Gitiles
Code Review Sign In
git01.mediatek.com / filogic / uboot / 0344c602eadc0802776b65ff90f0a02c856cf53c / . / tests / suites / test_suite_cipher.function
blob: aca415095fb10d0884f976b5ca30a9670da16835 [file] [log] [blame]
Tom Rini0344c602024-10-08 13:56:50 -0600[diff] [blame^]1/* BEGIN_HEADER */
2#include "mbedtls/cipher.h"
3#include "mbedtls/aes.h"
4
5#if defined(MBEDTLS_GCM_C)
6#include "mbedtls/gcm.h"
7#endif
8
9#if defined(MBEDTLS_CIPHER_HAVE_SOME_AEAD_VIA_LEGACY_OR_USE_PSA) || defined(MBEDTLS_NIST_KW_C)
10#define MBEDTLS_CIPHER_AUTH_CRYPT
11#endif
12
13/* Check the internal consistency of a cipher info structure, and
14 * check it against mbedtls_cipher_info_from_xxx(). */
15static int check_cipher_info(mbedtls_cipher_type_t type,
16 const mbedtls_cipher_info_t *info)
17{
18 size_t key_bitlen, block_size, iv_size;
19
20 TEST_ASSERT(info != NULL);
21 TEST_EQUAL(type, mbedtls_cipher_info_get_type(info));
22 TEST_EQUAL(type, info->type);
23 TEST_ASSERT(mbedtls_cipher_info_from_type(type) == info);
24
25 TEST_EQUAL(info->mode, mbedtls_cipher_info_get_mode(info));
26
27 /* Insist that get_name() return the string from the structure and
28 * not a copy. A copy would have an unknown storage duration. */
29 TEST_ASSERT(mbedtls_cipher_info_get_name(info) == info->name);
30 TEST_ASSERT(mbedtls_cipher_info_from_string(info->name) == info);
31
32 key_bitlen = mbedtls_cipher_info_get_key_bitlen(info);
33 block_size = mbedtls_cipher_info_get_block_size(info);
34 iv_size = mbedtls_cipher_info_get_iv_size(info);
35 if (info->type == MBEDTLS_CIPHER_NULL) {
36 TEST_ASSERT(key_bitlen == 0);
37 TEST_ASSERT(block_size == 1);
38 TEST_ASSERT(iv_size == 0);
39 } else if (info->mode == MBEDTLS_MODE_XTS) {
40 TEST_ASSERT(key_bitlen == 256 ||
41 key_bitlen == 384 ||
42 key_bitlen == 512);
43 } else if (!strncmp(info->name, "DES-EDE3-", 9)) {
44 TEST_ASSERT(key_bitlen == 192);
45 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info));
46 TEST_ASSERT(block_size == 8);
47 } else if (!strncmp(info->name, "DES-EDE-", 8)) {
48 TEST_ASSERT(key_bitlen == 128);
49 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info));
50 TEST_ASSERT(block_size == 8);
51 } else if (!strncmp(info->name, "DES-", 4)) {
52 TEST_ASSERT(key_bitlen == 64);
53 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info));
54 TEST_ASSERT(block_size == 8);
55 } else if (!strncmp(info->name, "AES", 3)) {
56 TEST_ASSERT(key_bitlen == 128 ||
57 key_bitlen == 192 ||
58 key_bitlen == 256);
59 TEST_ASSERT(!mbedtls_cipher_info_has_variable_key_bitlen(info));
60 TEST_ASSERT(block_size == 16);
61 } else {
62 TEST_ASSERT(key_bitlen == 128 ||
63 key_bitlen == 192 ||
64 key_bitlen == 256);
65 }
66 TEST_LE_U(key_bitlen, MBEDTLS_MAX_KEY_LENGTH * 8);
67 TEST_LE_U(block_size, MBEDTLS_MAX_BLOCK_LENGTH);
68 TEST_LE_U(iv_size, MBEDTLS_MAX_IV_LENGTH);
69
70 if (strstr(info->name, "-ECB") != NULL) {
71 TEST_ASSERT(iv_size == 0);
72 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info));
73 } else if (strstr(info->name, "-CBC") != NULL ||
74 strstr(info->name, "-CTR") != NULL) {
75 TEST_ASSERT(iv_size == block_size);
76 TEST_ASSERT(!mbedtls_cipher_info_has_variable_iv_size(info));
77 } else if (strstr(info->name, "-GCM") != NULL) {
78 TEST_ASSERT(iv_size == block_size - 4);
79 TEST_ASSERT(mbedtls_cipher_info_has_variable_iv_size(info));
80 }
81
82 return 1;
83
84exit:
85 return 0;
86}
87
88#if defined(MBEDTLS_CIPHER_MODE_AEAD)
89/* Helper for resetting key/direction
90 *
91 * The documentation doesn't explicitly say whether calling
92 * mbedtls_cipher_setkey() twice is allowed or not. This currently works with
93 * the default software implementation, but only by accident. It isn't
94 * guaranteed to work with new ciphers or with alternative implementations of
95 * individual ciphers, and it doesn't work with the PSA wrappers. So don't do
96 * it, and instead start with a fresh context.
