1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/chachapoly.h" 3*62c56f98SSadaf Ebrahimi/* END_HEADER */ 4*62c56f98SSadaf Ebrahimi 5*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 6*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_CHACHAPOLY_C 7*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 8*62c56f98SSadaf Ebrahimi */ 9*62c56f98SSadaf Ebrahimi 10*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 11*62c56f98SSadaf Ebrahimivoid mbedtls_chachapoly_enc(data_t *key_str, 12*62c56f98SSadaf Ebrahimi data_t *nonce_str, 13*62c56f98SSadaf Ebrahimi data_t *aad_str, 14*62c56f98SSadaf Ebrahimi data_t *input_str, 15*62c56f98SSadaf Ebrahimi data_t *output_str, 16*62c56f98SSadaf Ebrahimi data_t *mac_str) 17*62c56f98SSadaf Ebrahimi{ 18*62c56f98SSadaf Ebrahimi unsigned char output[265]; 19*62c56f98SSadaf Ebrahimi unsigned char mac[16]; /* size set by the standard */ 20*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_context ctx; 21*62c56f98SSadaf Ebrahimi 22*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_str->len == 32); 23*62c56f98SSadaf Ebrahimi TEST_ASSERT(nonce_str->len == 12); 24*62c56f98SSadaf Ebrahimi TEST_ASSERT(mac_str->len == 16); 25*62c56f98SSadaf Ebrahimi 26*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_init(&ctx); 27*62c56f98SSadaf Ebrahimi 28*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0); 29*62c56f98SSadaf Ebrahimi 30*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_encrypt_and_tag(&ctx, 31*62c56f98SSadaf Ebrahimi input_str->len, nonce_str->x, 32*62c56f98SSadaf Ebrahimi aad_str->x, aad_str->len, 33*62c56f98SSadaf Ebrahimi input_str->x, output, mac) == 0); 34*62c56f98SSadaf Ebrahimi 35*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0); 36*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(mac_str->x, mac, 16U) == 0); 37*62c56f98SSadaf Ebrahimi 38*62c56f98SSadaf Ebrahimiexit: 39*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_free(&ctx); 40*62c56f98SSadaf Ebrahimi} 41*62c56f98SSadaf Ebrahimi/* END_CASE */ 42*62c56f98SSadaf Ebrahimi 43*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 44*62c56f98SSadaf Ebrahimivoid mbedtls_chachapoly_dec(data_t *key_str, 45*62c56f98SSadaf Ebrahimi data_t *nonce_str, 46*62c56f98SSadaf Ebrahimi data_t *aad_str, 47*62c56f98SSadaf Ebrahimi data_t *input_str, 48*62c56f98SSadaf Ebrahimi data_t *output_str, 49*62c56f98SSadaf Ebrahimi data_t *mac_str, 50*62c56f98SSadaf Ebrahimi int ret_exp) 51*62c56f98SSadaf Ebrahimi{ 52*62c56f98SSadaf Ebrahimi unsigned char output[265]; 53*62c56f98SSadaf Ebrahimi int ret; 54*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_context ctx; 55*62c56f98SSadaf Ebrahimi 56*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_str->len == 32); 57*62c56f98SSadaf Ebrahimi TEST_ASSERT(nonce_str->len == 12); 58*62c56f98SSadaf Ebrahimi TEST_ASSERT(mac_str->len == 16); 59*62c56f98SSadaf Ebrahimi 60*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_init(&ctx); 61*62c56f98SSadaf Ebrahimi 62*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0); 63*62c56f98SSadaf Ebrahimi 64*62c56f98SSadaf Ebrahimi ret = mbedtls_chachapoly_auth_decrypt(&ctx, 65*62c56f98SSadaf Ebrahimi input_str->len, nonce_str->x, 66*62c56f98SSadaf Ebrahimi aad_str->x, aad_str->len, 67*62c56f98SSadaf Ebrahimi mac_str->x, input_str->x, output); 68*62c56f98SSadaf Ebrahimi 69*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == ret_exp); 70*62c56f98SSadaf Ebrahimi if (ret_exp == 0) { 71*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0); 72*62c56f98SSadaf Ebrahimi } 73*62c56f98SSadaf Ebrahimi 74*62c56f98SSadaf Ebrahimiexit: 75*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_free(&ctx); 76*62c56f98SSadaf Ebrahimi} 77*62c56f98SSadaf Ebrahimi/* END_CASE */ 78*62c56f98SSadaf Ebrahimi 79*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 80*62c56f98SSadaf Ebrahimivoid chachapoly_state() 81*62c56f98SSadaf Ebrahimi{ 82*62c56f98SSadaf Ebrahimi unsigned char key[32]; 83*62c56f98SSadaf Ebrahimi unsigned char nonce[12]; 84*62c56f98SSadaf Ebrahimi unsigned char aad[1]; 