mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-11-23 12:35:38 +01:00
ae2ff02ff1
Parameter validation was previously performed and tested unconditionally for the ChaCha/Poly modules. This commit therefore only needs go guard the existing tests accordingly and use the appropriate test macros for parameter validation.
337 lines
14 KiB
Plaintext
337 lines
14 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/chachapoly.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_CHACHAPOLY_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE */
|
|
void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
|
|
{
|
|
unsigned char key_str[32]; /* size set by the standard */
|
|
unsigned char nonce_str[12]; /* size set by the standard */
|
|
unsigned char aad_str[12]; /* max size of test data so far */
|
|
unsigned char input_str[265]; /* max size of binary input/output so far */
|
|
unsigned char output_str[265];
|
|
unsigned char output[265];
|
|
unsigned char mac_str[16]; /* size set by the standard */
|
|
unsigned char mac[16]; /* size set by the standard */
|
|
size_t input_len;
|
|
size_t output_len;
|
|
size_t aad_len;
|
|
size_t key_len;
|
|
size_t nonce_len;
|
|
size_t mac_len;
|
|
mbedtls_chachapoly_context ctx;
|
|
|
|
memset( key_str, 0x00, sizeof( key_str ) );
|
|
memset( nonce_str, 0x00, sizeof( nonce_str ) );
|
|
memset( aad_str, 0x00, sizeof( aad_str ) );
|
|
memset( input_str, 0x00, sizeof( input_str ) );
|
|
memset( output_str, 0x00, sizeof( output_str ) );
|
|
memset( mac_str, 0x00, sizeof( mac_str ) );
|
|
|
|
aad_len = unhexify( aad_str, hex_aad_string );
|
|
input_len = unhexify( input_str, hex_input_string );
|
|
output_len = unhexify( output_str, hex_output_string );
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
nonce_len = unhexify( nonce_str, hex_nonce_string );
|
|
mac_len = unhexify( mac_str, hex_mac_string );
|
|
|
|
TEST_ASSERT( key_len == 32 );
|
|
TEST_ASSERT( nonce_len == 12 );
|
|
TEST_ASSERT( mac_len == 16 );
|
|
|
|
mbedtls_chachapoly_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
|
input_len, nonce_str,
|
|
aad_str, aad_len,
|
|
input_str, output, mac ) == 0 );
|
|
|
|
TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
|
|
TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
|
|
|
|
exit:
|
|
mbedtls_chachapoly_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp )
|
|
{
|
|
unsigned char key_str[32]; /* size set by the standard */
|
|
unsigned char nonce_str[12]; /* size set by the standard */
|
|
unsigned char aad_str[12]; /* max size of test data so far */
|
|
unsigned char input_str[265]; /* max size of binary input/output so far */
|
|
unsigned char output_str[265];
|
|
unsigned char output[265];
|
|
unsigned char mac_str[16]; /* size set by the standard */
|
|
size_t input_len;
|
|
size_t output_len;
|
|
size_t aad_len;
|
|
size_t key_len;
|
|
size_t nonce_len;
|
|
size_t mac_len;
|
|
int ret;
|
|
mbedtls_chachapoly_context ctx;
|
|
|
|
memset( key_str, 0x00, sizeof( key_str ) );
|
|
memset( nonce_str, 0x00, sizeof( nonce_str ) );
|
|
memset( aad_str, 0x00, sizeof( aad_str ) );
|
|
memset( input_str, 0x00, sizeof( input_str ) );
|
|
memset( output_str, 0x00, sizeof( output_str ) );
|
|
memset( mac_str, 0x00, sizeof( mac_str ) );
|
|
|
|
aad_len = unhexify( aad_str, hex_aad_string );
|
|
input_len = unhexify( input_str, hex_input_string );
|
|
output_len = unhexify( output_str, hex_output_string );
|
|
key_len = unhexify( key_str, hex_key_string );
|
|
nonce_len = unhexify( nonce_str, hex_nonce_string );
|
|
mac_len = unhexify( mac_str, hex_mac_string );
|
|
|
|
TEST_ASSERT( key_len == 32 );
|
|
TEST_ASSERT( nonce_len == 12 );
|
|
TEST_ASSERT( mac_len == 16 );
|
|
|
|
mbedtls_chachapoly_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
|
|
|
|
ret = mbedtls_chachapoly_auth_decrypt( &ctx,
|
|
input_len, nonce_str,
|
|
aad_str, aad_len,
|
|
mac_str, input_str, output );
|
|
|
|
TEST_ASSERT( ret == ret_exp );
|
|
if( ret_exp == 0 )
|
|
{
|
|
TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_chachapoly_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
|
|
void chachapoly_bad_params()
|
|
{
|
|
unsigned char key[32];
|
|
unsigned char nonce[12];
|
|
unsigned char aad[1];
|
|
unsigned char input[1];
|
|
unsigned char output[1];
|
|
unsigned char mac[16];
|
|
size_t input_len = sizeof( input );
|
|
size_t aad_len = sizeof( aad );
|
|
mbedtls_chachapoly_context ctx;
|
|
|
|
memset( key, 0x00, sizeof( key ) );
|
|
memset( nonce, 0x00, sizeof( nonce ) );
|
|
memset( aad, 0x00, sizeof( aad ) );
|
|
memset( input, 0x00, sizeof( input ) );
|
|
memset( output, 0x00, sizeof( output ) );
|
|
memset( mac, 0x00, sizeof( mac ) );
|
|
|
|
TEST_INVALID_PARAM( mbedtls_chachapoly_init( NULL ) );
|
|
|
|
/* setkey */