97 */
98static int cipher_reset_key(mbedtls_cipher_context_t *ctx, int cipher_id,
99 int use_psa, size_t tag_len, const data_t *key, int direction)
100{
101 mbedtls_cipher_free(ctx);
102 mbedtls_cipher_init(ctx);
103
104#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED)
105 (void) use_psa;
106 (void) tag_len;
107#else
108 if (use_psa == 1) {
109 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(ctx,
110 mbedtls_cipher_info_from_type(cipher_id),
111 tag_len));
112 } else
113#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED */
114 {
115 TEST_ASSERT(0 == mbedtls_cipher_setup(ctx,
116 mbedtls_cipher_info_from_type(cipher_id)));
117 }
118
119 TEST_ASSERT(0 == mbedtls_cipher_setkey(ctx, key->x, 8 * key->len,
120 direction));
121 return 1;
122
123exit:
124 return 0;
125}
126
127/*
128 * Check if a buffer is all-0 bytes:
129 * return 1 if it is,
130 * 0 if it isn't.
131 */
132int buffer_is_all_zero(const uint8_t *buf, size_t size)
133{
134 for (size_t i = 0; i < size; i++) {
135 if (buf[i] != 0) {
136 return 0;
137 }
138 }
139 return 1;
140}
141#endif /* MBEDTLS_CIPHER_AUTH_CRYPT */
142
143/* END_HEADER */
144
145/* BEGIN_DEPENDENCIES
146 * depends_on:MBEDTLS_CIPHER_C
147 * END_DEPENDENCIES
148 */
149
150/* BEGIN_CASE */
151void mbedtls_cipher_list()
152{
153 const int *cipher_type;
154
155 for (cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++) {
156 const mbedtls_cipher_info_t *info =
157 mbedtls_cipher_info_from_type(*cipher_type);
158 mbedtls_test_set_step(*cipher_type);
159 if (!check_cipher_info(*cipher_type, info)) {
160 goto exit;
161 }
162 }
163}
164/* END_CASE */
165
166/* BEGIN_CASE */
167void cipher_invalid_param_unconditional()
168{
169 mbedtls_cipher_context_t valid_ctx;
170 mbedtls_cipher_context_t invalid_ctx;
171 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
172 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
173 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
174 int valid_size = sizeof(valid_buffer);
175 int valid_bitlen = valid_size * 8;
176 const int *cipher_list = mbedtls_cipher_list();
177 const mbedtls_cipher_info_t *valid_info;
178 size_t size_t_var;
179
180 (void) valid_mode; /* In some configurations this is unused */
181
182 mbedtls_cipher_init(&valid_ctx);
183 mbedtls_cipher_init(&invalid_ctx);
184
185 /* Ensure that there is at least 1 supported cipher, otherwise exit gracefully */
186 TEST_ASSUME(*cipher_list != 0);
187 valid_info = mbedtls_cipher_info_from_type(*cipher_list);
188
189 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, valid_info) == 0);
190
191 /* mbedtls_cipher_setup() */
192 TEST_ASSERT(mbedtls_cipher_setup(&valid_ctx, NULL) ==
193 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
194
195 /* mbedtls_cipher_get_block_size() */
196 TEST_ASSERT(mbedtls_cipher_get_block_size(&invalid_ctx) == 0);
197
198 /* mbedtls_cipher_get_cipher_mode() */
199 TEST_ASSERT(mbedtls_cipher_get_cipher_mode(&invalid_ctx) ==
200 MBEDTLS_MODE_NONE);
201
202 /* mbedtls_cipher_get_iv_size() */
203 TEST_ASSERT(mbedtls_cipher_get_iv_size(&invalid_ctx) == 0);
204
205 /* mbedtls_cipher_get_type() */
206 TEST_ASSERT(
207 mbedtls_cipher_get_type(&invalid_ctx) ==
208 MBEDTLS_CIPHER_NONE);
209
210 /* mbedtls_cipher_get_name() */
211 TEST_ASSERT(mbedtls_cipher_get_name(&invalid_ctx) == 0);
212
213 /* mbedtls_cipher_get_key_bitlen() */
214 TEST_ASSERT(mbedtls_cipher_get_key_bitlen(&invalid_ctx) ==
215 MBEDTLS_KEY_LENGTH_NONE);
216
217 /* mbedtls_cipher_get_operation() */
218 TEST_ASSERT(mbedtls_cipher_get_operation(&invalid_ctx) ==
219 MBEDTLS_OPERATION_NONE);
220
221 /* mbedtls_cipher_setkey() */
222 TEST_ASSERT(
223 mbedtls_cipher_setkey(&invalid_ctx,
224 valid_buffer,
225 valid_bitlen,
226 valid_operation) ==
227 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
228
229 /* mbedtls_cipher_set_iv() */
230 TEST_ASSERT(
231 mbedtls_cipher_set_iv(&invalid_ctx,
232 valid_buffer,
233 valid_size) ==
234 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
235
236 /* mbedtls_cipher_reset() */
237 TEST_ASSERT(mbedtls_cipher_reset(&invalid_ctx) ==
238 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
239
240#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
241 /* mbedtls_cipher_update_ad() */
242 TEST_ASSERT(
243 mbedtls_cipher_update_ad(&invalid_ctx,
244 valid_buffer,
245 valid_size) ==
246 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
247#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
248
249#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
250 /* mbedtls_cipher_set_padding_mode() */
251 TEST_ASSERT(mbedtls_cipher_set_padding_mode(&invalid_ctx, valid_mode) ==
252 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
253#endif
254
255 /* mbedtls_cipher_update() */
256 TEST_ASSERT(
257 mbedtls_cipher_update(&invalid_ctx,
258 valid_buffer,
259 valid_size,
260 valid_buffer,
261 &size_t_var) ==
262 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
263
264 /* mbedtls_cipher_finish() */
265 TEST_ASSERT(
266 mbedtls_cipher_finish(&invalid_ctx,
267 valid_buffer,
268 &size_t_var) ==
269 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
270
271#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
272 /* mbedtls_cipher_write_tag() */
273 TEST_ASSERT(
