1*62c56f98SSadaf Ebrahimi/* BEGIN_HEADER */ 2*62c56f98SSadaf Ebrahimi#include "mbedtls/cipher.h" 3*62c56f98SSadaf Ebrahimi#include "mbedtls/aes.h" 4*62c56f98SSadaf Ebrahimi 5*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) 6*62c56f98SSadaf Ebrahimi#include "mbedtls/gcm.h" 7*62c56f98SSadaf Ebrahimi#endif 8*62c56f98SSadaf Ebrahimi 9*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_AEAD) || defined(MBEDTLS_NIST_KW_C) 10*62c56f98SSadaf Ebrahimi#define MBEDTLS_CIPHER_AUTH_CRYPT 11*62c56f98SSadaf Ebrahimi#endif 12*62c56f98SSadaf Ebrahimi 13*62c56f98SSadaf Ebrahimi/* Check the internal consistency of a cipher info structure, and 14*62c56f98SSadaf Ebrahimi * check it against mbedtls_cipher_info_from_xxx(). */ 15*62c56f98SSadaf Ebrahimistatic int check_cipher_info(mbedtls_cipher_type_t type, 16*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *info) 17*62c56f98SSadaf Ebrahimi{ 18*62c56f98SSadaf Ebrahimi size_t key_bitlen, block_size, iv_size; 19*62c56f98SSadaf Ebrahimi 20*62c56f98SSadaf Ebrahimi TEST_ASSERT(info != NULL); 21*62c56f98SSadaf Ebrahimi TEST_EQUAL(type, mbedtls_cipher_info_get_type(info)); 22*62c56f98SSadaf Ebrahimi TEST_EQUAL(type, info->type); 23*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info); 24*62c56f98SSadaf Ebrahimi 25*62c56f98SSadaf Ebrahimi TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info)); 26*62c56f98SSadaf Ebrahimi 27*62c56f98SSadaf Ebrahimi /* Insist that get_name() return the string from the structure and 28*62c56f98SSadaf Ebrahimi * not a copy. A copy would have an unknown storage duration. */ 29*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name); 30*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info); 31*62c56f98SSadaf Ebrahimi 32*62c56f98SSadaf Ebrahimi key_bitlen = mbedtls_cipher_info_get_key_bitlen(info); 33*62c56f98SSadaf Ebrahimi block_size = mbedtls_cipher_info_get_block_size(info); 34*62c56f98SSadaf Ebrahimi iv_size = mbedtls_cipher_info_get_iv_size(info); 35*62c56f98SSadaf Ebrahimi if (info->type == MBEDTLS_CIPHER_NULL) { 36*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_bitlen == 0); 37*62c56f98SSadaf Ebrahimi TEST_ASSERT(block_size == 1); 38*62c56f98SSadaf Ebrahimi TEST_ASSERT(iv_size == 0); 39*62c56f98SSadaf Ebrahimi } else if (info->mode == MBEDTLS_MODE_XTS) { 40*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_bitlen == 256 || 41*62c56f98SSadaf Ebrahimi key_bitlen == 384 || 42*62c56f98SSadaf Ebrahimi key_bitlen == 512); 43*62c56f98SSadaf Ebrahimi } else if (!strncmp(info->name, "DES-EDE3-", 9)) { 44*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_bitlen == 192); 45*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 46*62c56f98SSadaf Ebrahimi TEST_ASSERT(block_size == 8); 47*62c56f98SSadaf Ebrahimi } else if (!strncmp(info->name, "DES-EDE-", 8)) { 48*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_bitlen == 128); 49*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 50*62c56f98SSadaf Ebrahimi TEST_ASSERT(block_size == 8); 51*62c56f98SSadaf Ebrahimi } else if (!strncmp(info->name, "DES-", 4)) { 52*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_bitlen == 64); 53*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 54*62c56f98SSadaf Ebrahimi TEST_ASSERT(block_size == 8); 55*62c56f98SSadaf Ebrahimi } else if (!strncmp(info->name, "AES", 3)) { 56*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_bitlen == 128 || 57*62c56f98SSadaf Ebrahimi key_bitlen == 192 || 58*62c56f98SSadaf Ebrahimi key_bitlen == 256); 59*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 60*62c56f98SSadaf Ebrahimi TEST_ASSERT(block_size == 16); 61*62c56f98SSadaf Ebrahimi } else { 62*62c56f98SSadaf Ebrahimi TEST_ASSERT(key_bitlen == 128 || 63*62c56f98SSadaf Ebrahimi key_bitlen == 192 || 64*62c56f98SSadaf Ebrahimi key_bitlen == 256); 65*62c56f98SSadaf Ebrahimi } 66*62c56f98SSadaf Ebrahimi TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8); 67*62c56f98SSadaf Ebrahimi TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH); 68*62c56f98SSadaf Ebrahimi TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH); 69*62c56f98SSadaf Ebrahimi 70*62c56f98SSadaf Ebrahimi if (strstr(info->name, "-ECB") != NULL) { 71*62c56f98SSadaf Ebrahimi TEST_ASSERT(iv_size == 0); 72*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 73*62c56f98SSadaf Ebrahimi } else if (strstr(info->name, "-CBC") != NULL || 74*62c56f98SSadaf Ebrahimi strstr(info->name, "-CTR") != NULL) { 75*62c56f98SSadaf Ebrahimi TEST_ASSERT(iv_size == block_size); 76*62c56f98SSadaf Ebrahimi TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 77*62c56f98SSadaf Ebrahimi } else if (strstr(info->name, "-GCM") != NULL) { 78*62c56f98SSadaf Ebrahimi TEST_ASSERT(iv_size == block_size - 4); 79*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info)); 80*62c56f98SSadaf Ebrahimi } 81*62c56f98SSadaf Ebrahimi 82*62c56f98SSadaf Ebrahimi return 1; 83*62c56f98SSadaf Ebrahimi 84*62c56f98SSadaf Ebrahimiexit: 85*62c56f98SSadaf Ebrahimi return 0; 86*62c56f98SSadaf Ebrahimi} 87*62c56f98SSadaf Ebrahimi 88*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_AUTH_CRYPT) 89*62c56f98SSadaf Ebrahimi/* Helper for resetting key/direction 90*62c56f98SSadaf Ebrahimi * 91*62c56f98SSadaf Ebrahimi * The documentation doesn't explicitly say whether calling 92*62c56f98SSadaf Ebrahimi * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 93*62c56f98SSadaf Ebrahimi * the default software implementation, but only by accident. It isn't 94*62c56f98SSadaf Ebrahimi * guaranteed to work with new ciphers or with alternative implementations of 95*62c56f98SSadaf Ebrahimi * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 96*62c56f98SSadaf Ebrahimi * it, and instead start with a fresh context. 97*62c56f98SSadaf Ebrahimi */ 98*62c56f98SSadaf Ebrahimistatic int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 99*62c56f98SSadaf Ebrahimi int use_psa, size_t tag_len, const data_t *key, int direction) 100*62c56f98SSadaf Ebrahimi{ 101*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(ctx); 102*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(ctx); 103*62c56f98SSadaf Ebrahimi 104*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 105*62c56f98SSadaf Ebrahimi (void) use_psa; 106*62c56f98SSadaf Ebrahimi (void) tag_len; 107*62c56f98SSadaf Ebrahimi#else 108*62c56f98SSadaf Ebrahimi if (use_psa == 1) { 109*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 110*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_from_type(cipher_id), 111*62c56f98SSadaf Ebrahimi tag_len)); 112*62c56f98SSadaf Ebrahimi } else 113*62c56f98SSadaf Ebrahimi#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 114*62c56f98SSadaf Ebrahimi { 115*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 116*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_from_type(cipher_id))); 117*62c56f98SSadaf Ebrahimi } 118*62c56f98SSadaf Ebrahimi 119*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 120*62c56f98SSadaf Ebrahimi direction)); 121*62c56f98SSadaf Ebrahimi return 1; 122*62c56f98SSadaf Ebrahimi 123*62c56f98SSadaf Ebrahimiexit: 124*62c56f98SSadaf Ebrahimi return 0; 125*62c56f98SSadaf Ebrahimi} 126*62c56f98SSadaf Ebrahimi 127*62c56f98SSadaf Ebrahimi/* 128*62c56f98SSadaf Ebrahimi * Check if a buffer is all-0 bytes: 129*62c56f98SSadaf Ebrahimi * return 1 if it is, 130*62c56f98SSadaf Ebrahimi * 0 if it isn't. 131*62c56f98SSadaf Ebrahimi */ 132*62c56f98SSadaf Ebrahimiint buffer_is_all_zero(const uint8_t *buf, size_t size) 133*62c56f98SSadaf Ebrahimi{ 134*62c56f98SSadaf Ebrahimi for (size_t i = 0; i < size; i++) { 135*62c56f98SSadaf Ebrahimi if (buf[i] != 0) { 136*62c56f98SSadaf Ebrahimi return 0; 137*62c56f98SSadaf Ebrahimi } 138*62c56f98SSadaf Ebrahimi } 139*62c56f98SSadaf Ebrahimi return 1; 140*62c56f98SSadaf Ebrahimi} 141*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 142*62c56f98SSadaf Ebrahimi 143*62c56f98SSadaf Ebrahimi/* END_HEADER */ 144*62c56f98SSadaf Ebrahimi 145*62c56f98SSadaf Ebrahimi/* BEGIN_DEPENDENCIES 146*62c56f98SSadaf Ebrahimi * depends_on:MBEDTLS_CIPHER_C 147*62c56f98SSadaf Ebrahimi * END_DEPENDENCIES 148*62c56f98SSadaf Ebrahimi */ 149*62c56f98SSadaf Ebrahimi 