test_suite_cipher.function (43220B)
1 /* BEGIN_HEADER */ 2 #include "mbedtls/cipher.h" 3 #include "mbedtls/aes.h" 4 5 #if defined(MBEDTLS_GCM_C) 6 #include "mbedtls/gcm.h" 7 #endif 8 9 #include "cipher_invasive.h" 10 11 #include "test/constant_flow.h" 12 13 #if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C) 14 #define MBEDTLS_CIPHER_AUTH_CRYPT 15 #endif 16 17 /* Check the internal consistency of a cipher info structure, and 18 * check it against mbedtls_cipher_info_from_xxx(). */ 19 static int check_cipher_info(mbedtls_cipher_type_t type, 20 const mbedtls_cipher_info_t *info) 21 { 22 size_t key_bitlen, block_size, iv_size; 23 24 TEST_ASSERT(info != NULL); 25 TEST_EQUAL(type, mbedtls_cipher_info_get_type(info)); 26 TEST_EQUAL(type, info->type); 27 TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info); 28 29 TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info)); 30 31 /* Insist that get_name() return the string from the structure and 32 * not a copy. A copy would have an unknown storage duration. */ 33 TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name); 34 TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info); 35 36 key_bitlen = mbedtls_cipher_info_get_key_bitlen(info); 37 block_size = mbedtls_cipher_info_get_block_size(info); 38 iv_size = mbedtls_cipher_info_get_iv_size(info); 39 if (info->type == MBEDTLS_CIPHER_NULL) { 40 TEST_ASSERT(key_bitlen == 0); 41 TEST_ASSERT(block_size == 1); 42 TEST_ASSERT(iv_size == 0); 43 } else if (info->mode == MBEDTLS_MODE_XTS) { 44 TEST_ASSERT(key_bitlen == 256 || 45 key_bitlen == 384 || 46 key_bitlen == 512); 47 } else if (!strncmp(info->name, "DES-EDE3-", 9)) { 48 TEST_ASSERT(key_bitlen == 192); 49 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 50 TEST_ASSERT(block_size == 8); 51 } else if (!strncmp(info->name, "DES-EDE-", 8)) { 52 TEST_ASSERT(key_bitlen == 128); 53 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 54 TEST_ASSERT(block_size == 8); 55 } else if (!strncmp(info->name, "DES-", 4)) { 56 TEST_ASSERT(key_bitlen == 64); 57 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 58 TEST_ASSERT(block_size == 8); 59 } else if (!strncmp(info->name, "AES", 3)) { 60 TEST_ASSERT(key_bitlen == 128 || 61 key_bitlen == 192 || 62 key_bitlen == 256); 63 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info)); 64 TEST_ASSERT(block_size == 16); 65 } else { 66 TEST_ASSERT(key_bitlen == 128 || 67 key_bitlen == 192 || 68 key_bitlen == 256); 69 } 70 TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8); 71 TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH); 72 TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH); 73 74 if (strstr(info->name, "-ECB") != NULL) { 75 TEST_ASSERT(iv_size == 0); 76 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 77 } else if (strstr(info->name, "-CBC") != NULL || 78 strstr(info->name, "-CTR") != NULL) { 79 TEST_ASSERT(iv_size == block_size); 80 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info)); 81 } else if (strstr(info->name, "-GCM") != NULL) { 82 TEST_ASSERT(iv_size == block_size - 4); 83 TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info)); 84 } 85 86 return 1; 87 88 exit: 89 return 0; 90 } 91 92 #if defined(MBEDTLS_CIPHER_MODE_AEAD) 93 /* Helper for resetting key/direction 94 * 95 * The documentation doesn't explicitly say whether calling 96 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with 97 * the default software implementation, but only by accident. It isn't 98 * guaranteed to work with new ciphers or with alternative implementations of 99 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do 100 * it, and instead start with a fresh context. 101 */ 102 static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id, 103 int use_psa, size_t tag_len, const data_t *key, int direction) 104 { 105 mbedtls_cipher_free(ctx); 106 mbedtls_cipher_init(ctx); 107 108 #if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 109 (void) use_psa; 110 (void) tag_len; 111 #else 112 if (use_psa == 1) { 113 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx, 114 mbedtls_cipher_info_from_type(cipher_id), 115 tag_len)); 116 } else 117 #endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */ 118 { 119 TEST_ASSERT(0 == mbedtls_cipher_setup(ctx, 120 mbedtls_cipher_info_from_type(cipher_id))); 121 } 122 123 TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len, 124 direction)); 125 return 1; 126 127 exit: 128 return 0; 129 } 130 131 /* 132 * Check if a buffer is all-0 bytes: 133 * return 1 if it is, 134 * 0 if it isn't. 135 */ 136 static int buffer_is_all_zero(const uint8_t *buf, size_t size) 137 { 138 for (size_t i = 0; i < size; i++) { 139 if (buf[i] != 0) { 140 return 0; 141 } 142 } 143 return 1; 144 } 145 #endif /* MBEDTLS_CIPHER_AUTH_CRYPT */ 146 147 /* END_HEADER */ 148 149 /* BEGIN_DEPENDENCIES 150 * depends_on:MBEDTLS_CIPHER_C 151 * END_DEPENDENCIES 152 */ 153 154 /* BEGIN_CASE */ 155 void mbedtls_cipher_list() 156 { 157 const int *cipher_type; 158 159 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) { 160 const mbedtls_cipher_info_t *info = 161 mbedtls_cipher_info_from_type(*cipher_type); 162 mbedtls_test_set_step(*cipher_type); 163 if (!check_cipher_info(*cipher_type, info)) { 164 goto exit; 165 } 166 } 167 } 168 /* END_CASE */ 169 170 /* BEGIN_CASE */ 171 void cipher_invalid_param_unconditional() 172 { 173 mbedtls_cipher_context_t valid_ctx; 174 mbedtls_cipher_context_t invalid_ctx; 175 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT; 176 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS; 177 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 178 int valid_size = sizeof(valid_buffer); 179 int valid_bitlen = valid_size * 8; 180 const int *cipher_list = mbedtls_cipher_list(); 181 const mbedtls_cipher_info_t *valid_info; 182 size_t size_t_var; 183 184 (void) valid_mode; /* In some configurations this is unused */ 185 186 mbedtls_cipher_init(&valid_ctx); 187 mbedtls_cipher_init(&invalid_ctx); 188 189 /* Ensure that there is at least 1 supported cipher, otherwise exit gracefully */ 190 TEST_ASSUME(*cipher_list != 0); 191 valid_info = mbedtls_cipher_info_from_type(*cipher_list); 192 193 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0); 194 195 /* mbedtls_cipher_setup() */ 196 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) == 197 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 198 199 /* mbedtls_cipher_get_block_size() */ 200 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0); 201 202 /* mbedtls_cipher_get_cipher_mode() */ 203 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) == 204 MBEDTLS_MODE_NONE); 205 206 /* mbedtls_cipher_get_iv_size() */ 207 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0); 208 209 /* mbedtls_cipher_get_type() */ 210 TEST_ASSERT( 211 mbedtls_cipher_get_type(&invalid_ctx) == 212 MBEDTLS_CIPHER_NONE); 213 214 /* mbedtls_cipher_get_name() */ 215 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0); 216 217 /* mbedtls_cipher_get_key_bitlen() */ 218 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) == 219 MBEDTLS_KEY_LENGTH_NONE); 220 221 /* mbedtls_cipher_get_operation() */ 222 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) == 223 MBEDTLS_OPERATION_NONE); 224 225 /* mbedtls_cipher_setkey() */ 226 TEST_ASSERT( 227 mbedtls_cipher_setkey(&invalid_ctx, 228 valid_buffer, 229 valid_bitlen, 230 valid_operation) == 231 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 232 233 /* mbedtls_cipher_set_iv() */ 234 TEST_ASSERT( 235 mbedtls_cipher_set_iv(&invalid_ctx, 236 valid_buffer, 237 valid_size) == 238 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 239 240 /* mbedtls_cipher_reset() */ 241 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) == 242 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 243 244 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 245 /* mbedtls_cipher_update_ad() */ 246 TEST_ASSERT( 247 mbedtls_cipher_update_ad(&invalid_ctx, 248 valid_buffer, 249 valid_size) == 250 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 251 #endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 252 253 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 254 /* mbedtls_cipher_set_padding_mode() */ 255 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) == 256 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 257 #endif 258 259 /* mbedtls_cipher_update() */ 260 TEST_ASSERT( 261 mbedtls_cipher_update(&invalid_ctx, 262 valid_buffer, 263 valid_size, 264 valid_buffer, 265 &size_t_var) == 266 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 267 268 /* mbedtls_cipher_finish() */ 269 TEST_ASSERT( 270 mbedtls_cipher_finish(&invalid_ctx, 271 valid_buffer, 272 &size_t_var) == 273 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 274 275 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 276 /* mbedtls_cipher_write_tag() */ 277 TEST_ASSERT( 278 mbedtls_cipher_write_tag(&invalid_ctx, 279 valid_buffer, 280 valid_size) == 281 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 282 283 /* mbedtls_cipher_check_tag() */ 284 TEST_ASSERT( 285 mbedtls_cipher_check_tag(&invalid_ctx, 286 valid_buffer, 287 valid_size) == 288 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 289 #endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */ 290 291 exit: 292 mbedtls_cipher_free(&invalid_ctx); 293 mbedtls_cipher_free(&valid_ctx); 294 } 295 /* END_CASE */ 296 297 /* BEGIN_CASE */ 298 void cipher_invalid_param_conditional() 299 { 300 mbedtls_cipher_context_t valid_ctx; 301 302 mbedtls_operation_t invalid_operation = 100; 303 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 }; 304 int valid_size = sizeof(valid_buffer); 305 int valid_bitlen = valid_size * 8; 306 307 TEST_EQUAL( 308 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 309 mbedtls_cipher_setkey(&valid_ctx, 310 valid_buffer, 311 valid_bitlen, 312 invalid_operation)); 313 314 exit: 315 ; 316 } 317 /* END_CASE */ 318 319 /* BEGIN_CASE