274 mbedtls_cipher_write_tag(&invalid_ctx,
275 valid_buffer,
276 valid_size) ==
277 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
278
279 /* mbedtls_cipher_check_tag() */
280 TEST_ASSERT(
281 mbedtls_cipher_check_tag(&invalid_ctx,
282 valid_buffer,
283 valid_size) ==
284 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
285#endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
286
287exit:
288 mbedtls_cipher_free(&invalid_ctx);
289 mbedtls_cipher_free(&valid_ctx);
290}
291/* END_CASE */
292
293/* BEGIN_CASE */
294void cipher_invalid_param_conditional()
295{
296 mbedtls_cipher_context_t valid_ctx;
297
298 mbedtls_operation_t invalid_operation = 100;
299 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
300 int valid_size = sizeof(valid_buffer);
301 int valid_bitlen = valid_size * 8;
302
303 TEST_EQUAL(
304 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
305 mbedtls_cipher_setkey(&valid_ctx,
306 valid_buffer,
307 valid_bitlen,
308 invalid_operation));
309
310exit:
311 ;
312}
313/* END_CASE */
314
315/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
316void cipher_special_behaviours()
317{
318 const mbedtls_cipher_info_t *cipher_info;
319 mbedtls_cipher_context_t ctx;
320 unsigned char input[32];
321 unsigned char output[32];
322#if defined(MBEDTLS_CIPHER_MODE_CBC)
323 unsigned char iv[32];
324#endif
325 size_t olen = 0;
326
327 mbedtls_cipher_init(&ctx);
328 memset(input, 0, sizeof(input));
329 memset(output, 0, sizeof(output));
330#if defined(MBEDTLS_CIPHER_MODE_CBC)
331 memset(iv, 0, sizeof(iv));
332
333 /* Check and get info structures */
334 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_CBC);
335 TEST_ASSERT(NULL != cipher_info);
336
337 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
338
339 /* IV too big */
340 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1)
341 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE);
342
343 /* IV too small */
344 TEST_ASSERT(mbedtls_cipher_set_iv(&ctx, iv, 0)
345 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
346
347 mbedtls_cipher_free(&ctx);
348 mbedtls_cipher_init(&ctx);
349#endif /* MBEDTLS_CIPHER_MODE_CBC */
350 cipher_info = mbedtls_cipher_info_from_type(MBEDTLS_CIPHER_AES_128_ECB);
351 TEST_ASSERT(NULL != cipher_info);
352
353 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
354
355 /* Update ECB with partial block */
356 TEST_ASSERT(mbedtls_cipher_update(&ctx, input, 1, output, &olen)
357 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED);
358
359exit:
360 mbedtls_cipher_free(&ctx);
361}
362/* END_CASE */
363
364/* BEGIN_CASE */
365void enc_dec_buf(int cipher_id, char *cipher_string, int key_len,
366 int length_val, int pad_mode)
367{
368 size_t length = length_val, outlen, total_len, i, block_size, iv_len;
369 unsigned char key[64];
370 unsigned char iv[16];
371 unsigned char ad[13];
372 unsigned char tag[16];
373 unsigned char inbuf[64];
374 unsigned char encbuf[64];
375 unsigned char decbuf[64];
376
377 const mbedtls_cipher_info_t *cipher_info;
378 mbedtls_cipher_context_t ctx_dec;
379 mbedtls_cipher_context_t ctx_enc;
380
381 /*
382 * Prepare contexts
383 */
384 mbedtls_cipher_init(&ctx_dec);
385 mbedtls_cipher_init(&ctx_enc);
386
387 memset(key, 0x2a, sizeof(key));
388
389 /* Check and get info structures */
390 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
391 TEST_ASSERT(NULL != cipher_info);
392 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info);
393 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info),
394 cipher_string) == 0);
395
396 /* Initialise enc and dec contexts */
397 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
398 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
399
400 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT));
401 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT));
402
403#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
404 if (-1 != pad_mode) {
405 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode));
406 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode));
407 }
408#else
409 (void) pad_mode;
410#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
411
412 /*
413 * Do a few encode/decode cycles
414 */
415 for (i = 0; i < 3; i++) {
416 memset(iv, 0x00 + i, sizeof(iv));
417 memset(ad, 0x10 + i, sizeof(ad));
418 memset(inbuf, 0x20 + i, sizeof(inbuf));
419
420 memset(encbuf, 0, sizeof(encbuf));
421 memset(decbuf, 0, sizeof(decbuf));
422 memset(tag, 0, sizeof(tag));
423
424 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) {
425 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
426 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
427 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
428 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
429 iv_len = 12;
430 } else {
431 iv_len = sizeof(iv);
432 }
433
434 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
435 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len));
436
437 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
438 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc));
439
440#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
441 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM ||
442 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ?
