1/* BEGIN_HEADER */ 2#include "mbedtls/cipher.h" 3#include "mbedtls/aes.h" 4 5#if defined(MBEDTLS_GCM_C) 6#include "mbedtls/gcm.h" 7#endif 8 9#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 10#define MBEDTLS_CIPHER_AUTH_CRYPT 11#endif 12 13/* Check the internal consistency of a cipher info structure, and 14 * check it against mbedtls_cipher_info_from_xxx(). */ 15static int check_cipher_info(mbedtls_cipher_type_t type, 16 const mbedtls_cipher_info_t *info) 17{ 18 size_t key_bitlen, block_size, iv_size; 19 20 TEST_ASSERT(info != NULL); 21 TEST_EQUAL(type, mbedtls_cipher_info_get_type(info)); 22 TEST_EQUAL(type, info->type); 23 TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info); 24 25 TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info)); 26 27 /* Insist that get_name() return the string from the structure and 28 * not a copy. A copy would have an unknown storage duration. */ 29 TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name); 30 TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info); 31 32 key_bitlen = mbedtls_cipher_info_get_key_bitlen(info); 33 block_size = mbedtls_cipher_info_get_block_size(info); 34 iv_size = mbedtls_cipher_info_get_iv_size(info); 35 if (info->type == MBEDTLS_CIPHER_NULL) { 36 TEST_ASSERT(key_bitlen == 0); 37 TEST_ASSERT(block_size == 1); 38 TEST_ASSERT(iv_size == 0); 39 } else if (info->mode == MBEDTLS_MODE_XTS) { 40 TEST_ASSERT(key_bitlen == 256 || 41 key_bitlen == 384 || 42 key_bitlen == 512); 43 } else if (!strncmp(info->name, "DES-EDE3-", 9)) { 44 TEST_ASSERT(key_bitlen == 192); 45 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 46 TEST_ASSERT(block_size == 8); 47 } else if (!strncmp(info->name, "DES-EDE-", 8)) { 48 TEST_ASSERT(key_bitlen == 128); 49 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 50 TEST_ASSERT(block_size == 8); 51 } else if (!strncmp(info->name, "DES-", 4)) { 52 TEST_ASSERT(key_bitlen == 64); 53 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 54 TEST_ASSERT(block_size == 8); 55 } else if (!strncmp(info->name, "AES", 3)) { 56 TEST_ASSERT(key_bitlen == 128 || 57 key_bitlen == 192 || 58 key_bitlen == 256); 59 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 60 TEST_ASSERT(block_size == 16); 61 } else { 62 TEST_ASSERT(key_bitlen == 128 || 63 key_bitlen == 192 || 64 key_bitlen == 256); 65 } 66 TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8); 67 TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH); 68 TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH); 69 70 if (strstr(info->name, "-ECB") != NULL) { 71 TEST_ASSERT(iv_size == 0); 72 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 73 } else if (strstr(info->name, "-CBC") != NULL || 74 strstr(info->name, "-CTR") != NULL) { 75 TEST_ASSERT(iv_size == block_size); 76 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 77 } else if (strstr(info->name, "-GCM") != NULL) { 78 TEST_ASSERT(iv_size == block_size - 4); 79 TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info)); 80 } 81 82 return 1; 83 84exit: 85 return 0; 86} 87 88#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) 89/* Helper for resetting key/direction 90 * 91 * The documentation doesn't explicitly say whether calling 92 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 93 * the default software implementation, but only by accident. It isn't 94 * guaranteed to work with new ciphers or with alternative implementations of 95 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 96 * it, and instead start with a fresh context. 97 */ 98static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 99 int use_psa, size_t tag_len, const data_t *key, int direction) 100{ 101 mbedtls_cipher_free(ctx); 102 mbedtls_cipher_init(ctx); 103 104#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 105 (void) use_psa; 106 (void) tag_len; 107#else 108 if (use_psa == 1) { 109 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 110 mbedtls_cipher_info_from_type(cipher_id), 111 tag_len)); 112 } else 113#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 114 { 115 TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 116 mbedtls_cipher_info_from_type(cipher_id))); 117 } 118 119 TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 120 direction)); 121 return 1; 122 123exit: 124 return 0; 125} 126 127/* 128 * Check if a buffer is all-0 bytes: 129 * return 1 if it is, 130 * 0 if it isn't. 131 */ 132int buffer_is_all_zero(const uint8_t *buf, size_t size) 133{ 134 for (size_t i = 0; i < size; i++) { 135 if (buf[i] != 0) { 136 return 0; 137 } 138 } 139 return 1; 140} 141#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 142 143/* END_HEADER */ 144 145/* BEGIN_DEPENDENCIES 146 * depends_on:MBEDTLS_CIPHER_C 147 * END_DEPENDENCIES 148 */ 149 