depends_on:MBEDTLS_AES_C */ 320 void cipher_special_behaviours() 321 { 322 const mbedtls_cipher_info_t *cipher_info; 323 mbedtls_cipher_context_t ctx; 324 unsigned char input[32]; 325 unsigned char output[32]; 326 #if defined(MBEDTLS_CIPHER_MODE_CBC) 327 unsigned char iv[32]; 328 #endif 329 size_t olen = 0; 330 331 mbedtls_cipher_init(&ctx); 332 memset(input, 0, sizeof(input)); 333 memset(output, 0, sizeof(output)); 334 #if defined(MBEDTLS_CIPHER_MODE_CBC) 335 memset(iv, 0, sizeof(iv)); 336 337 /* Check and get info structures */ 338 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC); 339 TEST_ASSERT(NULL != cipher_info); 340 341 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 342 343 /* IV too big */ 344 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1) 345 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE); 346 347 /* IV too small */ 348 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0) 349 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 350 351 mbedtls_cipher_free(&ctx); 352 mbedtls_cipher_init(&ctx); 353 #endif /* MBEDTLS_CIPHER_MODE_CBC */ 354 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB); 355 TEST_ASSERT(NULL != cipher_info); 356 357 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 358 359 /* Update ECB with partial block */ 360 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen) 361 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED); 362 363 exit: 364 mbedtls_cipher_free(&ctx); 365 } 366 /* END_CASE */ 367 368 /* BEGIN_CASE */ 369 void enc_dec_buf(int cipher_id, char *cipher_string, int key_len, 370 int length_val, int pad_mode) 371 { 372 size_t length = length_val, outlen, total_len, i, block_size, iv_len; 373 unsigned char key[64]; 374 unsigned char iv[16]; 375 unsigned char ad[13]; 376 unsigned char tag[16]; 377 unsigned char inbuf[64]; 378 unsigned char encbuf[64]; 379 unsigned char decbuf[64]; 380 381 const mbedtls_cipher_info_t *cipher_info; 382 mbedtls_cipher_context_t ctx_dec; 383 mbedtls_cipher_context_t ctx_enc; 384 385 /* 386 * Prepare contexts 387 */ 388 mbedtls_cipher_init(&ctx_dec); 389 mbedtls_cipher_init(&ctx_enc); 390 391 memset(key, 0x2a, sizeof(key)); 392 393 /* Check and get info structures */ 394 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 395 TEST_ASSERT(NULL != cipher_info); 396 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 397 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 398 cipher_string) == 0); 399 400 /* Initialise enc and dec contexts */ 401 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 402 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 403 404 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 405 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 406 407 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 408 if (-1 != pad_mode) { 409 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 410 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 411 } 412 #else 413 (void) pad_mode; 414 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 415 416 /* 417 * Do a few encode/decode cycles 418 */ 419 for (i = 0; i < 3; i++) { 420 memset(iv, 0x00 + i, sizeof(iv)); 421 memset(ad, 0x10 + i, sizeof(ad)); 422 memset(inbuf, 0x20 + i, sizeof(inbuf)); 423 424 memset(encbuf, 0, sizeof(encbuf)); 425 memset(decbuf, 0, sizeof(decbuf)); 426 memset(tag, 0, sizeof(tag)); 427 428 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 429 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 430 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 431 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 432 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 433 iv_len = 12; 434 } else { 435 iv_len = sizeof(iv); 436 } 437 438 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 439 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 440 441 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 442 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 443 444 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 445 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 446 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 447 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 448 449 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i)); 450 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i)); 451 #endif 452 453 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 454 TEST_ASSERT(block_size != 0); 455 456 /* encode length number of bytes from inbuf */ 457 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen)); 458 total_len = outlen; 459 460 TEST_ASSERT(total_len == length || 461 (total_len % block_size == 0 && 462 total_len < length && 463 total_len + block_size > length)); 464 465 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen)); 466 total_len += outlen; 467 468 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 469 TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag))); 470 #endif 471 472 TEST_ASSERT(total_len == length || 473 (total_len % block_size == 0 && 474 total_len > length && 475 total_len <= length + block_size)); 476 477 /* decode the previously encoded string */ 478 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen)); 479 total_len = outlen; 480 481 TEST_ASSERT(total_len == length || 482 (total_len % block_size == 0 && 483 total_len < length && 484 total_len + block_size >= length)); 485 486 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen)); 487 total_len += outlen; 488 489 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 490 TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag))); 491 #endif 492 493 /* check result */ 494 TEST_ASSERT(total_len == length); 495 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 496 } 497 498 /* 499 * Done 500 */ 501 exit: 502 mbedtls_cipher_free(&ctx_dec); 503 mbedtls_cipher_free(&ctx_enc); 504 } 505 /* END_CASE */ 506 507 /* BEGIN_CASE */ 508 void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val, 509 int ret) 510 { 511 size_t length = length_val; 512 unsigned char key[32]; 513 unsigned char iv[16]; 514 515 const mbedtls_cipher_info_t *cipher_info; 516 mbedtls_cipher_context_t ctx; 517 518 unsigned char inbuf[64]; 519 unsigned char encbuf[64]; 520 521 size_t outlen = 0; 522 523 memset(key, 0, 32); 524 memset(iv, 0, 16); 525 526 mbedtls_cipher_init(&ctx); 527 528 memset(inbuf, 5, 64); 529 memset(encbuf, 0, 64); 530 531 /* Check and get info structures */ 532 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 533 TEST_ASSERT(NULL != cipher_info); 534 535 /* Initialise context */ 536 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 537 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT)); 538 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 539 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 540 #else 541 (void) pad_mode; 542 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 543 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16)); 544 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 545 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 546 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 547 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 548 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 549 550 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0)); 551 #endif 552 553 /* encode length number of bytes from inbuf */ 554 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen)); 555 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen)); 556 if (0 != ret) { 557 /* Check output parameter is set to the least-harmful value on error */ 558 TEST_ASSERT(0 == outlen); 559 } 560 561 /* done */ 562 exit: 563 mbedtls_cipher_free(&ctx); 564 } 565 /* END_CASE */ 566 567 /* BEGIN_CASE */ 568 void dec_empty_buf(int cipher, 569 int expected_update_ret, 570 int expected_finish_ret) 571 { 572 unsigned char key[32]; 573 574 unsigned char *iv = NULL; 575 size_t iv_len = 16; 576 577 mbedtls_cipher_context_t ctx_dec; 578 const mbedtls_cipher_info_t *cipher_info; 579 580 unsigned char encbuf[64]; 581 unsigned char decbuf[64]; 582 583 size_t outlen = 0; 584 585 memset(key, 0, 32); 586 587 mbedtls_cipher_init(&ctx_dec); 588 589 memset(encbuf, 0, 64); 590 memset(decbuf, 0, 64); 591 592 /* Initialise context */ 593 cipher_info = mbedtls_cipher_info_from_type(cipher); 594 TEST_ASSERT(NULL != cipher_info); 595 596 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 597 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 598 iv_len = 12; 599 } 600 601 TEST_CALLOC(iv, iv_len); 602 memset(iv, 0, iv_len); 603 604 TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info)); 605 606 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 607 608 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, 609 key, mbedtls_cipher_info_get_key_bitlen(cipher_info), 610 MBEDTLS_DECRYPT)); 611 612 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 613 614 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 615 616 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7) 617 if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) { 618 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, 619 MBEDTLS_PADDING_PKCS7)); 620 } 621 #endif 622 623 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 624 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 625 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 626 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 627 628 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 629 #endif 630 631 /* decode 0-byte string */ 632 TEST_ASSERT(expected_update_ret == 633 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen)); 634 TEST_ASSERT(0 == outlen); 635 636 if (expected_finish_ret == 0 && 637 (cipher_info->mode == MBEDTLS_MODE_CBC || 638 cipher_info->mode == MBEDTLS_MODE_ECB)) { 639 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and 640 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when 641 * decrypting an empty buffer. 