443 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
444
445 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, ad, sizeof(ad) - i));
446 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, ad, sizeof(ad) - i));
447#endif
448
449 block_size = mbedtls_cipher_get_block_size(&ctx_enc);
450 TEST_ASSERT(block_size != 0);
451
452 /* encode length number of bytes from inbuf */
453 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, length, encbuf, &outlen));
454 total_len = outlen;
455
456 TEST_ASSERT(total_len == length ||
457 (total_len % block_size == 0 &&
458 total_len < length &&
459 total_len + block_size > length));
460
461 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + outlen, &outlen));
462 total_len += outlen;
463
464#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
465 TEST_EQUAL(expected, mbedtls_cipher_write_tag(&ctx_enc, tag, sizeof(tag)));
466#endif
467
468 TEST_ASSERT(total_len == length ||
469 (total_len % block_size == 0 &&
470 total_len > length &&
471 total_len <= length + block_size));
472
473 /* decode the previously encoded string */
474 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, total_len, decbuf, &outlen));
475 total_len = outlen;
476
477 TEST_ASSERT(total_len == length ||
478 (total_len % block_size == 0 &&
479 total_len < length &&
480 total_len + block_size >= length));
481
482 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + outlen, &outlen));
483 total_len += outlen;
484
485#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
486 TEST_EQUAL(expected, mbedtls_cipher_check_tag(&ctx_dec, tag, sizeof(tag)));
487#endif
488
489 /* check result */
490 TEST_ASSERT(total_len == length);
491 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length));
492 }
493
494 /*
495 * Done
496 */
497exit:
498 mbedtls_cipher_free(&ctx_dec);
499 mbedtls_cipher_free(&ctx_enc);
500}
501/* END_CASE */
502
503/* BEGIN_CASE */
504void enc_fail(int cipher_id, int pad_mode, int key_len, int length_val,
505 int ret)
506{
507 size_t length = length_val;
508 unsigned char key[32];
509 unsigned char iv[16];
510
511 const mbedtls_cipher_info_t *cipher_info;
512 mbedtls_cipher_context_t ctx;
513
514 unsigned char inbuf[64];
515 unsigned char encbuf[64];
516
517 size_t outlen = 0;
518
519 memset(key, 0, 32);
520 memset(iv, 0, 16);
521
522 mbedtls_cipher_init(&ctx);
523
524 memset(inbuf, 5, 64);
525 memset(encbuf, 0, 64);
526
527 /* Check and get info structures */
528 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
529 TEST_ASSERT(NULL != cipher_info);
530
531 /* Initialise context */
532 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
533 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key, key_len, MBEDTLS_ENCRYPT));
534#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
535 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
536#else
537 (void) pad_mode;
538#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
539 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv, 16));
540 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx));
541#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
542 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM ||
543 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ?
544 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
545
546 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, NULL, 0));
547#endif
548
549 /* encode length number of bytes from inbuf */
550 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, inbuf, length, encbuf, &outlen));
551 TEST_ASSERT(ret == mbedtls_cipher_finish(&ctx, encbuf + outlen, &outlen));
552
553 /* done */
554exit:
555 mbedtls_cipher_free(&ctx);
556}
557/* END_CASE */
558
559/* BEGIN_CASE */
560void dec_empty_buf(int cipher,
561 int expected_update_ret,
562 int expected_finish_ret)
563{
564 unsigned char key[32];
565
566 unsigned char *iv = NULL;
567 size_t iv_len = 16;
568
569 mbedtls_cipher_context_t ctx_dec;
570 const mbedtls_cipher_info_t *cipher_info;
571
572 unsigned char encbuf[64];
573 unsigned char decbuf[64];
574
575 size_t outlen = 0;
576
577 memset(key, 0, 32);
578
579 mbedtls_cipher_init(&ctx_dec);
580
581 memset(encbuf, 0, 64);
582 memset(decbuf, 0, 64);
583
584 /* Initialise context */
585 cipher_info = mbedtls_cipher_info_from_type(cipher);
586 TEST_ASSERT(NULL != cipher_info);
587
588 if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
589 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
590 iv_len = 12;
591 }
592
593 TEST_CALLOC(iv, iv_len);
594 memset(iv, 0, iv_len);
595
596 TEST_ASSERT(sizeof(key) * 8 >= mbedtls_cipher_info_get_key_bitlen(cipher_info));
597
598 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
599
600 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec,
601 key, mbedtls_cipher_info_get_key_bitlen(cipher_info),
602 MBEDTLS_DECRYPT));
603
604 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
605
606 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
607
608#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING) && defined(MBEDTLS_CIPHER_PADDING_PKCS7)
609 if (ctx_dec.cipher_info->mode == MBEDTLS_MODE_CBC) {
610 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec,
611 MBEDTLS_PADDING_PKCS7));
612 }
613#endif
614
615#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
616 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM ||
617 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ?
618 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
619
620 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0));
621#endif
622
623 /* decode 0-byte string */
624 TEST_ASSERT(expected_update_ret ==
625 mbedtls_cipher_update(&ctx_dec, encbuf, 0, decbuf, &outlen));
626 TEST_ASSERT(0 == outlen);
627
628 if (expected_finish_ret == 0 &&
629 (cipher_info->mode == MBEDTLS_MODE_CBC ||
630 cipher_info->mode == MBEDTLS_MODE_ECB)) {
631 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
632 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
633 * decrypting an empty buffer.
634 * On the other hand, CBC and ECB ciphers need a full block of input.
