xref: /openthread-latest/third_party/mbedtls/repo/tests/suites/test_suite_nist_kw.function

/* BEGIN_HEADER */
#include "mbedtls/nist_kw.h"
/* END_HEADER */

/* BEGIN_DEPENDENCIES
 * depends_on:MBEDTLS_NIST_KW_C
 * END_DEPENDENCIES
 */

/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
void mbedtls_nist_kw_self_test()
{
    TEST_ASSERT(mbedtls_nist_kw_self_test(1) == 0);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void mbedtls_nist_kw_mix_contexts()
{
    mbedtls_nist_kw_context ctx1, ctx2;
    unsigned char key[16];
    unsigned char plaintext[32];
    unsigned char ciphertext1[40];
    unsigned char ciphertext2[40];
    size_t output_len, i;

    memset(plaintext, 0, sizeof(plaintext));
    memset(ciphertext1, 0, sizeof(ciphertext1));
    memset(ciphertext2, 0, sizeof(ciphertext2));
    memset(key, 0, sizeof(key));

    /*
     * 1. Check wrap and unwrap with two separate contexts
     */
    mbedtls_nist_kw_init(&ctx1);
    mbedtls_nist_kw_init(&ctx2);

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1,
                                       MBEDTLS_CIPHER_ID_AES,
                                       key, sizeof(key) * 8,
                                       1) == 0);

    TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW,
                                     plaintext, sizeof(plaintext),
                                     ciphertext1, &output_len,
                                     sizeof(ciphertext1)) == 0);
    TEST_ASSERT(output_len == sizeof(ciphertext1));

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2,
                                       MBEDTLS_CIPHER_ID_AES,
                                       key, sizeof(key) * 8,
                                       0) == 0);

    TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW,
                                       ciphertext1, output_len,
                                       plaintext, &output_len,
                                       sizeof(plaintext)) == 0);

    TEST_ASSERT(output_len == sizeof(plaintext));
    for (i = 0; i < sizeof(plaintext); i++) {
        TEST_ASSERT(plaintext[i] == 0);
    }
    mbedtls_nist_kw_free(&ctx1);
    mbedtls_nist_kw_free(&ctx2);

    /*
     * 2. Check wrapping with two modes, on same context
     */
    mbedtls_nist_kw_init(&ctx1);
    mbedtls_nist_kw_init(&ctx2);
    output_len = sizeof(ciphertext1);

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx1,
                                       MBEDTLS_CIPHER_ID_AES,
                                       key, sizeof(key) * 8,
                                       1) == 0);

    TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KW,
                                     plaintext, sizeof(plaintext),
                                     ciphertext1, &output_len,
                                     sizeof(ciphertext1)) == 0);
    TEST_ASSERT(output_len == sizeof(ciphertext1));

    TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx1, MBEDTLS_KW_MODE_KWP,
                                     plaintext, sizeof(plaintext),
                                     ciphertext2, &output_len,
                                     sizeof(ciphertext2)) == 0);

    TEST_ASSERT(output_len == sizeof(ciphertext2));

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx2,
                                       MBEDTLS_CIPHER_ID_AES,
                                       key, sizeof(key) * 8,
                                       0) == 0);

    TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KW,
                                       ciphertext1, sizeof(ciphertext1),
                                       plaintext, &output_len,
                                       sizeof(plaintext)) == 0);

    TEST_ASSERT(output_len == sizeof(plaintext));

    for (i = 0; i < sizeof(plaintext); i++) {
        TEST_ASSERT(plaintext[i] == 0);
    }

    TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx2, MBEDTLS_KW_MODE_KWP,
                                       ciphertext2, sizeof(ciphertext2),
                                       plaintext, &output_len,
                                       sizeof(plaintext)) == 0);

    TEST_ASSERT(output_len == sizeof(plaintext));

    for (i = 0; i < sizeof(plaintext); i++) {
        TEST_ASSERT(plaintext[i] == 0);
    }

exit:
    mbedtls_nist_kw_free(&ctx1);
    mbedtls_nist_kw_free(&ctx2);
}
/* END_CASE */

/* BEGIN_CASE */
void mbedtls_nist_kw_setkey(int cipher_id, int key_size,
                            int is_wrap, int result)
{
    mbedtls_nist_kw_context ctx;
    unsigned char key[32];
    int ret;

    mbedtls_nist_kw_init(&ctx);

    memset(key, 0x2A, sizeof(key));
    TEST_ASSERT((unsigned) key_size <= 8 * sizeof(key));

    ret = mbedtls_nist_kw_setkey(&ctx, cipher_id, key, key_size, is_wrap);
    TEST_ASSERT(ret == result);

exit:
    mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void nist_kw_plaintext_lengths(int in_len, int out_len, int mode, int res)
{
    mbedtls_nist_kw_context ctx;
    unsigned char key[16];
    unsigned char *plaintext = NULL;
    unsigned char *ciphertext = NULL;
    size_t output_len = out_len;

    mbedtls_nist_kw_init(&ctx);

    memset(key, 0, sizeof(key));

    if (in_len != 0) {
        plaintext = mbedtls_calloc(1, in_len);
        TEST_ASSERT(plaintext != NULL);
    }

    if (out_len != 0) {
        ciphertext = mbedtls_calloc(1, output_len);
        TEST_ASSERT(ciphertext != NULL);
    }