642 * On the other hand, CBC and ECB ciphers need a full block of input. 643 */ 644 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED; 645 } 646 647 TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish( 648 &ctx_dec, decbuf + outlen, &outlen)); 649 TEST_ASSERT(0 == outlen); 650 651 exit: 652 mbedtls_free(iv); 653 mbedtls_cipher_free(&ctx_dec); 654 } 655 /* END_CASE */ 656 657 /* BEGIN_CASE */ 658 void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val, 659 int second_length_val, int pad_mode, 660 int first_encrypt_output_len, int second_encrypt_output_len, 661 int first_decrypt_output_len, int second_decrypt_output_len) 662 { 663 size_t first_length = first_length_val; 664 size_t second_length = second_length_val; 665 size_t length = first_length + second_length; 666 size_t block_size; 667 size_t iv_len; 668 unsigned char key[32]; 669 unsigned char iv[16]; 670 671 mbedtls_cipher_context_t ctx_dec; 672 mbedtls_cipher_context_t ctx_enc; 673 const mbedtls_cipher_info_t *cipher_info; 674 675 unsigned char inbuf[64]; 676 unsigned char encbuf[64]; 677 unsigned char decbuf[64]; 678 679 size_t outlen = 0; 680 size_t totaloutlen = 0; 681 682 memset(key, 0, 32); 683 memset(iv, 0, 16); 684 685 mbedtls_cipher_init(&ctx_dec); 686 mbedtls_cipher_init(&ctx_enc); 687 688 memset(inbuf, 5, 64); 689 memset(encbuf, 0, 64); 690 memset(decbuf, 0, 64); 691 692 /* Initialise enc and dec contexts */ 693 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 694 TEST_ASSERT(NULL != cipher_info); 695 696 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 697 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 698 699 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT)); 700 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT)); 701 702 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 703 if (-1 != pad_mode) { 704 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode)); 705 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode)); 706 } 707 #else 708 (void) pad_mode; 709 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 710 711 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) { 712 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes. 713 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */ 714 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 || 715 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) { 716 iv_len = 12; 717 } else { 718 iv_len = sizeof(iv); 719 } 720 721 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 722 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 723 724 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec)); 725 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc)); 726 727 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 728 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM || 729 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 730 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 731 732 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0)); 733 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0)); 734 #endif 735 736 block_size = mbedtls_cipher_get_block_size(&ctx_enc); 737 TEST_ASSERT(block_size != 0); 738 739 /* encode length number of bytes from inbuf */ 740 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen)); 741 TEST_ASSERT((size_t) first_encrypt_output_len == outlen); 742 totaloutlen = outlen; 743 TEST_ASSERT(0 == 744 mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length, 745 encbuf + totaloutlen, 746 &outlen)); 747 TEST_ASSERT((size_t) second_encrypt_output_len == outlen); 748 totaloutlen += outlen; 749 TEST_ASSERT(totaloutlen == length || 750 (totaloutlen % block_size == 0 && 751 totaloutlen < length && 752 totaloutlen + block_size > length)); 753 754 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen)); 755 totaloutlen += outlen; 756 TEST_ASSERT(totaloutlen == length || 757 (totaloutlen % block_size == 0 && 758 totaloutlen > length && 759 totaloutlen <= length + block_size)); 760 761 /* decode the previously encoded string */ 762 second_length = totaloutlen - first_length; 763 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen)); 764 TEST_ASSERT((size_t) first_decrypt_output_len == outlen); 765 totaloutlen = outlen; 766 TEST_ASSERT(0 == 767 mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length, 768 decbuf + totaloutlen, 769 &outlen)); 770 TEST_ASSERT((size_t) second_decrypt_output_len == outlen); 771 totaloutlen += outlen; 772 773 TEST_ASSERT(totaloutlen == length || 774 (totaloutlen % block_size == 0 && 775 totaloutlen < length && 776 totaloutlen + block_size >= length)); 777 778 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen)); 779 totaloutlen += outlen; 780 781 TEST_ASSERT(totaloutlen == length); 782 783 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length)); 784 785 exit: 786 mbedtls_cipher_free(&ctx_dec); 787 mbedtls_cipher_free(&ctx_enc); 788 } 789 /* END_CASE */ 790 791 /* BEGIN_CASE */ 792 