635 */
636 expected_finish_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
637 }
638
639 TEST_ASSERT(expected_finish_ret == mbedtls_cipher_finish(
640 &ctx_dec, decbuf + outlen, &outlen));
641 TEST_ASSERT(0 == outlen);
642
643exit:
644 mbedtls_free(iv);
645 mbedtls_cipher_free(&ctx_dec);
646}
647/* END_CASE */
648
649/* BEGIN_CASE */
650void enc_dec_buf_multipart(int cipher_id, int key_len, int first_length_val,
651 int second_length_val, int pad_mode,
652 int first_encrypt_output_len, int second_encrypt_output_len,
653 int first_decrypt_output_len, int second_decrypt_output_len)
654{
655 size_t first_length = first_length_val;
656 size_t second_length = second_length_val;
657 size_t length = first_length + second_length;
658 size_t block_size;
659 size_t iv_len;
660 unsigned char key[32];
661 unsigned char iv[16];
662
663 mbedtls_cipher_context_t ctx_dec;
664 mbedtls_cipher_context_t ctx_enc;
665 const mbedtls_cipher_info_t *cipher_info;
666
667 unsigned char inbuf[64];
668 unsigned char encbuf[64];
669 unsigned char decbuf[64];
670
671 size_t outlen = 0;
672 size_t totaloutlen = 0;
673
674 memset(key, 0, 32);
675 memset(iv, 0, 16);
676
677 mbedtls_cipher_init(&ctx_dec);
678 mbedtls_cipher_init(&ctx_enc);
679
680 memset(inbuf, 5, 64);
681 memset(encbuf, 0, 64);
682 memset(decbuf, 0, 64);
683
684 /* Initialise enc and dec contexts */
685 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
686 TEST_ASSERT(NULL != cipher_info);
687
688 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
689 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
690
691 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_dec, key, key_len, MBEDTLS_DECRYPT));
692 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx_enc, key, key_len, MBEDTLS_ENCRYPT));
693
694#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
695 if (-1 != pad_mode) {
696 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_dec, pad_mode));
697 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx_enc, pad_mode));
698 }
699#else
700 (void) pad_mode;
701#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
702
703 if (NULL != strstr(cipher_info->name, "CCM*-NO-TAG")) {
704 iv_len = 13; /* For CCM, IV length is expected to be between 7 and 13 bytes.
705 * For CCM*-NO-TAG, IV length must be exactly 13 bytes long. */
706 } else if (cipher_info->type == MBEDTLS_CIPHER_CHACHA20 ||
707 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) {
708 iv_len = 12;
709 } else {
710 iv_len = sizeof(iv);
711 }
712
713 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
714 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len));
715
716 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_dec));
717 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx_enc));
718
719#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
720 int expected = (cipher_info->mode == MBEDTLS_MODE_GCM ||
721 cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ?
722 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
723
724 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_dec, NULL, 0));
725 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx_enc, NULL, 0));
726#endif
727
728 block_size = mbedtls_cipher_get_block_size(&ctx_enc);
729 TEST_ASSERT(block_size != 0);
730
731 /* encode length number of bytes from inbuf */
732 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_enc, inbuf, first_length, encbuf, &outlen));
733 TEST_ASSERT((size_t) first_encrypt_output_len == outlen);
734 totaloutlen = outlen;
735 TEST_ASSERT(0 ==
736 mbedtls_cipher_update(&ctx_enc, inbuf + first_length, second_length,
737 encbuf + totaloutlen,
738 &outlen));
739 TEST_ASSERT((size_t) second_encrypt_output_len == outlen);
740 totaloutlen += outlen;
741 TEST_ASSERT(totaloutlen == length ||
742 (totaloutlen % block_size == 0 &&
743 totaloutlen < length &&
744 totaloutlen + block_size > length));
745
746 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_enc, encbuf + totaloutlen, &outlen));
747 totaloutlen += outlen;
748 TEST_ASSERT(totaloutlen == length ||
749 (totaloutlen % block_size == 0 &&
750 totaloutlen > length &&
751 totaloutlen <= length + block_size));
752
753 /* decode the previously encoded string */
754 second_length = totaloutlen - first_length;
755 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx_dec, encbuf, first_length, decbuf, &outlen));
756 TEST_ASSERT((size_t) first_decrypt_output_len == outlen);
757 totaloutlen = outlen;
758 TEST_ASSERT(0 ==
759 mbedtls_cipher_update(&ctx_dec, encbuf + first_length, second_length,
760 decbuf + totaloutlen,
761 &outlen));
762 TEST_ASSERT((size_t) second_decrypt_output_len == outlen);
763 totaloutlen += outlen;
764
765 TEST_ASSERT(totaloutlen == length ||
766 (totaloutlen % block_size == 0 &&
767 totaloutlen < length &&
768 totaloutlen + block_size >= length));
769
770 TEST_ASSERT(0 == mbedtls_cipher_finish(&ctx_dec, decbuf + totaloutlen, &outlen));
771 totaloutlen += outlen;
772
773 TEST_ASSERT(totaloutlen == length);
774
775 TEST_ASSERT(0 == memcmp(inbuf, decbuf, length));
776
777exit:
778 mbedtls_cipher_free(&ctx_dec);
779 mbedtls_cipher_free(&ctx_enc);
780}
781/* END_CASE */
782
783/* BEGIN_CASE */
784void decrypt_test_vec(int cipher_id, int pad_mode, data_t *key,
785 data_t *iv, data_t *cipher,
786 data_t *clear, data_t *ad, data_t *tag,
787 int finish_result, int tag_result)
788{
789 unsigned char output[265];
790 mbedtls_cipher_context_t ctx;
791 size_t outlen, total_len;
792
793 mbedtls_cipher_init(&ctx);
794
795 memset(output, 0x00, sizeof(output));
796
797#if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
798 ((void) ad);
799 ((void) tag);
800#endif
801
802 /* Prepare context */
803 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx,
804 mbedtls_cipher_info_from_type(cipher_id)));
805 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT));
806#if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
807 if (pad_mode != -1) {
808 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
809 }
810#else
811 (void) pad_mode;
812#endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
813 TEST_ASSERT(0 == mbedtls_cipher_set_iv(&ctx, iv->x, iv->len));
814 TEST_ASSERT(0 == mbedtls_cipher_reset(&ctx));
815#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
816 int expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM ||
817 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ?