150/* BEGIN_CASE */ 151void mbedtls_cipher_list() 152{ 153 const int *cipher_type; 154 155 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 156 const mbedtls_cipher_info_t *info = 157 mbedtls_cipher_info_from_type(*cipher_type); 158 mbedtls_test_set_step(*cipher_type); 159 if (!check_cipher_info(*cipher_type, info)) { 160 goto exit; 161 } 162 } 163} 164/* END_CASE */ 165 166/* BEGIN_CASE */ 167void cipher_invalid_param_unconditional() 168{ 169 mbedtls_cipher_context_t valid_ctx; 170 mbedtls_cipher_context_t invalid_ctx; 171 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 172 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 173 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 174 int valid_size = sizeof(valid_buffer); 175 int valid_bitlen = valid_size * 8; 176 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 177 *(mbedtls_cipher_list())); 178 size_t size_t_var; 179 180 (void) valid_mode; /* In some configurations this is unused */ 181 182 mbedtls_cipher_init(&valid_ctx); 183 mbedtls_cipher_init(&invalid_ctx); 184 185 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 186 187 /* mbedtls_cipher_setup() */ 188 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 189 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 190 191 /* mbedtls_cipher_get_block_size() */ 192 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 193 194 /* mbedtls_cipher_get_cipher_mode() */ 195 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 196 MBEDTLS_MODE_NONE); 197 198 /* mbedtls_cipher_get_iv_size() */ 199 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 200 201 /* mbedtls_cipher_get_type() */ 202 TEST_ASSERT( 203 mbedtls_cipher_get_type(&invalid_ctx) == 204 MBEDTLS_CIPHER_NONE); 205 206 /* mbedtls_cipher_get_name() */ 207 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 208 209 /* mbedtls_cipher_get_key_bitlen() */ 210 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 211 MBEDTLS_KEY_LENGTH_NONE); 212 213 /* mbedtls_cipher_get_operation() */ 214 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 215 MBEDTLS_OPERATION_NONE); 216 217 /* mbedtls_cipher_setkey() */ 218 TEST_ASSERT( 219 mbedtls_cipher_setkey(&invalid_ctx, 220 valid_buffer, 221 valid_bitlen, 222 valid_operation) == 223 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 224 225 /* mbedtls_cipher_set_iv() */ 226 TEST_ASSERT( 227 mbedtls_cipher_set_iv(&invalid_ctx, 228 valid_buffer, 229 valid_size) == 230 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 231 232 /* mbedtls_cipher_reset() */ 233 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 234 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 235 236#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 237 /* mbedtls_cipher_update_ad() */ 238 TEST_ASSERT( 239 mbedtls_cipher_update_ad(&invalid_ctx, 240 valid_buffer, 241 valid_size) == 242 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 243#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 244 245#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 246 /* mbedtls_cipher_set_padding_mode() */ 247 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 248 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 249#endif 250 251 /* mbedtls_cipher_update() */ 252 TEST_ASSERT( 253 mbedtls_cipher_update(&invalid_ctx, 254 valid_buffer, 255 valid_size, 256 valid_buffer, 257 &size_t_var) == 258 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 259 260 /* mbedtls_cipher_finish() */ 261 TEST_ASSERT( 262 mbedtls_cipher_finish(&invalid_ctx, 263 valid_buffer, 264 &size_t_var) == 265 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 266 267#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 268 /* mbedtls_cipher_write_tag() */ 269 TEST_ASSERT( 270 mbedtls_cipher_write_tag(&invalid_ctx, 271 valid_buffer, 272 valid_size) == 273 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 274 275 /* mbedtls_cipher_check_tag() */ 276 TEST_ASSERT( 277 mbedtls_cipher_check_tag(&invalid_ctx, 278 valid_buffer, 279 valid_size) == 280 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 281#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 282 283exit: 284 mbedtls_cipher_free(&invalid_ctx); 285 mbedtls_cipher_free(&valid_ctx); 286} 287/* END_CASE */ 288 289/* BEGIN_CASE */ 290void cipher_invalid_param_conditional() 291{ 292 mbedtls_cipher_context_t valid_ctx; 293 294 mbedtls_operation_t invalid_operation = 100; 295 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 296 int valid_size = sizeof(valid_buffer); 297 int valid_bitlen = valid_size * 8; 298 299 TEST_EQUAL( 300 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 301 mbedtls_cipher_setkey(&valid_ctx, 302 valid_buffer, 303 valid_bitlen, 304 invalid_operation)); 305 306exit: 307 ; 308} 309/* END_CASE */ 