150*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 151*62c56f98SSadaf Ebrahimivoid mbedtls_cipher_list() 152*62c56f98SSadaf Ebrahimi{ 153*62c56f98SSadaf Ebrahimi const int *cipher_type; 154*62c56f98SSadaf Ebrahimi 155*62c56f98SSadaf Ebrahimi for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 156*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *info = 157*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_from_type(*cipher_type); 158*62c56f98SSadaf Ebrahimi mbedtls_test_set_step(*cipher_type); 159*62c56f98SSadaf Ebrahimi if (!check_cipher_info(*cipher_type, info)) { 160*62c56f98SSadaf Ebrahimi goto exit; 161*62c56f98SSadaf Ebrahimi } 162*62c56f98SSadaf Ebrahimi } 163*62c56f98SSadaf Ebrahimi} 164*62c56f98SSadaf Ebrahimi/* END_CASE */ 165*62c56f98SSadaf Ebrahimi 166*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 167*62c56f98SSadaf Ebrahimivoid cipher_invalid_param_unconditional() 168*62c56f98SSadaf Ebrahimi{ 169*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t valid_ctx; 170*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t invalid_ctx; 171*62c56f98SSadaf Ebrahimi mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 172*62c56f98SSadaf Ebrahimi mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 173*62c56f98SSadaf Ebrahimi unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 174*62c56f98SSadaf Ebrahimi int valid_size = sizeof(valid_buffer); 175*62c56f98SSadaf Ebrahimi int valid_bitlen = valid_size * 8; 176*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type( 177*62c56f98SSadaf Ebrahimi *(mbedtls_cipher_list())); 178*62c56f98SSadaf Ebrahimi size_t size_t_var; 179*62c56f98SSadaf Ebrahimi 180*62c56f98SSadaf Ebrahimi (void) valid_mode; /* In some configurations this is unused */ 181*62c56f98SSadaf Ebrahimi 182*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&valid_ctx); 183*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&invalid_ctx); 184*62c56f98SSadaf Ebrahimi 185*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 186*62c56f98SSadaf Ebrahimi 187*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_setup() */ 188*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 189*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 190*62c56f98SSadaf Ebrahimi 191*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_get_block_size() */ 192*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 193*62c56f98SSadaf Ebrahimi 194*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_get_cipher_mode() */ 195*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 196*62c56f98SSadaf Ebrahimi MBEDTLS_MODE_NONE); 197*62c56f98SSadaf Ebrahimi 198*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_get_iv_size() */ 199*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 200*62c56f98SSadaf Ebrahimi 201*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_get_type() */ 202*62c56f98SSadaf Ebrahimi TEST_ASSERT( 203*62c56f98SSadaf Ebrahimi mbedtls_cipher_get_type(&invalid_ctx) == 204*62c56f98SSadaf Ebrahimi MBEDTLS_CIPHER_NONE); 205*62c56f98SSadaf Ebrahimi 206*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_get_name() */ 207*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 208*62c56f98SSadaf Ebrahimi 209*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_get_key_bitlen() */ 210*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 211*62c56f98SSadaf Ebrahimi MBEDTLS_KEY_LENGTH_NONE); 212*62c56f98SSadaf Ebrahimi 213*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_get_operation() */ 214*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 215*62c56f98SSadaf Ebrahimi MBEDTLS_OPERATION_NONE); 216*62c56f98SSadaf Ebrahimi 217*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_setkey() */ 218*62c56f98SSadaf Ebrahimi TEST_ASSERT( 219*62c56f98SSadaf Ebrahimi mbedtls_cipher_setkey(&invalid_ctx, 220*62c56f98SSadaf Ebrahimi valid_buffer, 221*62c56f98SSadaf Ebrahimi valid_bitlen, 222*62c56f98SSadaf Ebrahimi valid_operation) == 223*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 224*62c56f98SSadaf Ebrahimi 225*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_set_iv() */ 226*62c56f98SSadaf Ebrahimi TEST_ASSERT( 227*62c56f98SSadaf Ebrahimi mbedtls_cipher_set_iv(&invalid_ctx, 228*62c56f98SSadaf Ebrahimi valid_buffer, 229*62c56f98SSadaf Ebrahimi valid_size) == 230*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 231*62c56f98SSadaf Ebrahimi 232*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_reset() */ 233*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 234*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 235*62c56f98SSadaf Ebrahimi 236*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 237*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_update_ad() */ 238*62c56f98SSadaf Ebrahimi TEST_ASSERT( 239*62c56f98SSadaf Ebrahimi mbedtls_cipher_update_ad(&invalid_ctx, 240*62c56f98SSadaf Ebrahimi valid_buffer, 241*62c56f98SSadaf Ebrahimi valid_size) == 242*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 243*62c56f98SSadaf Ebrahimi#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 244*62c56f98SSadaf Ebrahimi 245*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 246*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_set_padding_mode() */ 247*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 248*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 249*62c56f98SSadaf Ebrahimi#endif 250*62c56f98SSadaf Ebrahimi 251*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_update() */ 252*62c56f98SSadaf Ebrahimi TEST_ASSERT( 253*62c56f98SSadaf Ebrahimi mbedtls_cipher_update(&invalid_ctx, 254*62c56f98SSadaf Ebrahimi valid_buffer, 255*62c56f98SSadaf Ebrahimi valid_size, 256*62c56f98SSadaf Ebrahimi valid_buffer, 257*62c56f98SSadaf Ebrahimi &size_t_var) == 258*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 259*62c56f98SSadaf Ebrahimi 260*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_finish() */ 261*62c56f98SSadaf Ebrahimi TEST_ASSERT( 262*62c56f98SSadaf Ebrahimi mbedtls_cipher_finish(&invalid_ctx, 263*62c56f98SSadaf Ebrahimi valid_buffer, 264*62c56f98SSadaf Ebrahimi &size_t_var) == 265*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 266*62c56f98SSadaf Ebrahimi 267*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 268*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_write_tag() */ 269*62c56f98SSadaf Ebrahimi TEST_ASSERT( 270*62c56f98SSadaf Ebrahimi mbedtls_cipher_write_tag(&invalid_ctx, 271*62c56f98SSadaf Ebrahimi valid_buffer, 272*62c56f98SSadaf Ebrahimi valid_size) == 273*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 274*62c56f98SSadaf Ebrahimi 275*62c56f98SSadaf Ebrahimi /* mbedtls_cipher_check_tag() */ 276*62c56f98SSadaf Ebrahimi TEST_ASSERT( 277*62c56f98SSadaf Ebrahimi mbedtls_cipher_check_tag(&invalid_ctx, 278*62c56f98SSadaf Ebrahimi valid_buffer, 279*62c56f98SSadaf Ebrahimi valid_size) == 280*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 281*62c56f98SSadaf Ebrahimi#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 282*62c56f98SSadaf Ebrahimi 283*62c56f98SSadaf Ebrahimiexit: 284*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&invalid_ctx); 285*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&valid_ctx); 286*62c56f98SSadaf Ebrahimi} 287*62c56f98SSadaf Ebrahimi/* END_CASE */ 288*62c56f98SSadaf Ebrahimi 289*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 290*62c56f98SSadaf Ebrahimivoid cipher_invalid_param_conditional() 291*62c56f98SSadaf Ebrahimi{ 292*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t valid_ctx; 293*62c56f98SSadaf Ebrahimi 294*62c56f98SSadaf Ebrahimi mbedtls_operation_t invalid_operation = 100; 295*62c56f98SSadaf Ebrahimi unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 296*62c56f98SSadaf Ebrahimi int valid_size = sizeof(valid_buffer); 297*62c56f98SSadaf Ebrahimi int valid_bitlen = valid_size * 8; 298*62c56f98SSadaf Ebrahimi 299*62c56f98SSadaf Ebrahimi TEST_EQUAL( 300*62c56f98SSadaf Ebrahimi MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 301*62c56f98SSadaf Ebrahimi mbedtls_cipher_setkey(&valid_ctx, 302*62c56f98SSadaf Ebrahimi valid_buffer, 303*62c56f98SSadaf Ebrahimi valid_bitlen, 304*62c56f98SSadaf Ebrahimi invalid_operation)); 305*62c56f98SSadaf