818 0 : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
819
820 TEST_EQUAL(expected, mbedtls_cipher_update_ad(&ctx, ad->x, ad->len));
821#endif
822
823 /* decode buffer and check tag->x */
824 total_len = 0;
825 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, cipher->x, cipher->len, output, &outlen));
826 total_len += outlen;
827 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
828 &outlen));
829 total_len += outlen;
830#if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
831 int tag_expected = (ctx.cipher_info->mode == MBEDTLS_MODE_GCM ||
832 ctx.cipher_info->type == MBEDTLS_CIPHER_CHACHA20_POLY1305) ?
833 tag_result : MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE;
834
835 TEST_EQUAL(tag_expected, mbedtls_cipher_check_tag(&ctx, tag->x, tag->len));
836#endif
837
838 /* check plaintext only if everything went fine */
839 if (0 == finish_result && 0 == tag_result) {
840 TEST_ASSERT(total_len == clear->len);
841 TEST_ASSERT(0 == memcmp(output, clear->x, clear->len));
842 }
843
844exit:
845 mbedtls_cipher_free(&ctx);
846}
847/* END_CASE */
848
849/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
850void auth_crypt_tv(int cipher_id, data_t *key, data_t *iv,
851 data_t *ad, data_t *cipher, data_t *tag,
852 char *result, data_t *clear, int use_psa)
853{
854 /*
855 * Take an AEAD ciphertext + tag and perform a pair
856 * of AEAD decryption and AEAD encryption. Check that
857 * this results in the expected plaintext, and that
858 * decryption and encryption are inverse to one another.
859 */
860
861 int ret;
862 int using_nist_kw, using_nist_kw_padding;
863
864 mbedtls_cipher_context_t ctx;
865 size_t outlen;
866
867 unsigned char *cipher_plus_tag = NULL;
868 size_t cipher_plus_tag_len;
869 unsigned char *decrypt_buf = NULL;
870 size_t decrypt_buf_len = 0;
871 unsigned char *encrypt_buf = NULL;
872 size_t encrypt_buf_len = 0;
873
874 /* Null pointers are documented as valid for inputs of length 0.
875 * The test framework passes non-null pointers, so set them to NULL.
876 * key, cipher and tag can't be empty. */
877 if (iv->len == 0) {
878 iv->x = NULL;
879 }
880 if (ad->len == 0) {
881 ad->x = NULL;
882 }
883 if (clear->len == 0) {
884 clear->x = NULL;
885 }
886
887 mbedtls_cipher_init(&ctx);
888
889 /* Initialize PSA Crypto */
890#if defined(MBEDTLS_USE_PSA_CRYPTO)
891 if (use_psa == 1) {
892 PSA_ASSERT(psa_crypto_init());
893 }
894#else
895 (void) use_psa;
896#endif
897
898 /*
899 * Are we using NIST_KW? with padding?
900 */
901 using_nist_kw_padding = cipher_id == MBEDTLS_CIPHER_AES_128_KWP ||
902 cipher_id == MBEDTLS_CIPHER_AES_192_KWP ||
903 cipher_id == MBEDTLS_CIPHER_AES_256_KWP;
904 using_nist_kw = cipher_id == MBEDTLS_CIPHER_AES_128_KW ||
905 cipher_id == MBEDTLS_CIPHER_AES_192_KW ||
906 cipher_id == MBEDTLS_CIPHER_AES_256_KW ||
907 using_nist_kw_padding;
908
909 /*
910 * Prepare context for decryption
911 */
912 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
913 MBEDTLS_DECRYPT)) {
914 goto exit;
915 }
916
917 /*
918 * prepare buffer for decryption
919 * (we need the tag appended to the ciphertext)
920 */
921 cipher_plus_tag_len = cipher->len + tag->len;
922 TEST_CALLOC(cipher_plus_tag, cipher_plus_tag_len);
923 memcpy(cipher_plus_tag, cipher->x, cipher->len);
924 memcpy(cipher_plus_tag + cipher->len, tag->x, tag->len);
925
926 /*
927 * Compute length of output buffer according to the documentation
928 */
929 if (using_nist_kw) {
930 decrypt_buf_len = cipher_plus_tag_len - 8;
931 } else {
932 decrypt_buf_len = cipher_plus_tag_len - tag->len;
933 }
934
935
936 /*
937 * Try decrypting to a buffer that's 1B too small
938 */
939 if (decrypt_buf_len != 0) {
940 TEST_CALLOC(decrypt_buf, decrypt_buf_len - 1);
941
942 outlen = 0;
943 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
944 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
945 decrypt_buf, decrypt_buf_len - 1, &outlen, tag->len);
946 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA);
947
948 mbedtls_free(decrypt_buf);
949 decrypt_buf = NULL;
950 }
951
952 /*
953 * Authenticate and decrypt, and check result
954 */
955 TEST_CALLOC(decrypt_buf, decrypt_buf_len);
956
957 outlen = 0;
958 ret = mbedtls_cipher_auth_decrypt_ext(&ctx, iv->x, iv->len,
959 ad->x, ad->len, cipher_plus_tag, cipher_plus_tag_len,
960 decrypt_buf, decrypt_buf_len, &outlen, tag->len);
961
962 if (strcmp(result, "FAIL") == 0) {
963 TEST_ASSERT(ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED);