310 311/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 312void cipher_special_behaviours() 313{ 314 const mbedtls_cipher_info_t *cipher_info; 315 mbedtls_cipher_context_t ctx; 316 unsigned char input[32]; 317 unsigned char output[32]; 318#if defined(MBEDTLS_CIPHER_MODE_CBC) 319 unsigned char iv[32]; 320#endif 321 size_t olen = 0; 322 323 mbedtls_cipher_init(&ctx); 324 memset(input, 0, sizeof(input)); 325 memset(output, 0, sizeof(output)); 326#if defined(MBEDTLS_CIPHER_MODE_CBC) 327 memset(iv, 0, sizeof(iv)); 328 329 /* Check and get info structures */ 330 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 331 TEST_ASSERT(NULL != cipher_info); 332 333 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 334 335 /* IV too big */ 336 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 337 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 338 339 /* IV too small */ 340 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 341 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 342 343 mbedtls_cipher_free(&ctx); 344 mbedtls_cipher_init(&ctx); 345#endif /* MBEDTLS_CIPHER_MODE_CBC */ 346 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 347 TEST_ASSERT(NULL != cipher_info); 348 349 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 350 351 /* Update ECB with partial block */ 352 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 353 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 354 355exit: 356 mbedtls_cipher_free(&ctx); 357} 358/* END_CASE */ 359 360/* BEGIN_CASE */ 361void enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 362 int length_val, int pad_mode) 363{ 364 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 365 unsigned char key[64]; 366 unsigned char iv[16]; 367 unsigned char ad[13]; 368 unsigned char tag[16]; 369 unsigned char inbuf[64]; 370 unsigned char encbuf[64]; 371 unsigned char decbuf[64]; 372 373 const mbedtls_cipher_info_t *cipher_info; 374 mbedtls_cipher_context_t ctx_dec; 375 mbedtls_cipher_context_t ctx_enc; 376 377 /* 378 * Prepare contexts 379 */ 380 mbedtls_cipher_init(&ctx_dec); 381 mbedtls_cipher_init(&ctx_enc); 382 383 memset(key, 0x2a, sizeof(key)); 384 385 /* Check and get info structures */ 386 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 387 TEST_ASSERT(NULL != cipher_info); 388 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 389 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 390 cipher_string) == 0); 391 392 /* Initialise enc and dec contexts */ 393 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 394 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 395 396 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 397 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 398 399#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 400 if (-1 != pad_mode) { 401 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 402 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 403 } 404#else 405 (void) pad_mode; 406#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 407 408 /* 409 * Do a few encode/decode cycles 410 */ 411 for (i = 0; i < 3; i++) { 412 memset(iv, 0x00 + i, sizeof(iv)); 413 memset(ad, 0x10 + i, sizeof(ad)); 414 memset(inbuf, 0x20 + i, sizeof(inbuf)); 415 416 memset(encbuf, 0, sizeof(encbuf)); 417 memset(decbuf, 0, sizeof(decbuf)); 418 memset(tag, 0, sizeof(tag)); 419 420 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 421 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 422 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 423 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 424 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 425 iv_len = 12; 426 } else { 427 iv_len = sizeof(iv); 428 } 429 430 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 431 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 432 433 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 434 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 435 436#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 437 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 438 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 439 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 440 441 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 442 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 443#endif 444 445 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 446 TEST_ASSERT(block_size != 0); 447 448 /* encode length number of bytes from inbuf */ 449 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 450 total_len = outlen; 451 452 TEST_ASSERT(total_len == length || 453 (total_len % block_size == 0 && 454 total_len < length && 455 total_len + block_size > length)); 456 457 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 458 total_len += outlen; 459 460#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 461 TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 462#endif 463 464 TEST_ASSERT(total_len == length || 465 (total_len % block_size == 0 && 466 total_len > length && 467 total_len <= length + block_size)); 468 469 /* decode the previously encoded string */ 470 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 471 total_len = outlen; 472 473 TEST_ASSERT(total_len == length || 474 (total_len % block_size == 0 && 475 total_len < length && 476 total_len + block_size >= length)); 477 478 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 479 total_len += outlen; 480 481#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 482 TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 483#endif 484 485 /* check result */ 486 TEST_ASSERT(total_len == length); 487 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 488 } 489 490 /* 491 * Done 492 */ 493exit: 494 mbedtls_cipher_free(&ctx_dec); 495 mbedtls_cipher_free(&ctx_enc); 496} 497/* END_CASE */ 498 499/* BEGIN_CASE */ 500void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 501 int ret) 502{ 503 size_t length = length_val; 504 unsigned char key[32]; 505 unsigned char iv[16]; 506 507 const mbedtls_cipher_info_t *cipher_info; 508 mbedtls_cipher_context_t ctx; 509 510 unsigned char inbuf[64]; 511 unsigned char encbuf[64]; 512 513 size_t outlen = 0; 514 515 memset(key, 0, 32); 516 memset(iv, 0, 16); 517 518 mbedtls_cipher_init(&ctx); 519 520 memset(inbuf, 5, 64); 521 memset(encbuf, 0, 64); 522 523 /* Check and get info structures */ 524 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 525 TEST_ASSERT(NULL != cipher_info); 526 527 /* Initialise context */ 528 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 529 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 530#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 531 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 532#else 533 (void) pad_mode; 534#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 535 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 536 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 537#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 538 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 539 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 540 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 541 542 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0)); 543#endif 544 545 /* encode length number of bytes from inbuf */ 546 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 547 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 548 549 /* done */ 550exit: 551 mbedtls_cipher_free(&ctx); 552} 553/* END_CASE */ 554 555/* BEGIN_CASE */ 556void dec_empty_buf(int cipher, 557 int expected_update_ret, 558 int expected_finish_ret) 559{ 560 unsigned char key[32]; 561 562 unsigned char *iv = NULL; 563 size_t iv_len = 16; 564 565 mbedtls_cipher_context_t ctx_dec; 566 const mbedtls_cipher_info_t *cipher_info; 567 568 unsigned char encbuf[64]; 569 unsigned char decbuf[64]; 570 571 size_t outlen = 0; 572 573 memset(key, 0, 32); 574 575 mbedtls_cipher_init(&ctx_dec); 576 577 memset(encbuf, 0, 64); 578 memset(decbuf, 0, 64); 579 580 /* Initialise context */ 581 cipher_info = mbedtls_cipher_info_from_type(cipher); 582 TEST_ASSERT(NULL != cipher_info); 583 584 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 585 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 586 iv_len = 12; 587 } 588 589 TEST_CALLOC(iv, iv_len); 590 memset(iv, 0, iv_len); 591 592 TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); 593 594 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 595 596 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 597 key, mbedtls_cipher_info_get_key_bitlen(cipher_info), 598 MBEDTLS_DECRYPT)); 599 600 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 601 602 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 603 604#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) 605 if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) { 606 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, 607 MBEDTLS_PADDING_PKCS7)); 608 } 609#endif 610 611#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 612 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 613 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 614 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 615 616 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 617#endif 618 619 /* decode 0-byte string */ 620 TEST_ASSERT(expected_update_ret == 621 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 622 TEST_ASSERT(0 == outlen); 623 624 if (expected_finish_ret == 0 && 625 (cipher_info->mode == MBEDTLS_MODE_CBC || 626 cipher_info->mode == MBEDTLS_MODE_ECB)) { 627 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 628 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 629 * decrypting an empty buffer. 