Ebrahimi 306*62c56f98SSadaf Ebrahimiexit: 307*62c56f98SSadaf Ebrahimi ; 308*62c56f98SSadaf Ebrahimi} 309*62c56f98SSadaf Ebrahimi/* END_CASE */ 310*62c56f98SSadaf Ebrahimi 311*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 312*62c56f98SSadaf Ebrahimivoid cipher_special_behaviours() 313*62c56f98SSadaf Ebrahimi{ 314*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 315*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 316*62c56f98SSadaf Ebrahimi unsigned char input[32]; 317*62c56f98SSadaf Ebrahimi unsigned char output[32]; 318*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_CBC) 319*62c56f98SSadaf Ebrahimi unsigned char iv[32]; 320*62c56f98SSadaf Ebrahimi#endif 321*62c56f98SSadaf Ebrahimi size_t olen = 0; 322*62c56f98SSadaf Ebrahimi 323*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 324*62c56f98SSadaf Ebrahimi memset(input, 0, sizeof(input)); 325*62c56f98SSadaf Ebrahimi memset(output, 0, sizeof(output)); 326*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_CBC) 327*62c56f98SSadaf Ebrahimi memset(iv, 0, sizeof(iv)); 328*62c56f98SSadaf Ebrahimi 329*62c56f98SSadaf Ebrahimi /* Check and get info structures */ 330*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 331*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 332*62c56f98SSadaf Ebrahimi 333*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 334*62c56f98SSadaf Ebrahimi 335*62c56f98SSadaf Ebrahimi /* IV too big */ 336*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 337*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 338*62c56f98SSadaf Ebrahimi 339*62c56f98SSadaf Ebrahimi /* IV too small */ 340*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 341*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 342*62c56f98SSadaf Ebrahimi 343*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 344*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 345*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_CIPHER_MODE_CBC */ 346*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 347*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 348*62c56f98SSadaf Ebrahimi 349*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 350*62c56f98SSadaf Ebrahimi 351*62c56f98SSadaf Ebrahimi /* Update ECB with partial block */ 352*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 353*62c56f98SSadaf Ebrahimi == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 354*62c56f98SSadaf Ebrahimi 355*62c56f98SSadaf Ebrahimiexit: 356*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 357*62c56f98SSadaf Ebrahimi} 358*62c56f98SSadaf Ebrahimi/* END_CASE */ 359*62c56f98SSadaf Ebrahimi 360*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 361*62c56f98SSadaf Ebrahimivoid enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 362*62c56f98SSadaf Ebrahimi int length_val, int pad_mode) 363*62c56f98SSadaf Ebrahimi{ 364*62c56f98SSadaf Ebrahimi size_t length = length_val, outlen, total_len, i, block_size, iv_len; 365*62c56f98SSadaf Ebrahimi unsigned char key[64]; 366*62c56f98SSadaf Ebrahimi unsigned char iv[16]; 367*62c56f98SSadaf Ebrahimi unsigned char ad[13]; 368*62c56f98SSadaf Ebrahimi unsigned char tag[16]; 369*62c56f98SSadaf Ebrahimi unsigned char inbuf[64]; 370*62c56f98SSadaf Ebrahimi unsigned char encbuf[64]; 371*62c56f98SSadaf Ebrahimi unsigned char decbuf[64]; 372*62c56f98SSadaf Ebrahimi 373*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 374*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx_dec; 375*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx_enc; 376*62c56f98SSadaf Ebrahimi 377*62c56f98SSadaf Ebrahimi /* 378*62c56f98SSadaf Ebrahimi * Prepare contexts 379*62c56f98SSadaf Ebrahimi */ 380*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx_dec); 381*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx_enc); 382*62c56f98SSadaf Ebrahimi 383*62c56f98SSadaf Ebrahimi memset(key, 0x2a, sizeof(key)); 384*62c56f98SSadaf Ebrahimi 385*62c56f98SSadaf Ebrahimi /* Check and get info structures */ 386*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(cipher_id); 387*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 388*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 389*62c56f98SSadaf Ebrahimi TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 390*62c56f98SSadaf Ebrahimi cipher_string) == 0); 391*62c56f98SSadaf Ebrahimi 392*62c56f98SSadaf Ebrahimi /* Initialise enc and dec contexts */ 393*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 394*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 395*62c56f98SSadaf Ebrahimi 396*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 397*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 398*62c56f98SSadaf Ebrahimi 399*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 400*62c56f98SSadaf Ebrahimi if (-1 != pad_mode) { 401*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 402*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 403*62c56f98SSadaf Ebrahimi } 404*62c56f98SSadaf Ebrahimi#else 405*62c56f98SSadaf Ebrahimi (void) pad_mode; 406*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 407*62c56f98SSadaf Ebrahimi 408*62c56f98SSadaf Ebrahimi /* 409*62c56f98SSadaf Ebrahimi * Do a few encode/decode cycles 410*62c56f98SSadaf Ebrahimi */ 411*62c56f98SSadaf Ebrahimi for (i = 0; i < 3; i++) { 412*62c56f98SSadaf Ebrahimi memset(iv, 0x00 + i, sizeof(iv)); 413*62c56f98SSadaf Ebrahimi memset(ad, 0x10 + i, sizeof(ad)); 414*62c56f98SSadaf Ebrahimi memset(inbuf, 0x20 + i, sizeof(inbuf)); 415*62c56f98SSadaf Ebrahimi 416*62c56f98SSadaf Ebrahimi memset(encbuf, 0, sizeof(encbuf)); 417*62c56f98SSadaf Ebrahimi memset(decbuf, 0, sizeof(decbuf)); 418*62c56f98SSadaf Ebrahimi memset(tag, 0, sizeof(tag)); 419*62c56f98SSadaf Ebrahimi 420*62c56f98SSadaf Ebrahimi if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 421*62c56f98SSadaf Ebrahimi iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 422*62c56f98SSadaf Ebrahimi * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 423*62c56f98SSadaf Ebrahimi } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 424*62c56f98SSadaf Ebrahimi cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 425*62c56f98SSadaf Ebrahimi iv_len = 12; 426*62c56f98SSadaf Ebrahimi } else { 427*62c56f98SSadaf Ebrahimi iv_len = sizeof(iv); 428*62c56f98SSadaf Ebrahimi } 429*62c56f98SSadaf Ebrahimi 430*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 431*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 432*62c56f98SSadaf Ebrahimi 433*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 434*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 435*62c56f98SSadaf Ebrahimi 436*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 437*62c56f98SSadaf Ebrahimi int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 438*62c56f98SSadaf Ebrahimi cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 439*62c56f98SSadaf Ebrahimi 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 440*62c56f98SSadaf Ebrahimi 441*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 442*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 443*62c56f98SSadaf Ebrahimi#endif 444*62c56f98SSadaf Ebrahimi 445*62c56f98SSadaf Ebrahimi block_size = mbedtls_cipher_get_block_size(&ctx_enc); 446*62c56f98SSadaf Ebrahimi TEST_ASSERT(block_size != 0); 447*62c56f98SSadaf Ebrahimi 448*62c56f98SSadaf Ebrahimi /* encode length number of bytes from inbuf */ 449*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 450*62c56f98SSadaf Ebrahimi total_len = outlen; 451*62c56f98SSadaf Ebrahimi 452*62c56f98SSadaf Ebrahimi TEST_ASSERT(total_len == length || 453*62c56f98SSadaf Ebrahimi (total_len % block_size == 0 && 454*62c56f98SSadaf Ebrahimi total_len < length && 455*62c56f98SSadaf Ebrahimi total_len + block_size > length)); 456*62c56f98SSadaf Ebrahimi 457*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 458*62c56f98SSadaf Ebrahimi total_len += outlen; 459*62c56f98SSadaf Ebrahimi 460*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 461*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 462*62c56f98SSadaf Ebrahimi#endif 463*62c56f98SSadaf Ebrahimi 464*62c56f98SSadaf Ebrahimi TEST_ASSERT(total_len == length || 465*62c56f98SSadaf Ebrahimi (total_len % block_size == 0 && 466*62c56f98SSadaf Ebrahimi total_len > length && 467*62c56f98SSadaf Ebrahimi total_len <= length + block_size)); 468*62c56f98SSadaf Ebrahimi 469*62c56f98SSadaf Ebrahimi /* decode the previously encoded string */ 470*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 471*62c56f98SSadaf Ebrahimi total_len = outlen; 472*62c56f98SSadaf Ebrahimi 473*62c56f98SSadaf Ebrahimi TEST_ASSERT(total_len == length || 474*62c56f98SSadaf Ebrahimi (total_len % block_size == 0 && 475*62c56f98SSadaf Ebrahimi total_len < length && 476*62c56f98SSadaf Ebrahimi total_len + block_size >= length)); 477*62c56f98SSadaf Ebrahimi 478*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 479*62c56f98SSadaf Ebrahimi total_len += outlen; 480*62c56f98SSadaf Ebrahimi 481*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 482*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 483*62c56f98SSadaf Ebrahimi#endif 484*62c56f98SSadaf Ebrahimi 485*62c56f98SSadaf Ebrahimi /* check result */ 486*62c56f98SSadaf Ebrahimi TEST_ASSERT(total_len == length); 487*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 488*62c56f98SSadaf Ebrahimi } 489*62c56f98SSadaf Ebrahimi 490*62c56f98SSadaf Ebrahimi /* 491*62c56f98SSadaf Ebrahimi * Done 492*62c56f98SSadaf Ebrahimi */ 493*62c56f98SSadaf Ebrahimiexit: 494*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx_dec); 495*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx_enc); 496*62c56f98SSadaf Ebrahimi} 497*62c56f98SSadaf Ebrahimi/* END_CASE */ 498*62c56f98SSadaf Ebrahimi 499*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 500*62c56f98SSadaf Ebrahimivoid enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 501*62c56f98SSadaf Ebrahimi int ret) 502*62c56f98SSadaf Ebrahimi{ 503*62c56f98SSadaf Ebrahimi size_t length = length_val; 504*62c56f98SSadaf Ebrahimi unsigned char key[32]; 505*62c56f98SSadaf Ebrahimi unsigned char iv[16]; 506*62c56f98SSadaf Ebrahimi 507*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 508*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 509*62c56f98SSadaf Ebrahimi 510*62c56f98SSadaf Ebrahimi unsigned char inbuf[64]; 511*62c56f98SSadaf Ebrahimi unsigned char encbuf[64]; 512*62c56f98SSadaf Ebrahimi 513*62c56f98SSadaf Ebrahimi size_t outlen = 0; 514*62c56f98SSadaf Ebrahimi 515*62c56f98SSadaf Ebrahimi memset(key, 0, 32); 516*62c56f98SSadaf Ebrahimi memset(iv, 0, 16); 517*62c56f98SSadaf Ebrahimi 518*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 519*62c56f98SSadaf Ebrahimi 520*62c56f98SSadaf Ebrahimi memset(inbuf, 5, 64); 521*62c56f98SSadaf Ebrahimi memset(encbuf, 0, 64); 522*62c56f98SSadaf Ebrahimi 523*62c56f98SSadaf Ebrahimi /* Check and get info structures */ 524*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(cipher_id); 525*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 526*62c56f98SSadaf Ebrahimi 527*62c56f98SSadaf Ebrahimi /* Initialise context */ 528*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 529*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 530*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 531*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 532*62c56f98SSadaf Ebrahimi#else 533*62c56f98SSadaf Ebrahimi (void) pad_mode; 534*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 535*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 536*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 537*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 538*62c56f98SSadaf Ebrahimi int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 539*62c56f98SSadaf Ebrahimi cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 540*62c56f98SSadaf Ebrahimi 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 541*62c56f98SSadaf Ebrahimi 542*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0)); 543*62c56f98SSadaf Ebrahimi#endif 544*62c56f98SSadaf Ebrahimi 545*62c56f98SSadaf Ebrahimi /* encode length number of bytes from inbuf */ 546*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 547*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 548*62c56f98SSadaf Ebrahimi 549*62c56f98SSadaf Ebrahimi /* done */ 550*62c56f98SSadaf Ebrahimiexit: 551*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 552*62c56f98SSadaf Ebrahimi} 553*62c56f98SSadaf Ebrahimi/* END_CASE */ 554*62c56f98SSadaf Ebrahimi 555*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 556*62c56f98SSadaf Ebrahimivoid dec_empty_buf(int cipher, 557*62c56f98SSadaf Ebrahimi int expected_update_ret, 558*62c56f98SSadaf Ebrahimi int expected_finish_ret) 559*62c56f98SSadaf Ebrahimi{ 560*62c56f98SSadaf Ebrahimi unsigned char key[32]; 561*62c56f98SSadaf Ebrahimi 562*62c56f98SSadaf Ebrahimi unsigned char *iv = NULL; 563*62c56f98SSadaf Ebrahimi size_t iv_len = 16; 564*62c56f98SSadaf Ebrahimi 565*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx_dec; 566*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 567*62c56f98SSadaf Ebrahimi 568*62c56f98SSadaf Ebrahimi unsigned char encbuf[64]; 569*62c56f98SSadaf Ebrahimi unsigned char decbuf[64]; 570*62c56f98SSadaf Ebrahimi 571*62c56f98SSadaf Ebrahimi size_t outlen = 0; 572*62c56f98SSadaf Ebrahimi 573*62c56f98SSadaf Ebrahimi memset(key, 0, 32); 574*62c56f98SSadaf Ebrahimi 575*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx_dec); 576*62c56f98SSadaf Ebrahimi 577*62c56f98SSadaf Ebrahimi memset(encbuf, 0, 64); 578*62c56f98SSadaf Ebrahimi memset(decbuf, 0, 64); 579*62c56f98SSadaf Ebrahimi 580*62c56f98SSadaf Ebrahimi /* Initialise context */ 581*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(cipher); 582*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 583*62c56f98SSadaf Ebrahimi 584*62c56f98SSadaf Ebrahimi if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 585*62c56f98SSadaf Ebrahimi cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 586*62c56f98SSadaf Ebrahimi iv_len = 12; 587*62c56f98SSadaf Ebrahimi } 588*62c56f98SSadaf Ebrahimi 589*62c56f98SSadaf Ebrahimi TEST_CALLOC(iv, iv_len); 590*62c56f98SSadaf Ebrahimi memset(iv, 0, iv_len); 591*62c56f98SSadaf Ebrahimi 592*62c56f98SSadaf Ebrahimi TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); 593*62c56f98SSadaf Ebrahimi 594*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 595*62c56f98SSadaf Ebrahimi 596*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 597*62c56f98SSadaf Ebrahimi key, mbedtls_cipher_info_get_key_bitlen(cipher_info), 598*62c56f98SSadaf Ebrahimi MBEDTLS_DECRYPT)); 599*62c56f98SSadaf Ebrahimi 600*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 601*62c56f98SSadaf Ebrahimi 602*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 603*62c56f98SSadaf Ebrahimi 604*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) 605*62c56f98SSadaf Ebrahimi if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) { 606*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, 607*62c56f98SSadaf Ebrahimi MBEDTLS_PADDING_PKCS7)); 608*62c56f98SSadaf Ebrahimi } 609*62c56f98SSadaf Ebrahimi#endif 610*62c56f98SSadaf Ebrahimi 611*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 612*62c56f98SSadaf Ebrahimi int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 613*62c56f98SSadaf Ebrahimi cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 614*62c56f98SSadaf Ebrahimi 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 615*62c56f98SSadaf Ebrahimi 616*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 617*62c56f98SSadaf Ebrahimi#endif 618*62c56f98SSadaf Ebrahimi 619*62c56f98SSadaf Ebrahimi /* decode 0-byte string */ 620*62c56f98SSadaf Ebrahimi TEST_ASSERT(expected_update_ret == 621*62c56f98SSadaf Ebrahimi mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 622*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == outlen); 623*62c56f98SSadaf Ebrahimi 624*62c56f98SSadaf Ebrahimi if (expected_finish_ret == 0 && 625*62c56f98SSadaf Ebrahimi (cipher_info->mode == MBEDTLS_MODE_CBC || 626*62c56f98SSadaf Ebrahimi cipher_info->mode == MBEDTLS_MODE_ECB)) { 627*62c56f98SSadaf Ebrahimi /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 628*62c56f98SSadaf Ebrahimi * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 629*62c56f98SSadaf Ebrahimi * decrypting an empty buffer. 