964 TEST_ASSERT(buffer_is_all_zero(decrypt_buf, decrypt_buf_len));
965 } else {
966 TEST_ASSERT(ret == 0);
967 TEST_MEMORY_COMPARE(decrypt_buf, outlen, clear->x, clear->len);
968 }
969
970 mbedtls_free(decrypt_buf);
971 decrypt_buf = NULL;
972
973 /*
974 * Encrypt back if test data was authentic
975 */
976 if (strcmp(result, "FAIL") != 0) {
977 /* prepare context for encryption */
978 if (!cipher_reset_key(&ctx, cipher_id, use_psa, tag->len, key,
979 MBEDTLS_ENCRYPT)) {
980 goto exit;
981 }
982
983 /*
984 * Compute size of output buffer according to documentation
985 */
986 if (using_nist_kw) {
987 encrypt_buf_len = clear->len + 8;
988 if (using_nist_kw_padding && encrypt_buf_len % 8 != 0) {
989 encrypt_buf_len += 8 - encrypt_buf_len % 8;
990 }
991 } else {
992 encrypt_buf_len = clear->len + tag->len;
993 }
994
995 /*
996 * Try encrypting with an output buffer that's 1B too small
997 */
998 TEST_CALLOC(encrypt_buf, encrypt_buf_len - 1);
999
1000 outlen = 0;
1001 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
1002 ad->x, ad->len, clear->x, clear->len,
1003 encrypt_buf, encrypt_buf_len - 1, &outlen, tag->len);
1004 TEST_ASSERT(ret != 0);
1005
1006 mbedtls_free(encrypt_buf);
1007 encrypt_buf = NULL;
1008
1009 /*
1010 * Encrypt and check the result
1011 */
1012 TEST_CALLOC(encrypt_buf, encrypt_buf_len);
1013
1014 outlen = 0;
1015 ret = mbedtls_cipher_auth_encrypt_ext(&ctx, iv->x, iv->len,
1016 ad->x, ad->len, clear->x, clear->len,
1017 encrypt_buf, encrypt_buf_len, &outlen, tag->len);
1018 TEST_ASSERT(ret == 0);
1019
1020 TEST_ASSERT(outlen == cipher->len + tag->len);
1021 TEST_ASSERT(memcmp(encrypt_buf, cipher->x, cipher->len) == 0);
1022 TEST_ASSERT(memcmp(encrypt_buf + cipher->len,
1023 tag->x, tag->len) == 0);
1024
1025 mbedtls_free(encrypt_buf);
1026 encrypt_buf = NULL;
1027 }
1028
1029exit:
1030
1031 mbedtls_cipher_free(&ctx);
1032 mbedtls_free(decrypt_buf);
1033 mbedtls_free(encrypt_buf);
1034 mbedtls_free(cipher_plus_tag);
1035
1036#if defined(MBEDTLS_USE_PSA_CRYPTO)
1037 if (use_psa == 1) {
1038 PSA_DONE();
1039 }
1040#endif /* MBEDTLS_USE_PSA_CRYPTO */
1041}
1042/* END_CASE */
1043
1044/* BEGIN_CASE */
1045void test_vec_ecb(int cipher_id, int operation, data_t *key,
1046 data_t *input, data_t *result, int finish_result
1047 )
1048{
1049 mbedtls_cipher_context_t ctx;
1050 unsigned char output[32];
1051 size_t outlen;
1052
1053 mbedtls_cipher_init(&ctx);
1054
1055 memset(output, 0x00, sizeof(output));
1056
1057 /* Prepare context */
1058 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx,
1059 mbedtls_cipher_info_from_type(cipher_id)));
1060
1061
1062 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation));
1063
1064 TEST_ASSERT(0 == mbedtls_cipher_update(&ctx, input->x,
1065 mbedtls_cipher_get_block_size(&ctx),
1066 output, &outlen));
1067 TEST_ASSERT(outlen == mbedtls_cipher_get_block_size(&ctx));
1068 TEST_ASSERT(finish_result == mbedtls_cipher_finish(&ctx, output + outlen,
1069 &outlen));
1070 TEST_ASSERT(0 == outlen);
1071
1072 /* check plaintext only if everything went fine */
1073 if (0 == finish_result) {
1074 TEST_ASSERT(0 == memcmp(output, result->x,
1075 mbedtls_cipher_get_block_size(&ctx)));
1076 }
1077
1078exit:
1079 mbedtls_cipher_free(&ctx);
1080}
1081/* END_CASE */
1082
1083/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
1084void test_vec_crypt(int cipher_id, int operation, data_t *key,
1085 data_t *iv, data_t *input, data_t *result,
1086 int finish_result, int use_psa)
1087{
1088 mbedtls_cipher_context_t ctx;
1089 unsigned char output[32];
1090 size_t outlen;
1091
1092 mbedtls_cipher_init(&ctx);
1093
1094 memset(output, 0x00, sizeof(output));
1095
1096 /* Prepare context */
1097#if !defined(MBEDTLS_USE_PSA_CRYPTO) || !defined(MBEDTLS_TEST_DEPRECATED)
1098 (void) use_psa;
1099#else
1100 if (use_psa == 1) {
1101 PSA_ASSERT(psa_crypto_init());
1102 TEST_ASSERT(0 == mbedtls_cipher_setup_psa(&ctx,
1103 mbedtls_cipher_info_from_type(cipher_id), 0));
1104 } else
1105#endif /* !MBEDTLS_USE_PSA_CRYPTO || !MBEDTLS_TEST_DEPRECATED*/
1106 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx,
1107 mbedtls_cipher_info_from_type(cipher_id)));
1108
1109 TEST_ASSERT(0 == mbedtls_cipher_setkey(&ctx, key->x, 8 * key->len, operation));
1110 if (MBEDTLS_MODE_CBC == ctx.cipher_info->mode) {
1111 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE));
1112 }
1113