630 * On the other hand, CBC and ECB ciphers need a full block of input. 631 */ 632 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 633 } 634 635 TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 636 &ctx_dec, decbuf + outlen, &outlen)); 637 TEST_ASSERT(0 == outlen); 638 639exit: 640 mbedtls_free(iv); 641 mbedtls_cipher_free(&ctx_dec); 642} 643/* END_CASE */ 644 645/* BEGIN_CASE */ 646void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 647 int second_length_val, int pad_mode, 648 int first_encrypt_output_len, int second_encrypt_output_len, 649 int first_decrypt_output_len, int second_decrypt_output_len) 650{ 651 size_t first_length = first_length_val; 652 size_t second_length = second_length_val; 653 size_t length = first_length + second_length; 654 size_t block_size; 655 size_t iv_len; 656 unsigned char key[32]; 657 unsigned char iv[16]; 658 659 mbedtls_cipher_context_t ctx_dec; 660 mbedtls_cipher_context_t ctx_enc; 661 const mbedtls_cipher_info_t *cipher_info; 662 663 unsigned char inbuf[64]; 664 unsigned char encbuf[64]; 665 unsigned char decbuf[64]; 666 667 size_t outlen = 0; 668 size_t totaloutlen = 0; 669 670 memset(key, 0, 32); 671 memset(iv, 0, 16); 672 673 mbedtls_cipher_init(&ctx_dec); 674 mbedtls_cipher_init(&ctx_enc); 675 676 memset(inbuf, 5, 64); 677 memset(encbuf, 0, 64); 678 memset(decbuf, 0, 64); 679 680 /* Initialise enc and dec contexts */ 681 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 682 TEST_ASSERT(NULL != cipher_info); 683 684 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 685 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 686 687 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 688 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 689 690#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 691 if (-1 != pad_mode) { 692 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 693 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 694 } 695#else 696 (void) pad_mode; 697#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 698 699 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 700 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 701 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 702 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 703 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 704 iv_len = 12; 705 } else { 706 iv_len = sizeof(iv); 707 } 708 709 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 710 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 711 712 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 713 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 714 715#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 716 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 717 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 718 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 719 720 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 721 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 722#endif 723 724 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 725 TEST_ASSERT(block_size != 0); 726 727 /* encode length number of bytes from inbuf */ 728 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 729 TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 730 totaloutlen = outlen; 731 TEST_ASSERT(0 == 732 mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 733 encbuf + totaloutlen, 734 &outlen)); 735 TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 736 totaloutlen += outlen; 737 TEST_ASSERT(totaloutlen == length || 738 (totaloutlen % block_size == 0 && 739 totaloutlen < length && 740 totaloutlen + block_size > length)); 741 742 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 743 totaloutlen += outlen; 744 TEST_ASSERT(totaloutlen == length || 745 (totaloutlen % block_size == 0 && 746 totaloutlen > length && 747 totaloutlen <= length + block_size)); 748 749 /* decode the previously encoded string */ 750 second_length = totaloutlen - first_length; 751 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 752 TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 753 totaloutlen = outlen; 754 TEST_ASSERT(0 == 755 mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 756 decbuf + totaloutlen, 757 &outlen)); 758 TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 759 totaloutlen += outlen; 760 761 TEST_ASSERT(totaloutlen == length || 762 (totaloutlen % block_size == 0 && 763 totaloutlen < length && 764 totaloutlen + block_size >= length)); 765 766 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 767 totaloutlen += outlen; 