/* BEGIN_HEADER */ #include "mbedtls/chachapoly.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_CHACHAPOLY_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void mbedtls_chachapoly_enc(data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str) { unsigned char output[265]; unsigned char mac[16]; /* size set by the standard */ mbedtls_chachapoly_context ctx; TEST_ASSERT(key_str->len == 32); TEST_ASSERT(nonce_str->len == 12); TEST_ASSERT(mac_str->len == 16); mbedtls_chachapoly_init(&ctx); TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0); TEST_ASSERT(mbedtls_chachapoly_encrypt_and_tag(&ctx, input_str->len, nonce_str->x, aad_str->x, aad_str->len, input_str->x, output, mac) == 0); TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0); TEST_ASSERT(memcmp(mac_str->x, mac, 16U) == 0); exit: mbedtls_chachapoly_free(&ctx); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_chachapoly_dec(data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp) { unsigned char output[265]; int ret; mbedtls_chachapoly_context ctx; TEST_ASSERT(key_str->len == 32); TEST_ASSERT(nonce_str->len == 12); TEST_ASSERT(mac_str->len == 16); mbedtls_chachapoly_init(&ctx); TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key_str->x) == 0); ret = mbedtls_chachapoly_auth_decrypt(&ctx, input_str->len, nonce_str->x, aad_str->x, aad_str->len, mac_str->x, input_str->x, output); TEST_ASSERT(ret == ret_exp); if (ret_exp == 0) { TEST_ASSERT(memcmp(output_str->x, output, output_str->len) == 0); } exit: mbedtls_chachapoly_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */ void chachapoly_bad_params() { unsigned char key[32]; unsigned char nonce[12]; unsigned char aad[1]; unsigned char input[1]; unsigned char output[1]; unsigned char mac[16]; size_t input_len = sizeof(input); size_t aad_len = sizeof(aad); mbedtls_chachapoly_context ctx; memset(key, 0x00, sizeof(key)); memset(nonce, 0x00, sizeof(nonce)); memset(aad, 0x00, sizeof(aad)); memset(input, 0x00, sizeof(input)); memset(output, 0x00, sizeof(output)); memset(mac, 0x00, sizeof(mac)); TEST_INVALID_PARAM(mbedtls_chachapoly_init(NULL)); TEST_VALID_PARAM(mbedtls_chachapoly_free(NULL)); /* setkey */ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_setkey(NULL, key)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_setkey(&ctx, NULL)); /* encrypt_and_tag */ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_encrypt_and_tag(NULL, 0, nonce, aad, 0, input, output, mac)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_encrypt_and_tag(&ctx, 0, NULL, aad, 0, input, output, mac)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_encrypt_and_tag(&ctx, 0, nonce, NULL, aad_len, input, output, mac)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_encrypt_and_tag(&ctx, input_len, nonce, aad, 0, NULL, output, mac)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_encrypt_and_tag(&ctx, input_len, nonce, aad, 0, input, NULL, mac)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_encrypt_and_tag(&ctx, 0, nonce, aad, 0, input, output, NULL)); /* auth_decrypt */ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_auth_decrypt(NULL, 0, nonce, aad, 0, mac, input, output)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_auth_decrypt(&ctx, 0, NULL, aad, 0, mac, input, output)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_auth_decrypt(&ctx, 0, nonce, NULL, aad_len, mac, input, output)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_auth_decrypt(&ctx, 0, nonce, aad, 0, NULL, input, output)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_auth_decrypt(&ctx, input_len, nonce, aad, 0, mac, NULL, output)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_auth_decrypt(&ctx, input_len, nonce, aad, 0, mac, input, NULL)); /* starts */ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_starts(NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_starts(&ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT)); /* update_aad */ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_update_aad(NULL, aad, aad_len)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_update_aad(&ctx, NULL, aad_len)); /* update */ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_update(NULL, input_len, input, output)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_update(&ctx, input_len, NULL, output)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_update(&ctx, input_len, input, NULL)); /* finish */ TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_finish(NULL, mac)); TEST_INVALID_PARAM_RET(MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA, mbedtls_chachapoly_finish(&ctx, NULL)); exit: return; } /* END_CASE */ /* BEGIN_CASE */ void chachapoly_state() { unsigned char key[32]; unsigned char nonce[12]; unsigned char aad[1]; unsigned char input[1]; unsigned char output[1]; unsigned char mac[16]; size_t input_len = sizeof(input); size_t aad_len = sizeof(aad); mbedtls_chachapoly_context ctx; memset(key, 0x00, sizeof(key)); memset(nonce, 0x00, sizeof(nonce)); memset(aad, 0x00, sizeof(aad)); memset(input, 0x00, sizeof(input)); memset(output, 0x00, sizeof(output)); memset(mac, 0x00, sizeof(mac)); /* Initial state: finish, update, update_aad forbidden */ mbedtls_chachapoly_init(&ctx); TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); /* Still initial state: finish, update, update_aad forbidden */ TEST_ASSERT(mbedtls_chachapoly_setkey(&ctx, key) == 0); TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); /* Starts -> finish OK */ TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) == 0); TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) == 0); /* After finish: update, update_aad forbidden */ TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); /* Starts -> update* OK */ TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) == 0); TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) == 0); TEST_ASSERT(mbedtls_chachapoly_update(&ctx, input_len, input, output) == 0); /* After update: update_aad forbidden */ TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE); /* Starts -> update_aad* -> finish OK */ TEST_ASSERT(mbedtls_chachapoly_starts(&ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT) == 0); TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) == 0); TEST_ASSERT(mbedtls_chachapoly_update_aad(&ctx, aad, aad_len) == 0); TEST_ASSERT(mbedtls_chachapoly_finish(&ctx, mac) == 0); exit: mbedtls_chachapoly_free(&ctx); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void chachapoly_selftest() { TEST_ASSERT(mbedtls_chachapoly_self_test(1) == 0); } /* END_CASE */