void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key, 793 data_t *iv, data_t *cipher, 794 data_t *clear, data_t *ad, data_t *tag, 795 int finish_result, int tag_result) 796 { 797 unsigned char output[265]; 798 mbedtls_cipher_context_t ctx; 799 size_t outlen, total_len; 800 801 mbedtls_cipher_init(&ctx); 802 803 memset(output, 0x00, sizeof(output)); 804 805 #if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C) 806 ((void) ad); 807 ((void) tag); 808 #endif 809 810 /* Prepare context */ 811 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 812 mbedtls_cipher_info_from_type(cipher_id))); 813 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT)); 814 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) 815 if (pad_mode != -1) { 816 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 817 } 818 #else 819 (void) pad_mode; 820 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */ 821 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len)); 822 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx)); 823 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 824 int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 825 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 826 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 827 828 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len)); 829 #endif 830 831 /* decode buffer and check tag->x */ 832 total_len = 0; 833 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen)); 834 total_len += outlen; 835 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 836 &outlen)); 837 if (0 != finish_result) { 838 /* Check output parameter is set to the least-harmful value on error */ 839 TEST_ASSERT(0 == outlen); 840 } 841 total_len += outlen; 842 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) 843 int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM || 844 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ? 845 tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE; 846 847 TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len)); 848 #endif 849 850 /* check plaintext only if everything went fine */ 851 if (0 == finish_result && 0 == tag_result) { 852 TEST_ASSERT(total_len == clear->len); 853 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len)); 854 } 855 856 exit: 857 mbedtls_cipher_free(&ctx); 858 } 859 /* END_CASE */ 860 861 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */ 862 void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv, 863 data_t *ad, data_t *cipher, data_t *tag, 864 char *result, data_t *clear, int use_psa) 865 { 866 /* 867 * Take an AEAD ciphertext + tag and perform a pair 868 * of AEAD decryption and AEAD encryption. Check that 869 * this results in the expected plaintext, and that 870 * decryption and encryption are inverse to one another. 871 */ 872 873 int ret; 874 int using_nist_kw, using_nist_kw_padding; 875 876 mbedtls_cipher_context_t ctx; 877 size_t outlen; 878 879 unsigned char *cipher_plus_tag = NULL; 880 size_t cipher_plus_tag_len; 881 unsigned char *decrypt_buf = NULL; 882 size_t decrypt_buf_len = 0; 883 unsigned char *encrypt_buf = NULL; 884 size_t encrypt_buf_len = 0; 885 886 /* Null pointers are documented as valid for inputs of length 0. 887 * The test framework passes non-null pointers, so set them to NULL. 888 * key, cipher and tag can't be empty. */ 889 if (iv->len == 0) { 890 iv->x = NULL; 891 } 892 if (ad->len == 0) { 893 ad->x = NULL; 894 } 895 if (clear->len == 0) { 896 clear->x = NULL; 897 } 898 899 mbedtls_cipher_init(&ctx); 900 901 /* Initialize PSA Crypto */ 902 #if defined(MBEDTLS_USE_PSA_CRYPTO) 903 if (use_psa == 1) { 904 PSA_ASSERT(psa_crypto_init()); 905 } 906 #else 907 (void) use_psa; 908 #endif 909 910 /* 911 * Are we using NIST_KW? with padding? 912 */ 913 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP || 914 cipher_id == MBEDTLS_CIPHER_AES_192_KWP || 915 cipher_id == MBEDTLS_CIPHER_AES_256_KWP; 916 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW || 917 cipher_id == MBEDTLS_CIPHER_AES_192_KW || 918 cipher_id == MBEDTLS_CIPHER_AES_256_KW || 919 using_nist_kw_padding; 920 921 /* 922 * Prepare context for decryption 923 */ 924 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 925 MBEDTLS_DECRYPT)) { 926 goto exit; 927 } 928 929 /* 930 * prepare buffer for decryption 931 * (we need the tag appended to the ciphertext) 932 */ 933 cipher_plus_tag_len = cipher->len + tag->len; 934 TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len); 935 memcpy(cipher_plus_tag, cipher->x, cipher->len); 936 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len); 937 938 /* 939 * Compute length of output buffer according to the documentation 940 */ 941 if (using_nist_kw) { 942 decrypt_buf_len = cipher_plus_tag_len - 8; 943 } else { 944 decrypt_buf_len = cipher_plus_tag_len - tag->len; 945 } 946 947 948 /* 949 * Try decrypting to a buffer that's 1B too small 950 */ 951 if (decrypt_buf_len != 0) { 952 TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1); 