768 769 TEST_ASSERT(totaloutlen == length); 770 771 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 772 773exit: 774 mbedtls_cipher_free(&ctx_dec); 775 mbedtls_cipher_free(&ctx_enc); 776} 777/* END_CASE */ 778 779/* BEGIN_CASE */ 780void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 781 data_t *iv, data_t *cipher, 782 data_t *clear, data_t *ad, data_t *tag, 783 int finish_result, int tag_result) 784{ 785 unsigned char output[265]; 786 mbedtls_cipher_context_t ctx; 787 size_t outlen, total_len; 788 789 mbedtls_cipher_init(&ctx); 790 791 memset(output, 0x00, sizeof(output)); 792 793#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 794 ((void) ad); 795 ((void) tag); 796#endif 797 798 /* Prepare context */ 799 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 800 mbedtls_cipher_info_from_type(cipher_id))); 801 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 802#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 803 if (pad_mode != -1) { 804 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 805 } 806#else 807 (void) pad_mode; 808#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 809 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 810 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 811#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 812 int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 813 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 814 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 815 816 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 817#endif 818 819 /* decode buffer and check tag->x */ 820 total_len = 0; 821 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 822 total_len += outlen; 823 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 824 &outlen)); 825 total_len += outlen; 826#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 827 int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 828 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 829 tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 830 831 TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 832#endif 833 834 /* check plaintext only if everything went fine */ 835 if (0 == finish_result && 0 == tag_result) { 836 TEST_ASSERT(total_len == clear->len); 837 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 838 } 839 840exit: 841 mbedtls_cipher_free(&ctx); 842} 843/* END_CASE */ 844 845/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ 846void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 847 data_t *ad, data_t *cipher, data_t *tag, 848 char *result, data_t *clear, int use_psa) 849{ 850 /* 851 * Take an AEAD ciphertext + tag and perform a pair 852 * of AEAD decryption and AEAD encryption. Check that 853 * this results in the expected plaintext, and that 854 * decryption and encryption are inverse to one another. 855 */ 856 857 int ret; 858 int using_nist_kw, using_nist_kw_padding; 859 860 mbedtls_cipher_context_t ctx; 861 size_t outlen; 862 863 unsigned char *cipher_plus_tag = NULL; 864 size_t cipher_plus_tag_len; 865 unsigned char *decrypt_buf = NULL; 866 size_t decrypt_buf_len = 0; 867 unsigned char *encrypt_buf = NULL; 868 size_t encrypt_buf_len = 0; 869 870 /* Null pointers are documented as valid for inputs of length 0. 871 * The test framework passes non-null pointers, so set them to NULL. 872 * key, cipher and tag can't be empty. */ 873 if (iv->len == 0) { 874 iv->x = NULL; 875 } 876 if (ad->len == 0) { 877 ad->x = NULL; 878 } 879 if (clear->len == 0) { 880 clear->x = NULL; 881 } 882 883 mbedtls_cipher_init(&ctx); 884 885 /* Initialize PSA Crypto */ 886#if defined(MBEDTLS_USE_PSA_CRYPTO) 887 if (use_psa == 1) { 888 PSA_ASSERT(psa_crypto_init()); 889 } 890#else 891 (void) use_psa; 892#endif 893 894 /* 895 * Are we using NIST_KW? with padding? 896 */ 897 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 898 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 899 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 900 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 901 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 902 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 903 using_nist_kw_padding; 904 905 /* 906 * Prepare context for decryption 907 */ 908 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 909 MBEDTLS_DECRYPT)) { 910 goto exit; 911 } 912 913 /* 914 * prepare buffer for decryption 915 * (we need the tag appended to the ciphertext) 916 */ 917 cipher_plus_tag_len = cipher->len + tag->len; 918 TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); 919 memcpy(cipher_plus_tag, cipher->x, cipher->len); 920 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 921 922 /* 923 * Compute length of output buffer according to the documentation 924 */ 