630*62c56f98SSadaf Ebrahimi * On the other hand, CBC and ECB ciphers need a full block of input. 631*62c56f98SSadaf Ebrahimi */ 632*62c56f98SSadaf Ebrahimi expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 633*62c56f98SSadaf Ebrahimi } 634*62c56f98SSadaf Ebrahimi 635*62c56f98SSadaf Ebrahimi TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 636*62c56f98SSadaf Ebrahimi &ctx_dec, decbuf + outlen, &outlen)); 637*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == outlen); 638*62c56f98SSadaf Ebrahimi 639*62c56f98SSadaf Ebrahimiexit: 640*62c56f98SSadaf Ebrahimi mbedtls_free(iv); 641*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx_dec); 642*62c56f98SSadaf Ebrahimi} 643*62c56f98SSadaf Ebrahimi/* END_CASE */ 644*62c56f98SSadaf Ebrahimi 645*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 646*62c56f98SSadaf Ebrahimivoid enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 647*62c56f98SSadaf Ebrahimi int second_length_val, int pad_mode, 648*62c56f98SSadaf Ebrahimi int first_encrypt_output_len, int second_encrypt_output_len, 649*62c56f98SSadaf Ebrahimi int first_decrypt_output_len, int second_decrypt_output_len) 650*62c56f98SSadaf Ebrahimi{ 651*62c56f98SSadaf Ebrahimi size_t first_length = first_length_val; 652*62c56f98SSadaf Ebrahimi size_t second_length = second_length_val; 653*62c56f98SSadaf Ebrahimi size_t length = first_length + second_length; 654*62c56f98SSadaf Ebrahimi size_t block_size; 655*62c56f98SSadaf Ebrahimi size_t iv_len; 656*62c56f98SSadaf Ebrahimi unsigned char key[32]; 657*62c56f98SSadaf Ebrahimi unsigned char iv[16]; 658*62c56f98SSadaf Ebrahimi 659*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx_dec; 660*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx_enc; 661*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 662*62c56f98SSadaf Ebrahimi 663*62c56f98SSadaf Ebrahimi unsigned char inbuf[64]; 664*62c56f98SSadaf Ebrahimi unsigned char encbuf[64]; 665*62c56f98SSadaf Ebrahimi unsigned char decbuf[64]; 666*62c56f98SSadaf Ebrahimi 667*62c56f98SSadaf Ebrahimi size_t outlen = 0; 668*62c56f98SSadaf Ebrahimi size_t totaloutlen = 0; 669*62c56f98SSadaf Ebrahimi 670*62c56f98SSadaf Ebrahimi memset(key, 0, 32); 671*62c56f98SSadaf Ebrahimi memset(iv, 0, 16); 672*62c56f98SSadaf Ebrahimi 673*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx_dec); 674*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx_enc); 675*62c56f98SSadaf Ebrahimi 676*62c56f98SSadaf Ebrahimi memset(inbuf, 5, 64); 677*62c56f98SSadaf Ebrahimi memset(encbuf, 0, 64); 678*62c56f98SSadaf Ebrahimi memset(decbuf, 0, 64); 679*62c56f98SSadaf Ebrahimi 680*62c56f98SSadaf Ebrahimi /* Initialise enc and dec contexts */ 681*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(cipher_id); 682*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 683*62c56f98SSadaf Ebrahimi 684*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 685*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 686*62c56f98SSadaf Ebrahimi 687*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 688*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 689*62c56f98SSadaf Ebrahimi 690*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 691*62c56f98SSadaf Ebrahimi if (-1 != pad_mode) { 692*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 693*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 694*62c56f98SSadaf Ebrahimi } 695*62c56f98SSadaf Ebrahimi#else 696*62c56f98SSadaf Ebrahimi (void) pad_mode; 697*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 698*62c56f98SSadaf Ebrahimi 699*62c56f98SSadaf Ebrahimi if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 700*62c56f98SSadaf Ebrahimi iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 701*62c56f98SSadaf Ebrahimi * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 702*62c56f98SSadaf Ebrahimi } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 703*62c56f98SSadaf Ebrahimi cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 704*62c56f98SSadaf Ebrahimi iv_len = 12; 705*62c56f98SSadaf Ebrahimi } else { 706*62c56f98SSadaf Ebrahimi iv_len = sizeof(iv); 707*62c56f98SSadaf Ebrahimi } 708*62c56f98SSadaf Ebrahimi 709*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 710*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 711*62c56f98SSadaf Ebrahimi 712*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 713*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 714*62c56f98SSadaf Ebrahimi 715*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 716*62c56f98SSadaf Ebrahimi int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 717*62c56f98SSadaf Ebrahimi cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 718*62c56f98SSadaf Ebrahimi 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 719*62c56f98SSadaf Ebrahimi 720*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 721*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 722*62c56f98SSadaf Ebrahimi#endif 723*62c56f98SSadaf Ebrahimi 724*62c56f98SSadaf Ebrahimi block_size = mbedtls_cipher_get_block_size(&ctx_enc); 725*62c56f98SSadaf Ebrahimi TEST_ASSERT(block_size != 0); 726*62c56f98SSadaf Ebrahimi 727*62c56f98SSadaf Ebrahimi /* encode length number of bytes from inbuf */ 728*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 729*62c56f98SSadaf Ebrahimi TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 730*62c56f98SSadaf Ebrahimi totaloutlen = outlen; 731*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == 732*62c56f98SSadaf Ebrahimi mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 733*62c56f98SSadaf Ebrahimi encbuf + totaloutlen, 734*62c56f98SSadaf Ebrahimi &outlen)); 735*62c56f98SSadaf Ebrahimi TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 736*62c56f98SSadaf Ebrahimi totaloutlen += outlen; 737*62c56f98SSadaf Ebrahimi TEST_ASSERT(totaloutlen == length || 738*62c56f98SSadaf Ebrahimi (totaloutlen % block_size == 0 && 739*62c56f98SSadaf Ebrahimi totaloutlen < length && 740*62c56f98SSadaf Ebrahimi totaloutlen + block_size > length)); 741*62c56f98SSadaf Ebrahimi 742*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 743*62c56f98SSadaf Ebrahimi totaloutlen += outlen; 744*62c56f98SSadaf Ebrahimi TEST_ASSERT(totaloutlen == length || 745*62c56f98SSadaf Ebrahimi (totaloutlen % block_size == 0 && 746*62c56f98SSadaf Ebrahimi totaloutlen > length && 747*62c56f98SSadaf Ebrahimi totaloutlen <= length + block_size)); 748*62c56f98SSadaf Ebrahimi 749*62c56f98SSadaf Ebrahimi /* decode the previously encoded string */ 750*62c56f98SSadaf Ebrahimi second_length = totaloutlen - first_length; 751*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 752*62c56f98SSadaf Ebrahimi TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 753*62c56f98SSadaf Ebrahimi totaloutlen = outlen; 754*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == 755*62c56f98SSadaf Ebrahimi mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 756*62c56f98SSadaf Ebrahimi decbuf + totaloutlen, 757*62c56f98SSadaf Ebrahimi &outlen)); 758*62c56f98SSadaf Ebrahimi TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 759*62c56f98SSadaf Ebrahimi totaloutlen += outlen; 760*62c56f98SSadaf Ebrahimi 761*62c56f98SSadaf Ebrahimi TEST_ASSERT(totaloutlen == length || 762*62c56f98SSadaf Ebrahimi (totaloutlen % block_size == 0 && 763*62c56f98SSadaf Ebrahimi totaloutlen < length && 764*62c56f98SSadaf Ebrahimi totaloutlen + block_size >= length)); 765*62c56f98SSadaf Ebrahimi 766*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 767*62c56f98SSadaf Ebrahimi totaloutlen += outlen; 768*62c56f98SSadaf Ebrahimi 769*62c56f98SSadaf Ebrahimi TEST_ASSERT(totaloutlen == length); 770*62c56f98SSadaf Ebrahimi 771*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 772*62c56f98SSadaf Ebrahimi 773*62c56f98SSadaf Ebrahimiexit: 774*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx_dec); 775*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx_enc); 776*62c56f98SSadaf Ebrahimi} 777*62c56f98SSadaf Ebrahimi/* END_CASE */ 778*62c56f98SSadaf Ebrahimi 779*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 780*62c56f98SSadaf Ebrahimivoid decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 781*62c56f98SSadaf Ebrahimi data_t *iv, data_t *cipher, 