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_setkey( NULL, key ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_setkey( &ctx, NULL ) );
|
|
|
|
/* encrypt_and_tag */
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_encrypt_and_tag( NULL,
|
|
0, nonce,
|
|
aad, 0,
|
|
input, output, mac ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
|
0, NULL,
|
|
aad, 0,
|
|
input, output, mac ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
|
0, nonce,
|
|
NULL, aad_len,
|
|
input, output, mac ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
|
input_len, nonce,
|
|
aad, 0,
|
|
NULL, output, mac ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
|
input_len, nonce,
|
|
aad, 0,
|
|
input, NULL, mac ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_encrypt_and_tag( &ctx,
|
|
0, nonce,
|
|
aad, 0,
|
|
input, output, NULL ) );
|
|
|
|
/* auth_decrypt */
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_auth_decrypt( NULL,
|
|
0, nonce,
|
|
aad, 0,
|
|
mac, input, output ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_auth_decrypt( &ctx,
|
|
0, NULL,
|
|
aad, 0,
|
|
mac, input, output ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_auth_decrypt( &ctx,
|
|
0, nonce,
|
|
NULL, aad_len,
|
|
mac, input, output ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_auth_decrypt( &ctx,
|
|
0, nonce,
|
|
aad, 0,
|
|
NULL, input, output ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_auth_decrypt( &ctx,
|
|
input_len, nonce,
|
|
aad, 0,
|
|
mac, NULL, output ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_auth_decrypt( &ctx,
|
|
input_len, nonce,
|
|
aad, 0,
|
|
mac, input, NULL ) );
|
|
|
|
/* starts */
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_starts( NULL, nonce,
|
|
MBEDTLS_CHACHAPOLY_ENCRYPT ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_starts( &ctx, NULL,
|
|
MBEDTLS_CHACHAPOLY_ENCRYPT ) );
|
|
|
|
/* update_aad */
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_update_aad( NULL, aad,
|
|
aad_len ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_update_aad( &ctx, NULL,
|
|
aad_len ) );
|
|
|
|
/* update */
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_update( NULL, input_len,
|
|
input, output ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_update( &ctx, input_len,
|
|
NULL, output ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_update( &ctx, input_len,
|
|
input, NULL ) );
|
|
|
|
/* finish */
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_finish( NULL, mac ) );
|
|
TEST_INVALID_PARAM_RET( MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA,
|
|
mbedtls_chachapoly_finish( &ctx, NULL ) );
|
|
|
|
exit:
|
|
return;
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void chachapoly_state()
|
|
{
|
|
unsigned char key[32];
|
|
unsigned char nonce[12];
|
|
unsigned char aad[1];
|
|
unsigned char input[1];
|
|
unsigned char output[1];
|
|
unsigned char mac[16];
|
|
size_t input_len = sizeof( input );
|
|
size_t aad_len = sizeof( aad );
|
|
mbedtls_chachapoly_context ctx;
|
|
|
|
memset( key, 0x00, sizeof( key ) );
|
|
memset( nonce, 0x00, sizeof( nonce ) );
|
|
memset( aad, 0x00, sizeof( aad ) );
|
|
memset( input, 0x00, sizeof( input ) );
|
|
memset( output, 0x00, sizeof( output ) );
|
|
memset( mac, 0x00, sizeof( mac ) );
|
|
|
|
/* Initial state: finish, update, update_aad forbidden */
|
|
mbedtls_chachapoly_init( &ctx );
|
|
|
|
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
|
|
/* Still initial state: finish, update, update_aad forbidden */
|
|
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
|
|
== 0 );
|
|
|
|
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
|
|
/* Starts -> finish OK */
|
|
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
|
|
== 0 );
|
|
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
|
|
== 0 );
|
|
|
|
/* After finish: update, update_aad forbidden */
|
|
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
|
|
/* Starts -> update* OK */
|
|
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
|
|
== 0 );
|
|
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
|
|
== 0 );
|
|
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
|
|
== 0 );
|
|
|
|
/* After update: update_aad forbidden */
|
|
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
|
|
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
|
|
|
|
/* Starts -> update_aad* -> finish OK */
|
|
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
|
|
== 0 );
|
|
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
|
|
== 0 );
|
|
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
|
|
== 0 );
|
|
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
|
|
== 0 );
|
|
|
|
exit:
|
|
mbedtls_chachapoly_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
|
|
void chachapoly_selftest()
|
|
{
|
|
TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
|
|
}
|
|
/* END_CASE */
|