925 if (using_nist_kw) { 926 decrypt_buf_len = cipher_plus_tag_len - 8; 927 } else { 928 decrypt_buf_len = cipher_plus_tag_len - tag->len; 929 } 930 931 932 /* 933 * Try decrypting to a buffer that's 1B too small 934 */ 935 if (decrypt_buf_len != 0) { 936 TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); 937 938 outlen = 0; 939 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 940 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 941 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 942 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 943 944 mbedtls_free(decrypt_buf); 945 decrypt_buf = NULL; 946 } 947 948 /* 949 * Authenticate and decrypt, and check result 950 */ 951 TEST_CALLOC(decrypt_buf, decrypt_buf_len); 952 953 outlen = 0; 954 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 955 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 956 decrypt_buf, decrypt_buf_len, &outlen, tag->len); 957 958 if (strcmp(result, "FAIL") == 0) { 959 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 960 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 961 } else { 962 TEST_ASSERT(ret == 0); 963 TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 964 } 965 966 mbedtls_free(decrypt_buf); 967 decrypt_buf = NULL; 968 969 /* 970 * Encrypt back if test data was authentic 971 */ 972 if (strcmp(result, "FAIL") != 0) { 973 /* prepare context for encryption */ 974 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 975 MBEDTLS_ENCRYPT)) { 976 goto exit; 977 } 978 979 /* 980 * Compute size of output buffer according to documentation 981 */ 982 if (using_nist_kw) { 983 encrypt_buf_len = clear->len + 8; 984 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 985 encrypt_buf_len += 8 - encrypt_buf_len % 8; 986 } 987 } else { 988 encrypt_buf_len = clear->len + tag->len; 989 } 990 991 /* 992 * Try encrypting with an output buffer that's 1B too small 993 */ 994 TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); 995 996 outlen = 0; 997 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 998 ad->x, ad->len, clear->x, clear->len, 999 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 1000 TEST_ASSERT(ret != 0); 1001 1002 mbedtls_free(encrypt_buf); 1003 encrypt_buf = NULL; 1004 1005 /* 1006 * Encrypt and check the result 1007 */ 1008 TEST_CALLOC(encrypt_buf, encrypt_buf_len); 1009 1010 outlen = 0; 1011 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1012 ad->x, ad->len, clear->x, clear->len, 1013 encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1014 TEST_ASSERT(ret == 0); 1015 1016 TEST_ASSERT(outlen == cipher->len + tag->len); 1017 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1018 TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1019 tag->x, tag->len) == 0); 1020 1021 mbedtls_free(encrypt_buf); 1022 encrypt_buf = NULL; 1023 } 1024 1025exit: 1026 1027 mbedtls_cipher_free(&ctx); 1028 mbedtls_free(decrypt_buf); 1029 mbedtls_free(encrypt_buf); 1030 mbedtls_free(cipher_plus_tag); 1031 1032#if defined(MBEDTLS_USE_PSA_CRYPTO) 1033 if (use_psa == 1) { 1034 PSA_DONE(); 1035 } 1036#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1037} 1038/* END_CASE */ 1039 1040/* BEGIN_CASE */ 1041void test_vec_ecb(int cipher_id, int operation, data_t *key, 1042 data_t *input, data_t *result, int finish_result 1043 ) 1044{ 1045 mbedtls_cipher_context_t ctx; 1046 unsigned char output[32]; 1047 size_t outlen; 1048 1049 mbedtls_cipher_init(&ctx); 1050 1051 memset(output, 0x00, sizeof(output)); 1052 1053 /* Prepare context */ 1054 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1055 mbedtls_cipher_info_from_type(cipher_id))); 1056 1057 1058 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1059 1060 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1061 mbedtls_cipher_get_block_size(&ctx), 1062 output, &outlen)); 1063 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1064 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1065 &outlen)); 1066 TEST_ASSERT(0 == outlen); 1067 1068 /* check plaintext only if everything went fine */ 1069 if (0 == finish_result) { 1070 TEST_ASSERT(0 == memcmp(output, result->x, 1071 mbedtls_cipher_get_block_size(&ctx))); 1072 } 1073 1074exit: 1075 mbedtls_cipher_free(&ctx); 1076} 1077/* END_CASE */ 1078 1079/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1080void test_vec_crypt(int cipher_id, int operation, data_t *key, 1081 data_t *iv, data_t *input, data_t *result, 1082 int finish_result, int use_psa) 1083{ 1084 mbedtls_cipher_context_t ctx; 1085 unsigned char output[32]; 1086 size_t outlen; 1087 1088 mbedtls_cipher_init(&ctx); 1089 1090 memset(output, 0x00, sizeof(output)); 1091 1092 /* Prepare context */ 1093#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1094 (void) use_psa; 