953 954 outlen = 0; 955 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 956 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 957 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len); 958 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA); 959 960 mbedtls_free(decrypt_buf); 961 decrypt_buf = NULL; 962 } 963 964 /* 965 * Authenticate and decrypt, and check result 966 */ 967 TEST_CALLOC(decrypt_buf, decrypt_buf_len); 968 969 outlen = 0; 970 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len, 971 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len, 972 decrypt_buf, decrypt_buf_len, &outlen, tag->len); 973 974 if (strcmp(result, "FAIL") == 0) { 975 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED); 976 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len)); 977 } else { 978 TEST_ASSERT(ret == 0); 979 TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len); 980 } 981 982 mbedtls_free(decrypt_buf); 983 decrypt_buf = NULL; 984 985 /* 986 * Encrypt back if test data was authentic 987 */ 988 if (strcmp(result, "FAIL") != 0) { 989 /* prepare context for encryption */ 990 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key, 991 MBEDTLS_ENCRYPT)) { 992 goto exit; 993 } 994 995 /* 996 * Compute size of output buffer according to documentation 997 */ 998 if (using_nist_kw) { 999 encrypt_buf_len = clear->len + 8; 1000 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) { 1001 encrypt_buf_len += 8 - encrypt_buf_len % 8; 1002 } 1003 } else { 1004 encrypt_buf_len = clear->len + tag->len; 1005 } 1006 1007 /* 1008 * Try encrypting with an output buffer that's 1B too small 1009 */ 1010 TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1); 1011 1012 outlen = 0; 1013 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1014 ad->x, ad->len, clear->x, clear->len, 1015 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len); 1016 TEST_ASSERT(ret != 0); 1017 1018 mbedtls_free(encrypt_buf); 1019 encrypt_buf = NULL; 1020 1021 /* 1022 * Encrypt and check the result 1023 */ 1024 TEST_CALLOC(encrypt_buf, encrypt_buf_len); 1025 1026 outlen = 0; 1027 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len, 1028 ad->x, ad->len, clear->x, clear->len, 1029 encrypt_buf, encrypt_buf_len, &outlen, tag->len); 1030 TEST_ASSERT(ret == 0); 1031 1032 TEST_ASSERT(outlen == cipher->len + tag->len); 1033 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0); 1034 TEST_ASSERT(memcmp(encrypt_buf + cipher->len, 1035 tag->x, tag->len) == 0); 1036 1037 mbedtls_free(encrypt_buf); 1038 encrypt_buf = NULL; 1039 } 1040 1041 exit: 1042 1043 mbedtls_cipher_free(&ctx); 1044 mbedtls_free(decrypt_buf); 1045 mbedtls_free(encrypt_buf); 1046 mbedtls_free(cipher_plus_tag); 1047 1048 #if defined(MBEDTLS_USE_PSA_CRYPTO) 1049 if (use_psa == 1) { 1050 PSA_DONE(); 1051 } 1052 #endif /* MBEDTLS_USE_PSA_CRYPTO */ 1053 } 1054 /* END_CASE */ 1055 1056 /* BEGIN_CASE */ 1057 void test_vec_ecb(int cipher_id, int operation, data_t *key, 1058 data_t *input, data_t *result, int finish_result 1059 ) 1060 { 1061 mbedtls_cipher_context_t ctx; 1062 unsigned char output[32]; 1063 size_t outlen; 1064 1065 mbedtls_cipher_init(&ctx); 1066 1067 memset(output, 0x00, sizeof(output)); 1068 1069 /* Prepare context */ 1070 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1071 mbedtls_cipher_info_from_type(cipher_id))); 1072 1073 1074 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1075 1076 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x, 1077 mbedtls_cipher_get_block_size(&ctx), 1078 output, &outlen)); 1079 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx)); 1080 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen, 1081 &outlen)); 1082 TEST_ASSERT(0 == outlen); 1083 1084 /* check plaintext only if everything went fine */ 1085 if (0 == finish_result) { 1086 TEST_ASSERT(0 == memcmp(output, result->x, 1087 mbedtls_cipher_get_block_size(&ctx))); 1088 } 1089 1090 exit: 1091 mbedtls_cipher_free(&ctx); 1092 } 1093 /* END_CASE */ 1094 1095 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1096 void test_vec_crypt(int cipher_id, int operation, data_t *key, 1097 data_t *iv, data_t *input, data_t *result, 1098 int finish_result, int use_psa) 1099 { 1100 mbedtls_cipher_context_t ctx; 1101 unsigned char output[32]; 1102 size_t outlen; 1103 1104 mbedtls_cipher_init(&ctx); 1105 1106 memset(output, 0x00, sizeof(output)); 1107 1108 /* Prepare context */ 1109 #if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED) 1110 (void) use_psa; 1111 #else 1112 if (use_psa == 1) { 1113 PSA_ASSERT(psa_crypto_init()); 1114 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx, 1115 mbedtls_cipher_info_from_type(cipher_id), 0)); 1116 } else 1117 #endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/ 1118 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, 1119 mbedtls_cipher_info_from_type(cipher_id))); 1120 1121 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation)); 