85*62c56f98SSadaf Ebrahimi unsigned char input[1]; 86*62c56f98SSadaf Ebrahimi unsigned char output[1]; 87*62c56f98SSadaf Ebrahimi unsigned char mac[16]; 88*62c56f98SSadaf Ebrahimi size_t input_len = sizeof(input); 89*62c56f98SSadaf Ebrahimi size_t aad_len = sizeof(aad); 90*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_context ctx; 91*62c56f98SSadaf Ebrahimi 92*62c56f98SSadaf Ebrahimi memset(key, 0x00, sizeof(key)); 93*62c56f98SSadaf Ebrahimi memset(nonce, 0x00, sizeof(nonce)); 94*62c56f98SSadaf Ebrahimi memset(aad, 0x00, sizeof(aad)); 95*62c56f98SSadaf Ebrahimi memset(input, 0x00, sizeof(input)); 96*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 97*62c56f98SSadaf Ebrahimi memset(mac, 0x00, sizeof(mac)); 98*62c56f98SSadaf Ebrahimi 99*62c56f98SSadaf Ebrahimi /* Initial state: finish, update, update_aad forbidden */ 100*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_init(&ctx); 101*62c56f98SSadaf Ebrahimi 102*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 103*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 104*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 105*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 106*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 107*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 108*62c56f98SSadaf Ebrahimi 109*62c56f98SSadaf Ebrahimi /* Still initial state: finish, update, update_aad forbidden */ 110*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key) 111*62c56f98SSadaf Ebrahimi == 0); 112*62c56f98SSadaf Ebrahimi 113*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 114*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 115*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 116*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 117*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 118*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 119*62c56f98SSadaf Ebrahimi 120*62c56f98SSadaf Ebrahimi /* Starts -> finish OK */ 121*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) 122*62c56f98SSadaf Ebrahimi == 0); 123*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 124*62c56f98SSadaf Ebrahimi == 0); 125*62c56f98SSadaf Ebrahimi 126*62c56f98SSadaf Ebrahimi /* After finish: update, update_aad forbidden */ 127*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 128*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 129*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 130*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 131*62c56f98SSadaf Ebrahimi 132*62c56f98SSadaf Ebrahimi /* Starts -> update* OK */ 133*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) 134*62c56f98SSadaf Ebrahimi == 0); 135*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 136*62c56f98SSadaf Ebrahimi == 0); 137*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) 138*62c56f98SSadaf Ebrahimi == 0); 139*62c56f98SSadaf Ebrahimi 140*62c56f98SSadaf Ebrahimi /* After update: update_aad forbidden */ 141*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 142*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); 143*62c56f98SSadaf Ebrahimi 144*62c56f98SSadaf Ebrahimi /* Starts -> update_aad* -> finish OK */ 145*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) 146*62c56f98SSadaf Ebrahimi == 0); 147*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 148*62c56f98SSadaf Ebrahimi == 0); 149*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) 150*62c56f98SSadaf Ebrahimi == 0); 151*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) 152*62c56f98SSadaf Ebrahimi == 0); 153*62c56f98SSadaf Ebrahimi 154*62c56f98SSadaf Ebrahimiexit: 155*62c56f98SSadaf Ebrahimi mbedtls_chachapoly_free(&ctx); 156*62c56f98SSadaf Ebrahimi} 157*62c56f98SSadaf Ebrahimi/* END_CASE */ 158*62c56f98SSadaf Ebrahimi 159*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ 160*62c56f98SSadaf Ebrahimivoid chachapoly_selftest() 161*62c56f98SSadaf Ebrahimi{ 162*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_chachapoly_self_test(1) == 0); 163*62c56f98SSadaf Ebrahimi} 164*62c56f98SSadaf Ebrahimi/* END_CASE */ 165