xref: /aosp_15_r20/external/mbedtls/tests/suites/test_suite_chachapoly.function (revision 62c56f9862f102b96d72393aff6076c951fb8148) 
1/* BEGIN_HEADER */
2#include "mbedtls/chachapoly.h"
3/* END_HEADER */
4
5/* BEGIN_DEPENDENCIES
6 * depends_on:MBEDTLS_CHACHAPOLY_C
7 * END_DEPENDENCIES
8 */
9
10/* BEGIN_CASE */
11void mbedtls_chachapoly_enc(data_t *key_str,
12                            data_t *nonce_str,
13                            data_t *aad_str,
14                            data_t *input_str,
15                            data_t *output_str,
16                            data_t *mac_str)
17{
18    unsigned char output[265];
19    unsigned char mac[16]; /* size set by the standard */
20    mbedtls_chachapoly_context ctx;
21
22    TEST_ASSERT(key_str->len   == 32);
23    TEST_ASSERT(nonce_str->len == 12);
24    TEST_ASSERT(mac_str->len   == 16);
25
26    mbedtls_chachapoly_init(&ctx);
27
28    TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0);
29
30    TEST_ASSERT(mbedtls_chachapoly_encrypt_and_tag(&ctx,
31                                                   input_str->len, nonce_str->x,
32                                                   aad_str->x, aad_str->len,
33                                                   input_str->x, output, mac) == 0);
34
35    TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0);
36    TEST_ASSERT(memcmp(mac_str->x, mac, 16U) == 0);
37
38exit:
39    mbedtls_chachapoly_free(&ctx);
40}
41/* END_CASE */
42
43/* BEGIN_CASE */
44void mbedtls_chachapoly_dec(data_t *key_str,
45                            data_t *nonce_str,
46                            data_t *aad_str,
47                            data_t *input_str,
48                            data_t *output_str,
49                            data_t *mac_str,
50                            int ret_exp)
51{
52    unsigned char output[265];
53    int ret;
54    mbedtls_chachapoly_context ctx;
55
56    TEST_ASSERT(key_str->len   == 32);
57    TEST_ASSERT(nonce_str->len == 12);
58    TEST_ASSERT(mac_str->len   == 16);
59
60    mbedtls_chachapoly_init(&ctx);
61
62    TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0);
63
64    ret = mbedtls_chachapoly_auth_decrypt(&ctx,
65                                          input_str->len, nonce_str->x,
66                                          aad_str->x, aad_str->len,
67                                          mac_str->x, input_str->x, output);
68
69    TEST_ASSERT(ret == ret_exp);
70    if (ret_exp == 0) {
71        TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0);
72    }
73
74exit:
75    mbedtls_chachapoly_free(&ctx);
76}
77/* END_CASE */
78
79/* BEGIN_CASE */
80void chachapoly_state()
81{
82    unsigned char key[32];
83    unsigned char nonce[12];
84    unsigned char aad[1];
85    unsigned char input[1];
86    unsigned char output[1];
87    unsigned char mac[16];
88    size_t input_len = sizeof(input);
89    size_t aad_len = sizeof(aad);
90    mbedtls_chachapoly_context ctx;
91
92    memset(key,    0x00, sizeof(key));
93    memset(nonce,  0x00, sizeof(nonce));
94    memset(aad,    0x00, sizeof(aad));
95    memset(input,  0x00, sizeof(input));
96    memset(output, 0x00, sizeof(output));
97    memset(mac,    0x00, sizeof(mac));
98
99    /* Initial state: finish, update, update_aad forbidden */
100    mbedtls_chachapoly_init(&ctx);
101
102    TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
103                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
104    TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
105                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
106    TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
107                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
108
109    /* Still initial state: finish, update, update_aad forbidden */
110    TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key)
111                == 0);
112
113    TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
114                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
115    TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
116                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
117    TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
118                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
119
120    /* Starts -> finish OK */
121    TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT)
122                == 0);
123    TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
124                == 0);
125
126    /* After finish: update, update_aad forbidden */
127    TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
128                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
129    TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
130                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
131
132    /* Starts -> update* OK */
133    TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT)
134                == 0);
135    TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
136                == 0);
137    TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output)
138                == 0);
139
140    /* After update: update_aad forbidden */
141    TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
142                == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE);
143
144    /* Starts -> update_aad* -> finish OK */
145    TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT)
146                == 0);
147    TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
148                == 0);
149    TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len)
150                == 0);
151    TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac)
152                == 0);
153
154exit:
155    mbedtls_chachapoly_free(&ctx);
156}
157/* END_CASE */
158
159/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
160void chachapoly_selftest()
161{
162    TEST_ASSERT(mbedtls_chachapoly_self_test(1) == 0);
163}
164/* END_CASE */
165