782*62c56f98SSadaf Ebrahimi data_t *clear, data_t *ad, data_t *tag, 783*62c56f98SSadaf Ebrahimi int finish_result, int tag_result) 784*62c56f98SSadaf Ebrahimi{ 785*62c56f98SSadaf Ebrahimi unsigned char output[265]; 786*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 787*62c56f98SSadaf Ebrahimi size_t outlen, total_len; 788*62c56f98SSadaf Ebrahimi 789*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 790*62c56f98SSadaf Ebrahimi 791*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 792*62c56f98SSadaf Ebrahimi 793*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 794*62c56f98SSadaf Ebrahimi ((void) ad); 795*62c56f98SSadaf Ebrahimi ((void) tag); 796*62c56f98SSadaf Ebrahimi#endif 797*62c56f98SSadaf Ebrahimi 798*62c56f98SSadaf Ebrahimi /* Prepare context */ 799*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 800*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_from_type(cipher_id))); 801*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 802*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 803*62c56f98SSadaf Ebrahimi if (pad_mode != -1) { 804*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 805*62c56f98SSadaf Ebrahimi } 806*62c56f98SSadaf Ebrahimi#else 807*62c56f98SSadaf Ebrahimi (void) pad_mode; 808*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 809*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 810*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 811*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 812*62c56f98SSadaf Ebrahimi int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 813*62c56f98SSadaf Ebrahimi ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 814*62c56f98SSadaf Ebrahimi 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 815*62c56f98SSadaf Ebrahimi 816*62c56f98SSadaf Ebrahimi TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 817*62c56f98SSadaf Ebrahimi#endif 818*62c56f98SSadaf Ebrahimi 819*62c56f98SSadaf Ebrahimi /* decode buffer and check tag->x */ 820*62c56f98SSadaf Ebrahimi total_len = 0; 821*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 822*62c56f98SSadaf Ebrahimi total_len += outlen; 823*62c56f98SSadaf Ebrahimi TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 824*62c56f98SSadaf Ebrahimi &outlen)); 825*62c56f98SSadaf Ebrahimi total_len += outlen; 826*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 827*62c56f98SSadaf Ebrahimi int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 828*62c56f98SSadaf Ebrahimi ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 829*62c56f98SSadaf Ebrahimi tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 830*62c56f98SSadaf Ebrahimi 831*62c56f98SSadaf Ebrahimi TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 832*62c56f98SSadaf Ebrahimi#endif 833*62c56f98SSadaf Ebrahimi 834*62c56f98SSadaf Ebrahimi /* check plaintext only if everything went fine */ 835*62c56f98SSadaf Ebrahimi if (0 == finish_result && 0 == tag_result) { 836*62c56f98SSadaf Ebrahimi TEST_ASSERT(total_len == clear->len); 837*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 838*62c56f98SSadaf Ebrahimi } 839*62c56f98SSadaf Ebrahimi 840*62c56f98SSadaf Ebrahimiexit: 841*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 842*62c56f98SSadaf Ebrahimi} 843*62c56f98SSadaf Ebrahimi/* END_CASE */ 844*62c56f98SSadaf Ebrahimi 845*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_AUTH_CRYPT */ 846*62c56f98SSadaf Ebrahimivoid auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 847*62c56f98SSadaf Ebrahimi data_t *ad, data_t *cipher, data_t *tag, 848*62c56f98SSadaf Ebrahimi char *result, data_t *clear, int use_psa) 849*62c56f98SSadaf Ebrahimi{ 850*62c56f98SSadaf Ebrahimi /* 851*62c56f98SSadaf Ebrahimi * Take an AEAD ciphertext + tag and perform a pair 852*62c56f98SSadaf Ebrahimi * of AEAD decryption and AEAD encryption. Check that 853*62c56f98SSadaf Ebrahimi * this results in the expected plaintext, and that 854*62c56f98SSadaf Ebrahimi * decryption and encryption are inverse to one another. 855*62c56f98SSadaf Ebrahimi */ 856*62c56f98SSadaf Ebrahimi 857*62c56f98SSadaf Ebrahimi int ret; 858*62c56f98SSadaf Ebrahimi int using_nist_kw, using_nist_kw_padding; 859*62c56f98SSadaf Ebrahimi 860*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 861*62c56f98SSadaf Ebrahimi size_t outlen; 862*62c56f98SSadaf Ebrahimi 863*62c56f98SSadaf Ebrahimi unsigned char *cipher_plus_tag = NULL; 864*62c56f98SSadaf Ebrahimi size_t cipher_plus_tag_len; 865*62c56f98SSadaf Ebrahimi unsigned char *decrypt_buf = NULL; 866*62c56f98SSadaf Ebrahimi size_t decrypt_buf_len = 0; 867*62c56f98SSadaf Ebrahimi unsigned char *encrypt_buf = NULL; 868*62c56f98SSadaf Ebrahimi size_t encrypt_buf_len = 0; 869*62c56f98SSadaf Ebrahimi 870*62c56f98SSadaf Ebrahimi /* Null pointers are documented as valid for inputs of length 0. 871*62c56f98SSadaf Ebrahimi * The test framework passes non-null pointers, so set them to NULL. 872*62c56f98SSadaf Ebrahimi * key, cipher and tag can't be empty. */ 873*62c56f98SSadaf Ebrahimi if (iv->len == 0) { 874*62c56f98SSadaf Ebrahimi iv->x = NULL; 875*62c56f98SSadaf Ebrahimi } 876*62c56f98SSadaf Ebrahimi if (ad->len == 0) { 877*62c56f98SSadaf Ebrahimi ad->x = NULL; 878*62c56f98SSadaf Ebrahimi } 879*62c56f98SSadaf Ebrahimi if (clear->len == 0) { 880*62c56f98SSadaf Ebrahimi clear->x = NULL; 881*62c56f98SSadaf Ebrahimi } 882*62c56f98SSadaf Ebrahimi 883*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 884*62c56f98SSadaf Ebrahimi 885*62c56f98SSadaf Ebrahimi /* Initialize PSA Crypto */ 886*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_USE_PSA_CRYPTO) 887*62c56f98SSadaf Ebrahimi if (use_psa == 1) { 888*62c56f98SSadaf Ebrahimi PSA_ASSERT(psa_crypto_init()); 889*62c56f98SSadaf Ebrahimi } 890*62c56f98SSadaf Ebrahimi#else 891*62c56f98SSadaf Ebrahimi (void) use_psa; 892*62c56f98SSadaf Ebrahimi#endif 893*62c56f98SSadaf Ebrahimi 894*62c56f98SSadaf Ebrahimi /* 895*62c56f98SSadaf Ebrahimi * Are we using NIST_KW? with padding? 896*62c56f98SSadaf Ebrahimi */ 897*62c56f98SSadaf Ebrahimi using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 898*62c56f98SSadaf Ebrahimi cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 899*62c56f98SSadaf Ebrahimi cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 900*62c56f98SSadaf Ebrahimi using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 901*62c56f98SSadaf Ebrahimi cipher_id == MBEDTLS_CIPHER_AES_192_KW || 902*62c56f98SSadaf Ebrahimi cipher_id == MBEDTLS_CIPHER_AES_256_KW || 903*62c56f98SSadaf Ebrahimi using_nist_kw_padding; 904*62c56f98SSadaf Ebrahimi 905*62c56f98SSadaf Ebrahimi /* 906*62c56f98SSadaf Ebrahimi * Prepare context for decryption 907*62c56f98SSadaf Ebrahimi */ 908*62c56f98SSadaf Ebrahimi if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 909*62c56f98SSadaf Ebrahimi MBEDTLS_DECRYPT)) { 910*62c56f98SSadaf Ebrahimi goto exit; 911*62c56f98SSadaf Ebrahimi } 912*62c56f98SSadaf Ebrahimi 913*62c56f98SSadaf Ebrahimi /* 914*62c56f98SSadaf Ebrahimi * prepare buffer for decryption 915*62c56f98SSadaf Ebrahimi * (we need the tag appended to the ciphertext) 916*62c56f98SSadaf Ebrahimi */ 917*62c56f98SSadaf Ebrahimi cipher_plus_tag_len = cipher->len + tag->len; 918*62c56f98SSadaf Ebrahimi TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); 919*62c56f98SSadaf Ebrahimi memcpy(cipher_plus_tag, cipher->x, cipher->len); 920*62c56f98SSadaf Ebrahimi memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 921*62c56f98SSadaf Ebrahimi 922*62c56f98SSadaf Ebrahimi /* 923*62c56f98SSadaf Ebrahimi * Compute length of output buffer according to the documentation 924*62c56f98SSadaf Ebrahimi */ 925*62c56f98SSadaf Ebrahimi if (using_nist_kw) { 926*62c56f98SSadaf Ebrahimi decrypt_buf_len = cipher_plus_tag_len - 8; 927*62c56f98SSadaf Ebrahimi } else { 928*62c56f98SSadaf Ebrahimi decrypt_buf_len = cipher_plus_tag_len - tag->len; 929*62c56f98SSadaf Ebrahimi } 930*62c56f98SSadaf Ebrahimi 931*62c56f98SSadaf Ebrahimi 932*62c56f98SSadaf Ebrahimi /* 933*62c56f98SSadaf Ebrahimi * Try decrypting to a buffer that's 1B too small 934*62c56f98SSadaf Ebrahimi */ 935*62c56f98SSadaf Ebrahimi if (decrypt_buf_len != 0) { 936*62c56f98SSadaf Ebrahimi TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); 