher_init(&ctx_dec); 1191 mbedtls_cipher_init(&ctx_enc); 1192 1193 /* Check and get info structures */ 1194 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1195 TEST_ASSERT(NULL != cipher_info); 1196 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1197 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 1198 cipher_string) == 0); 1199 1200 /* Initialise enc and dec contexts */ 1201 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1202 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1203 1204 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1205 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1206 1207exit: 1208 mbedtls_cipher_free(&ctx_dec); 1209 mbedtls_cipher_free(&ctx_enc); 1210} 1211/* END_CASE */ 1212 1213/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1214void check_set_padding(int cipher_id) 1215{ 1216 mbedtls_cipher_context_t ctx; 1217 unsigned char *key = NULL; 1218 unsigned char iv[16] = { 0 }; 1219 unsigned char input[16] = { 0 }; 1220 unsigned char output[32] = { 0 }; 1221 size_t outlen = 0; 1222 const mbedtls_cipher_info_t *cipher_info; 1223 size_t keylen = 0; 1224 1225 mbedtls_cipher_init(&ctx); 1226 1227 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1228 1229 if (cipher_info->mode != MBEDTLS_MODE_CBC) { 1230 TEST_FAIL("Cipher mode must be CBC"); 1231 } 1232 1233 keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info); 1234 TEST_CALLOC(key, keylen/8); 1235 memset(key, 0, keylen/8); 1236 1237 TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); 1238 1239 TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, 1240 MBEDTLS_ENCRYPT)); 1241 1242 TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 1243 mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1244 sizeof(input), output, &outlen)); 1245 1246 TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1247 TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1248 sizeof(input), output, &outlen)); 1249 1250exit: 1251 mbedtls_cipher_free(&ctx); 1252 mbedtls_free(key); 1253} 1254/* END_CASE */ 1255