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
                                       key, 8 * sizeof(key), 1) == 0);

    TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, plaintext, in_len,
                                     ciphertext, &output_len,
                                     output_len) == res);
    if (res == 0) {
        if (mode == MBEDTLS_KW_MODE_KWP) {
            TEST_ASSERT(output_len == (size_t) in_len + 8 -
                        (in_len % 8) + 8);
        } else {
            TEST_ASSERT(output_len == (size_t) in_len + 8);
        }
    } else {
        TEST_ASSERT(output_len == 0);
    }

exit:
    mbedtls_free(ciphertext);
    mbedtls_free(plaintext);
    mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */

/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
void nist_kw_ciphertext_lengths(int in_len, int out_len, int mode, int res)
{
    mbedtls_nist_kw_context ctx;
    unsigned char key[16];
    unsigned char *plaintext = NULL;
    unsigned char *ciphertext = NULL;
    int unwrap_ret;
    size_t output_len = out_len;

    mbedtls_nist_kw_init(&ctx);

    memset(key, 0, sizeof(key));

    if (out_len != 0) {
        plaintext = mbedtls_calloc(1, output_len);
        TEST_ASSERT(plaintext != NULL);
    }
    if (in_len != 0) {
        ciphertext = mbedtls_calloc(1, in_len);
        TEST_ASSERT(ciphertext != NULL);
    }

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, MBEDTLS_CIPHER_ID_AES,
                                       key, 8 * sizeof(key), 0) == 0);
    unwrap_ret = mbedtls_nist_kw_unwrap(&ctx, mode, ciphertext, in_len,
                                        plaintext, &output_len,
                                        output_len);

    if (res == 0) {
        TEST_ASSERT(unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED);
    } else {
        TEST_ASSERT(unwrap_ret == res);
    }

    TEST_ASSERT(output_len == 0);

exit:
    mbedtls_free(ciphertext);
    mbedtls_free(plaintext);
    mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */

/* BEGIN_CASE */
void mbedtls_nist_kw_wrap(int cipher_id, int mode, data_t *key, data_t *msg,
                          data_t *expected_result)
{
    unsigned char result[528];
    mbedtls_nist_kw_context ctx;
    size_t result_len, i, padlen;

    mbedtls_nist_kw_init(&ctx);

    memset(result, '+', sizeof(result));

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id,
                                       key->x, key->len * 8, 1) == 0);

    /* Test with input == output */
    TEST_ASSERT(mbedtls_nist_kw_wrap(&ctx, mode, msg->x, msg->len,
                                     result, &result_len, sizeof(result)) == 0);

    TEST_ASSERT(result_len == expected_result->len);

    TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0);

    padlen = (msg->len % 8 != 0) ? 8 - (msg->len % 8) : 0;
    /* Check that the function didn't write beyond the end of the buffer. */
    for (i = msg->len + 8 + padlen; i < sizeof(result); i++) {
        TEST_ASSERT(result[i] == '+');
    }

exit:
    mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */

/* BEGIN_CASE */
void mbedtls_nist_kw_unwrap(int cipher_id, int mode, data_t *key, data_t *msg,
                            data_t *expected_result, int expected_ret)
{
    unsigned char result[528];
    mbedtls_nist_kw_context ctx;
    size_t result_len, i;

    mbedtls_nist_kw_init(&ctx);

    memset(result, '+', sizeof(result));

    TEST_ASSERT(mbedtls_nist_kw_setkey(&ctx, cipher_id,
                                       key->x, key->len * 8, 0) == 0);

    /* Test with input == output */
    TEST_ASSERT(mbedtls_nist_kw_unwrap(&ctx, mode, msg->x, msg->len,
                                       result, &result_len, sizeof(result)) == expected_ret);
    if (expected_ret == 0) {
        TEST_ASSERT(result_len == expected_result->len);
        TEST_ASSERT(memcmp(expected_result->x, result, result_len) == 0);
    } else {
        TEST_ASSERT(result_len == 0);
    }

    /* Check that the function didn't write beyond the end of the buffer. */
    for (i = msg->len - 8; i < sizeof(result); i++) {
        TEST_ASSERT(result[i] == '+');
    }

exit:
    mbedtls_nist_kw_free(&ctx);
}
/* END_CASE */