937*62c56f98SSadaf Ebrahimi 938*62c56f98SSadaf Ebrahimi outlen = 0; 939*62c56f98SSadaf Ebrahimi ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 940*62c56f98SSadaf Ebrahimi ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 941*62c56f98SSadaf Ebrahimi decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 942*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 943*62c56f98SSadaf Ebrahimi 944*62c56f98SSadaf Ebrahimi mbedtls_free(decrypt_buf); 945*62c56f98SSadaf Ebrahimi decrypt_buf = NULL; 946*62c56f98SSadaf Ebrahimi } 947*62c56f98SSadaf Ebrahimi 948*62c56f98SSadaf Ebrahimi /* 949*62c56f98SSadaf Ebrahimi * Authenticate and decrypt, and check result 950*62c56f98SSadaf Ebrahimi */ 951*62c56f98SSadaf Ebrahimi TEST_CALLOC(decrypt_buf, decrypt_buf_len); 952*62c56f98SSadaf Ebrahimi 953*62c56f98SSadaf Ebrahimi outlen = 0; 954*62c56f98SSadaf Ebrahimi ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 955*62c56f98SSadaf Ebrahimi ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 956*62c56f98SSadaf Ebrahimi decrypt_buf, decrypt_buf_len, &outlen, tag->len); 957*62c56f98SSadaf Ebrahimi 958*62c56f98SSadaf Ebrahimi if (strcmp(result, "FAIL") == 0) { 959*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 960*62c56f98SSadaf Ebrahimi TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 961*62c56f98SSadaf Ebrahimi } else { 962*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0); 963*62c56f98SSadaf Ebrahimi TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 964*62c56f98SSadaf Ebrahimi } 965*62c56f98SSadaf Ebrahimi 966*62c56f98SSadaf Ebrahimi mbedtls_free(decrypt_buf); 967*62c56f98SSadaf Ebrahimi decrypt_buf = NULL; 968*62c56f98SSadaf Ebrahimi 969*62c56f98SSadaf Ebrahimi /* 970*62c56f98SSadaf Ebrahimi * Encrypt back if test data was authentic 971*62c56f98SSadaf Ebrahimi */ 972*62c56f98SSadaf Ebrahimi if (strcmp(result, "FAIL") != 0) { 973*62c56f98SSadaf Ebrahimi /* prepare context for encryption */ 974*62c56f98SSadaf Ebrahimi if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 975*62c56f98SSadaf Ebrahimi MBEDTLS_ENCRYPT)) { 976*62c56f98SSadaf Ebrahimi goto exit; 977*62c56f98SSadaf Ebrahimi } 978*62c56f98SSadaf Ebrahimi 979*62c56f98SSadaf Ebrahimi /* 980*62c56f98SSadaf Ebrahimi * Compute size of output buffer according to documentation 981*62c56f98SSadaf Ebrahimi */ 982*62c56f98SSadaf Ebrahimi if (using_nist_kw) { 983*62c56f98SSadaf Ebrahimi encrypt_buf_len = clear->len + 8; 984*62c56f98SSadaf Ebrahimi if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 985*62c56f98SSadaf Ebrahimi encrypt_buf_len += 8 - encrypt_buf_len % 8; 986*62c56f98SSadaf Ebrahimi } 987*62c56f98SSadaf Ebrahimi } else { 988*62c56f98SSadaf Ebrahimi encrypt_buf_len = clear->len + tag->len; 989*62c56f98SSadaf Ebrahimi } 990*62c56f98SSadaf Ebrahimi 991*62c56f98SSadaf Ebrahimi /* 992*62c56f98SSadaf Ebrahimi * Try encrypting with an output buffer that's 1B too small 993*62c56f98SSadaf Ebrahimi */ 994*62c56f98SSadaf Ebrahimi TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); 995*62c56f98SSadaf Ebrahimi 996*62c56f98SSadaf Ebrahimi outlen = 0; 997*62c56f98SSadaf Ebrahimi ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 998*62c56f98SSadaf Ebrahimi ad->x, ad->len, clear->x, clear->len, 999*62c56f98SSadaf Ebrahimi encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 1000*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret != 0); 1001*62c56f98SSadaf Ebrahimi 1002*62c56f98SSadaf Ebrahimi mbedtls_free(encrypt_buf); 1003*62c56f98SSadaf Ebrahimi encrypt_buf = NULL; 1004*62c56f98SSadaf Ebrahimi 1005*62c56f98SSadaf Ebrahimi /* 1006*62c56f98SSadaf Ebrahimi * Encrypt and check the result 1007*62c56f98SSadaf Ebrahimi */ 1008*62c56f98SSadaf Ebrahimi TEST_CALLOC(encrypt_buf, encrypt_buf_len); 1009*62c56f98SSadaf Ebrahimi 1010*62c56f98SSadaf Ebrahimi outlen = 0; 1011*62c56f98SSadaf Ebrahimi ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1012*62c56f98SSadaf Ebrahimi ad->x, ad->len, clear->x, clear->len, 1013*62c56f98SSadaf Ebrahimi encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1014*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == 0); 1015*62c56f98SSadaf Ebrahimi 1016*62c56f98SSadaf Ebrahimi TEST_ASSERT(outlen == cipher->len + tag->len); 1017*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1018*62c56f98SSadaf Ebrahimi TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1019*62c56f98SSadaf Ebrahimi tag->x, tag->len) == 0); 1020*62c56f98SSadaf Ebrahimi 1021*62c56f98SSadaf Ebrahimi mbedtls_free(encrypt_buf); 1022*62c56f98SSadaf Ebrahimi encrypt_buf = NULL; 1023*62c56f98SSadaf Ebrahimi } 1024*62c56f98SSadaf Ebrahimi 1025*62c56f98SSadaf Ebrahimiexit: 1026*62c56f98SSadaf Ebrahimi 1027*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 1028*62c56f98SSadaf Ebrahimi mbedtls_free(decrypt_buf); 1029*62c56f98SSadaf Ebrahimi mbedtls_free(encrypt_buf); 1030*62c56f98SSadaf Ebrahimi mbedtls_free(cipher_plus_tag); 1031*62c56f98SSadaf Ebrahimi 1032*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_USE_PSA_CRYPTO) 1033*62c56f98SSadaf Ebrahimi if (use_psa == 1) { 1034*62c56f98SSadaf Ebrahimi PSA_DONE(); 1035*62c56f98SSadaf Ebrahimi } 1036*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_USE_PSA_CRYPTO */ 1037*62c56f98SSadaf Ebrahimi} 1038*62c56f98SSadaf Ebrahimi/* END_CASE */ 1039*62c56f98SSadaf Ebrahimi 1040*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 1041*62c56f98SSadaf Ebrahimivoid test_vec_ecb(int cipher_id, int operation, data_t *key, 1042*62c56f98SSadaf Ebrahimi data_t *input, data_t *result, int finish_result 1043*62c56f98SSadaf Ebrahimi ) 1044*62c56f98SSadaf Ebrahimi{ 1045*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 1046*62c56f98SSadaf Ebrahimi unsigned char output[32]; 1047*62c56f98SSadaf Ebrahimi size_t outlen; 1048*62c56f98SSadaf Ebrahimi 1049*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 1050*62c56f98SSadaf Ebrahimi 1051*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 1052*62c56f98SSadaf Ebrahimi 1053*62c56f98SSadaf Ebrahimi /* Prepare context */ 1054*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1055*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_from_type(cipher_id))); 1056*62c56f98SSadaf Ebrahimi 1057*62c56f98SSadaf Ebrahimi 1058*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1059*62c56f98SSadaf Ebrahimi 1060*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1061*62c56f98SSadaf Ebrahimi mbedtls_cipher_get_block_size(&ctx), 1062*62c56f98SSadaf Ebrahimi output, &outlen)); 1063*62c56f98SSadaf Ebrahimi TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1064*62c56f98SSadaf Ebrahimi TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1065*62c56f98SSadaf Ebrahimi &outlen)); 1066*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == outlen); 1067*62c56f98SSadaf Ebrahimi 1068*62c56f98SSadaf Ebrahimi /* check plaintext only if everything went fine */ 1069*62c56f98SSadaf Ebrahimi if (0 == finish_result) { 1070*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == memcmp(output, result->x, 1071*62c56f98SSadaf Ebrahimi mbedtls_cipher_get_block_size(&ctx))); 1072*62c56f98SSadaf Ebrahimi } 1073*62c56f98SSadaf Ebrahimi 1074*62c56f98SSadaf Ebrahimiexit: 1075*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 1076*62c56f98SSadaf Ebrahimi} 1077*62c56f98SSadaf Ebrahimi/* END_CASE */ 1078*62c56f98SSadaf Ebrahimi 1079*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1080*62c56f98SSadaf Ebrahimivoid test_vec_crypt(int cipher_id, int operation, data_t *key, 1081*62c56f98SSadaf Ebrahimi data_t *iv, data_t *input, data_t *result, 1082*62c56f98SSadaf Ebrahimi int finish_result, int use_psa) 1083*62c56f98SSadaf Ebrahimi{ 1084*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 1085*62c56f98SSadaf Ebrahimi unsigned char output[32]; 1086*62c56f98SSadaf Ebrahimi size_t outlen; 1087*62c56f98SSadaf Ebrahimi 1088*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 1089*62c56f98SSadaf Ebrahimi 1090*62c56f98SSadaf Ebrahimi memset(output, 0x00, sizeof(output)); 1091*62c56f98SSadaf Ebrahimi 1092*62c56f98SSadaf Ebrahimi /* Prepare context */ 1093*62c56f98SSadaf Ebrahimi#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1094*62c56f98SSadaf