/* BEGIN_HEADER */ #include "mbedtls/chachapoly.h" /* END_HEADER */ /* BEGIN_DEPENDENCIES * depends_on:MBEDTLS_CHACHAPOLY_C * END_DEPENDENCIES */ /* BEGIN_CASE */ void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string ) { unsigned char key_str[32]; /* size set by the standard */ unsigned char nonce_str[12]; /* size set by the standard */ unsigned char aad_str[12]; /* max size of test data so far */ unsigned char input_str[265]; /* max size of binary input/output so far */ unsigned char output_str[265]; unsigned char output[265]; unsigned char mac_str[16]; /* size set by the standard */ unsigned char mac[16]; /* size set by the standard */ size_t input_len; size_t output_len; size_t aad_len; size_t key_len; size_t nonce_len; size_t mac_len; mbedtls_chachapoly_context ctx; memset( key_str, 0x00, sizeof( key_str ) ); memset( nonce_str, 0x00, sizeof( nonce_str ) ); memset( aad_str, 0x00, sizeof( aad_str ) ); memset( input_str, 0x00, sizeof( input_str ) ); memset( output_str, 0x00, sizeof( output_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); aad_len = unhexify( aad_str, hex_aad_string ); input_len = unhexify( input_str, hex_input_string ); output_len = unhexify( output_str, hex_output_string ); key_len = unhexify( key_str, hex_key_string ); nonce_len = unhexify( nonce_str, hex_nonce_string ); mac_len = unhexify( mac_str, hex_mac_string ); TEST_ASSERT( key_len == 32 ); TEST_ASSERT( nonce_len == 12 ); TEST_ASSERT( mac_len == 16 ); mbedtls_chachapoly_init( &ctx ); TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, input_len, nonce_str, aad_str, aad_len, input_str, output, mac ) == 0 ); TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 ); exit: mbedtls_chachapoly_free( &ctx ); } /* END_CASE */ /* BEGIN_CASE */ void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp ) { unsigned char key_str[32]; /* size set by the standard */ unsigned char nonce_str[12]; /* size set by the standard */ unsigned char aad_str[12]; /* max size of test data so far */ unsigned char input_str[265]; /* max size of binary input/output so far */ unsigned char output_str[265]; unsigned char output[265]; unsigned char mac_str[16]; /* size set by the standard */ size_t input_len; size_t output_len; size_t aad_len; size_t key_len; size_t nonce_len; size_t mac_len; int ret; mbedtls_chachapoly_context ctx; memset( key_str, 0x00, sizeof( key_str ) ); memset( nonce_str, 0x00, sizeof( nonce_str ) ); memset( aad_str, 0x00, sizeof( aad_str ) ); memset( input_str, 0x00, sizeof( input_str ) ); memset( output_str, 0x00, sizeof( output_str ) ); memset( mac_str, 0x00, sizeof( mac_str ) ); aad_len = unhexify( aad_str, hex_aad_string ); input_len = unhexify( input_str, hex_input_string ); output_len = unhexify( output_str, hex_output_string ); key_len = unhexify( key_str, hex_key_string ); nonce_len = unhexify( nonce_str, hex_nonce_string ); mac_len = unhexify( mac_str, hex_mac_string ); TEST_ASSERT( key_len == 32 ); TEST_ASSERT( nonce_len == 12 ); TEST_ASSERT( mac_len == 16 ); mbedtls_chachapoly_init( &ctx ); TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 ); ret = mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce_str, aad_str, aad_len, mac_str, input_str, output ); TEST_ASSERT( ret == ret_exp ); if( ret_exp == 0 ) { TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 ); } exit: mbedtls_chachapoly_free( &ctx ); } /* END_CASE */ /* BEGIN_CASE */ void chachapoly_bad_params() { unsigned char key[32]; unsigned char nonce[12]; unsigned char aad[1]; unsigned char input[1]; unsigned char output[1]; unsigned char mac[16]; size_t input_len = sizeof( input ); size_t aad_len = sizeof( aad ); mbedtls_chachapoly_context ctx; memset( key, 0x00, sizeof( key ) ); memset( nonce, 0x00, sizeof( nonce ) ); memset( aad, 0x00, sizeof( aad ) ); memset( input, 0x00, sizeof( input ) ); memset( output, 0x00, sizeof( output ) ); memset( mac, 0x00, sizeof( mac ) ); mbedtls_chachapoly_init( NULL ); mbedtls_chachapoly_free( NULL ); mbedtls_chachapoly_init( &ctx ); TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( NULL, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, nonce, aad, 0, input, output, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, NULL, aad, 0, input, output, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, nonce, NULL, aad_len, input, output, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, input_len, nonce, aad, 0, NULL, output, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, input_len, nonce, aad, 0, input, NULL, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, nonce, aad, 0, input, output, NULL ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL, 0, nonce, aad, 0, mac, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, 0, NULL, aad, 0, mac, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, 0, nonce, NULL, aad_len, mac, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, 0, nonce, aad, 0, NULL, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce, aad, 0, mac, NULL, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce, aad, 0, mac, input, NULL ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, 0, nonce, aad, aad_len, NULL, NULL, mac ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, 0, nonce, aad, aad_len, mac, NULL, NULL ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_crypt_and_tag( &ctx, MBEDTLS_CHACHAPOLY_ENCRYPT, input_len, nonce, NULL, 0, input, output, mac ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx, input_len, nonce, NULL, 0, mac, input, output ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL ) == MBEDTLS_ERR_CHACHAPOLY_BAD_INPUT_DATA ); exit: mbedtls_chachapoly_free( &ctx ); } /* END_CASE */ /* BEGIN_CASE */ void chachapoly_state() { unsigned char key[32]; unsigned char nonce[12]; unsigned char aad[1]; unsigned char input[1]; unsigned char output[1]; unsigned char mac[16]; size_t input_len = sizeof( input ); size_t aad_len = sizeof( aad ); mbedtls_chachapoly_context ctx; memset( key, 0x00, sizeof( key ) ); memset( nonce, 0x00, sizeof( nonce ) ); memset( aad, 0x00, sizeof( aad ) ); memset( input, 0x00, sizeof( input ) ); memset( output, 0x00, sizeof( output ) ); memset( mac, 0x00, sizeof( mac ) ); /* Initial state: finish, update, update_aad forbidden */ mbedtls_chachapoly_init( &ctx ); TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); /* Still initial state: finish, update, update_aad forbidden */ TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); /* Starts -> finish OK */ TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) == 0 ); /* After finish: update, update_aad forbidden */ TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); /* Starts -> update* OK */ TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output ) == 0 ); /* After update: update_aad forbidden */ TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) == MBEDTLS_ERR_CHACHAPOLY_BAD_STATE ); /* Starts -> update_aad* -> finish OK */ TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len ) == 0 ); TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac ) == 0 ); exit: mbedtls_chachapoly_free( &ctx ); } /* END_CASE */ /* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */ void chachapoly_selftest() { TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 ); } /* END_CASE */