1122 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) { 1123 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1124 } 1125 1126 TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL, 1127 iv->len, input->x, input->len, 1128 output, &outlen)); 1129 TEST_ASSERT(result->len == outlen); 1130 /* check plaintext only if everything went fine */ 1131 if (0 == finish_result) { 1132 TEST_ASSERT(0 == memcmp(output, result->x, outlen)); 1133 } 1134 1135 exit: 1136 mbedtls_cipher_free(&ctx); 1137 #if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED) 1138 PSA_DONE(); 1139 #endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */ 1140 } 1141 /* END_CASE */ 1142 1143 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1144 void set_padding(int cipher_id, int pad_mode, int ret) 1145 { 1146 const mbedtls_cipher_info_t *cipher_info; 1147 mbedtls_cipher_context_t ctx; 1148 1149 mbedtls_cipher_init(&ctx); 1150 1151 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1152 TEST_ASSERT(NULL != cipher_info); 1153 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info)); 1154 1155 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1156 1157 exit: 1158 mbedtls_cipher_free(&ctx); 1159 } 1160 /* END_CASE */ 1161 1162 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */ 1163 void check_padding(int pad_mode, data_t *input, int ret, int dlen_check 1164 ) 1165 { 1166 mbedtls_cipher_info_t cipher_info; 1167 mbedtls_cipher_context_t ctx; 1168 size_t dlen; 1169 1170 /* build a fake context just for getting access to get_padding */ 1171 mbedtls_cipher_init(&ctx); 1172 cipher_info.mode = MBEDTLS_MODE_CBC; 1173 ctx.cipher_info = &cipher_info; 1174 1175 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode)); 1176 1177 1178 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen)); 1179 if (0 == ret) { 1180 TEST_ASSERT(dlen == (size_t) dlen_check); 1181 } 1182 } 1183 /* END_CASE */ 1184 1185 /* BEGIN_CASE */ 1186 void iv_len_validity(int cipher_id, char *cipher_string, 1187 int iv_len_val, int ret) 1188 { 1189 size_t iv_len = iv_len_val; 1190 unsigned char iv[16]; 1191 1192 /* Initialise iv buffer */ 1193 memset(iv, 0, sizeof(iv)); 1194 1195 const mbedtls_cipher_info_t *cipher_info; 1196 mbedtls_cipher_context_t ctx_dec; 1197 mbedtls_cipher_context_t ctx_enc; 1198 1199 /* 1200 * Prepare contexts 1201 */ 1202 mbedtls_cipher_init(&ctx_dec); 1203 mbedtls_cipher_init(&ctx_enc); 1204 1205 /* Check and get info structures */ 1206 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1207 TEST_ASSERT(NULL != cipher_info); 1208 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info); 1209 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info), 1210 cipher_string) == 0); 1211 1212 /* Initialise enc and dec contexts */ 1213 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info)); 1214 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info)); 1215 1216 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len)); 1217 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len)); 1218 1219 exit: 1220 mbedtls_cipher_free(&ctx_dec); 1221 mbedtls_cipher_free(&ctx_enc); 1222 } 1223 /* END_CASE */ 1224 1225 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */ 1226 void check_set_padding(int cipher_id) 1227 { 1228 mbedtls_cipher_context_t ctx; 1229 unsigned char *key = NULL; 1230 unsigned char iv[16] = { 0 }; 1231 unsigned char input[16] = { 0 }; 1232 unsigned char output[32] = { 0 }; 1233 size_t outlen = 0; 1234 const mbedtls_cipher_info_t *cipher_info; 1235 size_t keylen = 0; 1236 1237 mbedtls_cipher_init(&ctx); 1238 1239 cipher_info = mbedtls_cipher_info_from_type(cipher_id); 1240 1241 if (cipher_info->mode != MBEDTLS_MODE_CBC) { 1242 TEST_FAIL("Cipher mode must be CBC"); 1243 } 1244 1245 keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info); 1246 TEST_CALLOC(key, keylen/8); 1247 memset(key, 0, keylen/8); 1248 1249 TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info)); 1250 1251 TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen, 1252 MBEDTLS_ENCRYPT)); 1253 1254 TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA, 1255 mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1256 sizeof(input), output, &outlen)); 1257 1258 TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE)); 1259 TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input, 1260 sizeof(input), output, &outlen)); 1261 1262 exit: 1263 mbedtls_cipher_free(&ctx); 1264 mbedtls_free(key); 1265 } 1266 /* END_CASE */ 1267 1268 /* BEGIN_CASE depends_on:MBEDTLS_TEST_HOOKS */ 1269 void get_pkcs_padding(data_t *decrypted_block, int exp_ret, int exp_len) 1270 { 1271 int ret; 1272 size_t calculated_len; 1273 1274 TEST_CF_SECRET(decrypted_block->x, decrypted_block->len); 1275 ret = mbedtls_get_pkcs_padding(decrypted_block->x, decrypted_block->len, 1276 &calculated_len); 1277 1278 TEST_EQUAL(ret, exp_ret); 1279 if (exp_ret == 0) { 1280 TEST_EQUAL(calculated_len, exp_len); 1281 } 1282 } 1283 /* END_CASE */