1095#else 1096 if (use_psa == 1) { 1097 PSA_ASSERT(psa_crypto_init()); 1098 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1099 mbedtls_cipher_info_from_type(cipher_id), 0)); 1100 } else 1101#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1102 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1103 mbedtls_cipher_info_from_type(cipher_id))); 1104 1105 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1106 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1107 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1108 } 1109 1110 TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1111 iv->len, input->x, input->len, 1112 output, &outlen)); 1113 TEST_ASSERT(result->len == outlen); 1114 /* check plaintext only if everything went fine */ 1115 if (0 == finish_result) { 1116 TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1117 } 1118 1119exit: 1120 mbedtls_cipher_free(&ctx); 1121#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1122 PSA_DONE(); 1123#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1124} 1125/* END_CASE */ 1126 1127/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1128void set_padding(int cipher_id, int pad_mode, int ret) 1129{ 1130 const mbedtls_cipher_info_t *cipher_info; 1131 mbedtls_cipher_context_t ctx; 1132 1133 mbedtls_cipher_init(&ctx); 1134 1135 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1136 TEST_ASSERT(NULL != cipher_info); 1137 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1138 1139 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1140 1141exit: 1142 mbedtls_cipher_free(&ctx); 1143} 1144/* END_CASE */ 1145 1146/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1147void check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1148 ) 1149{ 1150 mbedtls_cipher_info_t cipher_info; 1151 mbedtls_cipher_context_t ctx; 1152 size_t dlen; 1153 1154 /* build a fake context just for getting access to get_padding */ 1155 mbedtls_cipher_init(&ctx); 1156 cipher_info.mode = MBEDTLS_MODE_CBC; 1157 ctx.cipher_info = &cipher_info; 1158 1159 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1160 1161 1162 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1163 if (0 == ret) { 1164 TEST_ASSERT(dlen == (size_t) dlen_check); 1165 } 1166} 1167/* END_CASE */ 1168 1169/* BEGIN_CASE */ 1170void iv_len_validity(int cipher_id, char *cipher_string, 1171 int iv_len_val, int ret) 1172{ 1173 size_t iv_len = iv_len_val; 1174 unsigned char iv[16]; 1175 1176 /* Initialise iv buffer */ 1177 memset(iv, 0, sizeof(iv)); 1178 1179 const mbedtls_cipher_info_t *cipher_info; 1180 mbedtls_cipher_context_t ctx_dec; 1181 mbedtls_cipher_context_t ctx_enc; 1182 1183 /* 1184 * Prepare contexts 1185 */ 1186 mbedtls_cipher_init(&ctx_dec); 1187 mbedtls_cipher_init(&ctx_enc); 1188 1189 /* Check and get info structures */ 1190 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1191 TEST_ASSERT(NULL != cipher_info); 1192 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1193 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 1194 cipher_string) == 0); 1195 1196 /* Initialise enc and dec contexts */ 1197 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1198 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1199 1200 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1201 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1202 1203exit: 1204 mbedtls_cipher_free(&ctx_dec); 1205 mbedtls_cipher_free(&ctx_enc); 1206} 1207/* END_CASE */ 1208 1209/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1210void check_set_padding(int cipher_id) 1211{ 1212 mbedtls_cipher_context_t ctx; 1213 unsigned char *key = NULL; 1214 unsigned char iv[16] = { 0 }; 1215 unsigned char input[16] = { 0 }; 1216 unsigned char output[32] = { 0 }; 1217 size_t outlen = 0; 1218 const mbedtls_cipher_info_t *cipher_info; 1219 size_t keylen = 0; 1220 1221 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1222 1223 if (cipher_info->mode != MBEDTLS_MODE_CBC) { 1224 TEST_FAIL("Cipher mode must be CBC"); 1225 } 1226 1227 keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info); 1228 TEST_CALLOC(key, keylen/8); 1229 memset(key, 0, keylen/8); 1230 1231 mbedtls_cipher_init(&ctx); 1232 1233 TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); 1234 1235 TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, 1236 MBEDTLS_ENCRYPT)); 1237 1238 TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 1239 mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1240 sizeof(input), output, &outlen)); 1241 1242 TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1243 TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1244 sizeof(input), output, &outlen)); 1245 1246exit: 1247 mbedtls_cipher_free(&ctx); 1248 mbedtls_free(key); 1249} 1250/* END_CASE */ 1251