Ebrahimi (void) use_psa; 1095*62c56f98SSadaf Ebrahimi#else 1096*62c56f98SSadaf Ebrahimi if (use_psa == 1) { 1097*62c56f98SSadaf Ebrahimi PSA_ASSERT(psa_crypto_init()); 1098*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1099*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_from_type(cipher_id), 0)); 1100*62c56f98SSadaf Ebrahimi } else 1101*62c56f98SSadaf Ebrahimi#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1102*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1103*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_from_type(cipher_id))); 1104*62c56f98SSadaf Ebrahimi 1105*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1106*62c56f98SSadaf Ebrahimi if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1107*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1108*62c56f98SSadaf Ebrahimi } 1109*62c56f98SSadaf Ebrahimi 1110*62c56f98SSadaf Ebrahimi TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1111*62c56f98SSadaf Ebrahimi iv->len, input->x, input->len, 1112*62c56f98SSadaf Ebrahimi output, &outlen)); 1113*62c56f98SSadaf Ebrahimi TEST_ASSERT(result->len == outlen); 1114*62c56f98SSadaf Ebrahimi /* check plaintext only if everything went fine */ 1115*62c56f98SSadaf Ebrahimi if (0 == finish_result) { 1116*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1117*62c56f98SSadaf Ebrahimi } 1118*62c56f98SSadaf Ebrahimi 1119*62c56f98SSadaf Ebrahimiexit: 1120*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 1121*62c56f98SSadaf Ebrahimi#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1122*62c56f98SSadaf Ebrahimi PSA_DONE(); 1123*62c56f98SSadaf Ebrahimi#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1124*62c56f98SSadaf Ebrahimi} 1125*62c56f98SSadaf Ebrahimi/* END_CASE */ 1126*62c56f98SSadaf Ebrahimi 1127*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1128*62c56f98SSadaf Ebrahimivoid set_padding(int cipher_id, int pad_mode, int ret) 1129*62c56f98SSadaf Ebrahimi{ 1130*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 1131*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 1132*62c56f98SSadaf Ebrahimi 1133*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 1134*62c56f98SSadaf Ebrahimi 1135*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1136*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 1137*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1138*62c56f98SSadaf Ebrahimi 1139*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1140*62c56f98SSadaf Ebrahimi 1141*62c56f98SSadaf Ebrahimiexit: 1142*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 1143*62c56f98SSadaf Ebrahimi} 1144*62c56f98SSadaf Ebrahimi/* END_CASE */ 1145*62c56f98SSadaf Ebrahimi 1146*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1147*62c56f98SSadaf Ebrahimivoid check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1148*62c56f98SSadaf Ebrahimi ) 1149*62c56f98SSadaf Ebrahimi{ 1150*62c56f98SSadaf Ebrahimi mbedtls_cipher_info_t cipher_info; 1151*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 1152*62c56f98SSadaf Ebrahimi size_t dlen; 1153*62c56f98SSadaf Ebrahimi 1154*62c56f98SSadaf Ebrahimi /* build a fake context just for getting access to get_padding */ 1155*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 1156*62c56f98SSadaf Ebrahimi cipher_info.mode = MBEDTLS_MODE_CBC; 1157*62c56f98SSadaf Ebrahimi ctx.cipher_info = &cipher_info; 1158*62c56f98SSadaf Ebrahimi 1159*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1160*62c56f98SSadaf Ebrahimi 1161*62c56f98SSadaf Ebrahimi 1162*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1163*62c56f98SSadaf Ebrahimi if (0 == ret) { 1164*62c56f98SSadaf Ebrahimi TEST_ASSERT(dlen == (size_t) dlen_check); 1165*62c56f98SSadaf Ebrahimi } 1166*62c56f98SSadaf Ebrahimi} 1167*62c56f98SSadaf Ebrahimi/* END_CASE */ 1168*62c56f98SSadaf Ebrahimi 1169*62c56f98SSadaf Ebrahimi/* BEGIN_CASE */ 1170*62c56f98SSadaf Ebrahimivoid iv_len_validity(int cipher_id, char *cipher_string, 1171*62c56f98SSadaf Ebrahimi int iv_len_val, int ret) 1172*62c56f98SSadaf Ebrahimi{ 1173*62c56f98SSadaf Ebrahimi size_t iv_len = iv_len_val; 1174*62c56f98SSadaf Ebrahimi unsigned char iv[16]; 1175*62c56f98SSadaf Ebrahimi 1176*62c56f98SSadaf Ebrahimi /* Initialise iv buffer */ 1177*62c56f98SSadaf Ebrahimi memset(iv, 0, sizeof(iv)); 1178*62c56f98SSadaf Ebrahimi 1179*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 1180*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx_dec; 1181*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx_enc; 1182*62c56f98SSadaf Ebrahimi 1183*62c56f98SSadaf Ebrahimi /* 1184*62c56f98SSadaf Ebrahimi * Prepare contexts 1185*62c56f98SSadaf Ebrahimi */ 1186*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx_dec); 1187*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx_enc); 1188*62c56f98SSadaf Ebrahimi 1189*62c56f98SSadaf Ebrahimi /* Check and get info structures */ 1190*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1191*62c56f98SSadaf Ebrahimi TEST_ASSERT(NULL != cipher_info); 1192*62c56f98SSadaf Ebrahimi TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1193*62c56f98SSadaf Ebrahimi TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 1194*62c56f98SSadaf Ebrahimi cipher_string) == 0); 1195*62c56f98SSadaf Ebrahimi 1196*62c56f98SSadaf Ebrahimi /* Initialise enc and dec contexts */ 1197*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1198*62c56f98SSadaf Ebrahimi TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1199*62c56f98SSadaf Ebrahimi 1200*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1201*62c56f98SSadaf Ebrahimi TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1202*62c56f98SSadaf Ebrahimi 1203*62c56f98SSadaf Ebrahimiexit: 1204*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx_dec); 1205*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx_enc); 1206*62c56f98SSadaf Ebrahimi} 1207*62c56f98SSadaf Ebrahimi/* END_CASE */ 1208*62c56f98SSadaf Ebrahimi 1209*62c56f98SSadaf Ebrahimi/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1210*62c56f98SSadaf Ebrahimivoid check_set_padding(int cipher_id) 1211*62c56f98SSadaf Ebrahimi{ 1212*62c56f98SSadaf Ebrahimi mbedtls_cipher_context_t ctx; 1213*62c56f98SSadaf Ebrahimi unsigned char *key = NULL; 1214*62c56f98SSadaf Ebrahimi unsigned char iv[16] = { 0 }; 1215*62c56f98SSadaf Ebrahimi unsigned char input[16] = { 0 }; 1216*62c56f98SSadaf Ebrahimi unsigned char output[32] = { 0 }; 1217*62c56f98SSadaf Ebrahimi size_t outlen = 0; 1218*62c56f98SSadaf Ebrahimi const mbedtls_cipher_info_t *cipher_info; 1219*62c56f98SSadaf Ebrahimi size_t keylen = 0; 1220*62c56f98SSadaf Ebrahimi 1221*62c56f98SSadaf Ebrahimi cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1222*62c56f98SSadaf Ebrahimi 1223*62c56f98SSadaf Ebrahimi if (cipher_info->mode != MBEDTLS_MODE_CBC) { 1224*62c56f98SSadaf Ebrahimi TEST_FAIL("Cipher mode must be CBC"); 1225*62c56f98SSadaf Ebrahimi } 1226*62c56f98SSadaf Ebrahimi 1227*62c56f98SSadaf Ebrahimi keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info); 1228*62c56f98SSadaf Ebrahimi TEST_CALLOC(key, keylen/8); 1229*62c56f98SSadaf Ebrahimi memset(key, 0, keylen/8); 1230*62c56f98SSadaf Ebrahimi 1231*62c56f98SSadaf Ebrahimi mbedtls_cipher_init(&ctx); 1232*62c56f98SSadaf Ebrahimi 1233*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); 1234*62c56f98SSadaf Ebrahimi 1235*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, 1236*62c56f98SSadaf Ebrahimi MBEDTLS_ENCRYPT)); 1237*62c56f98SSadaf Ebrahimi 1238*62c56f98SSadaf Ebrahimi TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 1239*62c56f98SSadaf Ebrahimi mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1240*62c56f98SSadaf Ebrahimi sizeof(input), output, &outlen)); 1241*62c56f98SSadaf Ebrahimi 1242*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1243*62c56f98SSadaf Ebrahimi TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1244*62c56f98SSadaf Ebrahimi sizeof(input), output, &outlen)); 1245*62c56f98SSadaf Ebrahimi 1246*62c56f98SSadaf Ebrahimiexit: 1247*62c56f98SSadaf Ebrahimi mbedtls_cipher_free(&ctx); 1248*62c56f98SSadaf Ebrahimi mbedtls_free(key); 1249*62c56f98SSadaf Ebrahimi} 1250*62c56f98SSadaf Ebrahimi/* END_CASE */ 1251