1114 TEST_ASSERT(finish_result == mbedtls_cipher_crypt(&ctx, iv->len ? iv->x : NULL,
1115 iv->len, input->x, input->len,
1116 output, &outlen));
1117 TEST_ASSERT(result->len == outlen);
1118 /* check plaintext only if everything went fine */
1119 if (0 == finish_result) {
1120 TEST_ASSERT(0 == memcmp(output, result->x, outlen));
1121 }
1122
1123exit:
1124 mbedtls_cipher_free(&ctx);
1125#if defined(MBEDTLS_USE_PSA_CRYPTO) && defined(MBEDTLS_TEST_DEPRECATED)
1126 PSA_DONE();
1127#endif /* MBEDTLS_USE_PSA_CRYPTO && MBEDTLS_TEST_DEPRECATED */
1128}
1129/* END_CASE */
1130
1131/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
1132void set_padding(int cipher_id, int pad_mode, int ret)
1133{
1134 const mbedtls_cipher_info_t *cipher_info;
1135 mbedtls_cipher_context_t ctx;
1136
1137 mbedtls_cipher_init(&ctx);
1138
1139 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
1140 TEST_ASSERT(NULL != cipher_info);
1141 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx, cipher_info));
1142
1143 TEST_ASSERT(ret == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
1144
1145exit:
1146 mbedtls_cipher_free(&ctx);
1147}
1148/* END_CASE */
1149
1150/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
1151void check_padding(int pad_mode, data_t *input, int ret, int dlen_check
1152 )
1153{
1154 mbedtls_cipher_info_t cipher_info;
1155 mbedtls_cipher_context_t ctx;
1156 size_t dlen;
1157
1158 /* build a fake context just for getting access to get_padding */
1159 mbedtls_cipher_init(&ctx);
1160 cipher_info.mode = MBEDTLS_MODE_CBC;
1161 ctx.cipher_info = &cipher_info;
1162
1163 TEST_ASSERT(0 == mbedtls_cipher_set_padding_mode(&ctx, pad_mode));
1164
1165
1166 TEST_ASSERT(ret == ctx.get_padding(input->x, input->len, &dlen));
1167 if (0 == ret) {
1168 TEST_ASSERT(dlen == (size_t) dlen_check);
1169 }
1170}
1171/* END_CASE */
1172
1173/* BEGIN_CASE */
1174void iv_len_validity(int cipher_id, char *cipher_string,
1175 int iv_len_val, int ret)
1176{
1177 size_t iv_len = iv_len_val;
1178 unsigned char iv[16];
1179
1180 /* Initialise iv buffer */
1181 memset(iv, 0, sizeof(iv));
1182
1183 const mbedtls_cipher_info_t *cipher_info;
1184 mbedtls_cipher_context_t ctx_dec;
1185 mbedtls_cipher_context_t ctx_enc;
1186
1187 /*
1188 * Prepare contexts
1189 */
1190 mbedtls_cipher_init(&ctx_dec);
1191 mbedtls_cipher_init(&ctx_enc);
1192
1193 /* Check and get info structures */
1194 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
1195 TEST_ASSERT(NULL != cipher_info);
1196 TEST_ASSERT(mbedtls_cipher_info_from_string(cipher_string) == cipher_info);
1197 TEST_ASSERT(strcmp(mbedtls_cipher_info_get_name(cipher_info),
1198 cipher_string) == 0);
1199
1200 /* Initialise enc and dec contexts */
1201 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_dec, cipher_info));
1202 TEST_ASSERT(0 == mbedtls_cipher_setup(&ctx_enc, cipher_info));
1203
1204 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_dec, iv, iv_len));
1205 TEST_ASSERT(ret == mbedtls_cipher_set_iv(&ctx_enc, iv, iv_len));
1206
1207exit:
1208 mbedtls_cipher_free(&ctx_dec);
1209 mbedtls_cipher_free(&ctx_enc);
1210}
1211/* END_CASE */
1212
1213/* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
1214void check_set_padding(int cipher_id)
1215{
1216 mbedtls_cipher_context_t ctx;
1217 unsigned char *key = NULL;
1218 unsigned char iv[16] = { 0 };
1219 unsigned char input[16] = { 0 };
1220 unsigned char output[32] = { 0 };
1221 size_t outlen = 0;
1222 const mbedtls_cipher_info_t *cipher_info;
1223 size_t keylen = 0;
1224
1225 mbedtls_cipher_init(&ctx);
1226
1227 cipher_info = mbedtls_cipher_info_from_type(cipher_id);
1228
1229 if (cipher_info->mode != MBEDTLS_MODE_CBC) {
1230 TEST_FAIL("Cipher mode must be CBC");
1231 }
1232
1233 keylen = mbedtls_cipher_info_get_key_bitlen(cipher_info);
1234 TEST_CALLOC(key, keylen/8);
1235 memset(key, 0, keylen/8);
1236
1237 TEST_EQUAL(0, mbedtls_cipher_setup(&ctx, cipher_info));
1238
1239 TEST_EQUAL(0, mbedtls_cipher_setkey(&ctx, key, keylen,
1240 MBEDTLS_ENCRYPT));
1241
1242 TEST_EQUAL(MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
1243 mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input,
1244 sizeof(input), output, &outlen));
1245
1246 TEST_EQUAL(0, mbedtls_cipher_set_padding_mode(&ctx, MBEDTLS_PADDING_NONE));
1247 TEST_EQUAL(0, mbedtls_cipher_crypt(&ctx, iv, sizeof(iv), input,
1248 sizeof(input), output, &outlen));
1249
1250exit:
1251 mbedtls_cipher_free(&ctx);
1252 mbedtls_free(key);
1253}
1254/* END_CASE */