mbedtls/tests/suites/test_suite_chachapoly.function
Manuel Pégourié-Gonnard 3dc62a0a9b chachapoly: force correct mode for integrated API
Allowing DECRYPT with crypt_and_tag is a risk as people might fail to check
the tag correctly (or at all). So force them to use auth_decrypt() instead.

See also https://github.com/ARMmbed/mbedtls/pull/1668
2018-06-04 12:18:19 +02:00

348 lines
14 KiB
Plaintext

/* BEGIN_HEADER */
#include "mbedtls/chachapoly.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_CHACHAPOLY_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void mbedtls_chachapoly_enc( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string )
{
unsigned char key_str[32]; /* size set by the standard */
unsigned char nonce_str[12]; /* size set by the standard */
unsigned char aad_str[12]; /* max size of test data so far */
unsigned char input_str[265]; /* max size of binary input/output so far */
unsigned char output_str[265];
unsigned char output[265];
unsigned char mac_str[16]; /* size set by the standard */
unsigned char mac[16]; /* size set by the standard */
size_t input_len;
size_t output_len;
size_t aad_len;
size_t key_len;
size_t nonce_len;
size_t mac_len;
mbedtls_chachapoly_context ctx;
memset( key_str, 0x00, sizeof( key_str ) );
memset( nonce_str, 0x00, sizeof( nonce_str ) );
memset( aad_str, 0x00, sizeof( aad_str ) );
memset( input_str, 0x00, sizeof( input_str ) );
memset( output_str, 0x00, sizeof( output_str ) );
memset( mac_str, 0x00, sizeof( mac_str ) );
aad_len = unhexify( aad_str, hex_aad_string );
input_len = unhexify( input_str, hex_input_string );
output_len = unhexify( output_str, hex_output_string );
key_len = unhexify( key_str, hex_key_string );
nonce_len = unhexify( nonce_str, hex_nonce_string );
mac_len = unhexify( mac_str, hex_mac_string );
TEST_ASSERT( key_len == 32 );
TEST_ASSERT( nonce_len == 12 );
TEST_ASSERT( mac_len == 16 );
mbedtls_chachapoly_init( &ctx );
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
input_len, nonce_str,
aad_str, aad_len,
input_str, output, mac ) == 0 );
TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
TEST_ASSERT( memcmp( mac_str, mac, 16U ) == 0 );
exit:
mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_chachapoly_dec( char *hex_key_string, char *hex_nonce_string, char *hex_aad_string, char *hex_input_string, char *hex_output_string, char *hex_mac_string, int ret_exp )
{
unsigned char key_str[32]; /* size set by the standard */
unsigned char nonce_str[12]; /* size set by the standard */
unsigned char aad_str[12]; /* max size of test data so far */
unsigned char input_str[265]; /* max size of binary input/output so far */
unsigned char output_str[265];
unsigned char output[265];
unsigned char mac_str[16]; /* size set by the standard */
size_t input_len;
size_t output_len;
size_t aad_len;
size_t key_len;
size_t nonce_len;
size_t mac_len;
int ret;
mbedtls_chachapoly_context ctx;
memset( key_str, 0x00, sizeof( key_str ) );
memset( nonce_str, 0x00, sizeof( nonce_str ) );
memset( aad_str, 0x00, sizeof( aad_str ) );
memset( input_str, 0x00, sizeof( input_str ) );
memset( output_str, 0x00, sizeof( output_str ) );
memset( mac_str, 0x00, sizeof( mac_str ) );
aad_len = unhexify( aad_str, hex_aad_string );
input_len = unhexify( input_str, hex_input_string );
output_len = unhexify( output_str, hex_output_string );
key_len = unhexify( key_str, hex_key_string );
nonce_len = unhexify( nonce_str, hex_nonce_string );
mac_len = unhexify( mac_str, hex_mac_string );
TEST_ASSERT( key_len == 32 );
TEST_ASSERT( nonce_len == 12 );
TEST_ASSERT( mac_len == 16 );
mbedtls_chachapoly_init( &ctx );
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str ) == 0 );
ret = mbedtls_chachapoly_auth_decrypt( &ctx,
input_len, nonce_str,
aad_str, aad_len,
mac_str, input_str, output );
TEST_ASSERT( ret == ret_exp );
if( ret_exp == 0 )
{
TEST_ASSERT( memcmp( output_str, output, output_len ) == 0 );
}
exit:
mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void chachapoly_bad_params()
{
unsigned char key[32];
unsigned char nonce[12];
unsigned char aad[1];
unsigned char input[1];
unsigned char output[1];
unsigned char mac[16];
size_t input_len = sizeof( input );
size_t aad_len = sizeof( aad );
mbedtls_chachapoly_context ctx;
memset( key, 0x00, sizeof( key ) );
memset( nonce, 0x00, sizeof( nonce ) );
memset( aad, 0x00, sizeof( aad ) );
memset( input, 0x00, sizeof( input ) );
memset( output, 0x00, sizeof( output ) );
memset( mac, 0x00, sizeof( mac ) );
mbedtls_chachapoly_init( NULL );
mbedtls_chachapoly_free( NULL );
mbedtls_chachapoly_init( &ctx );
TEST_ASSERT( mbedtls_chachapoly_setkey( NULL, key )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, NULL )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( NULL,
0, nonce,
aad, 0,
input, output, mac )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
0, NULL,
aad, 0,
input, output, mac )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
0, nonce,
NULL, aad_len,
input, output, mac )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
input_len, nonce,
aad, 0,
NULL, output, mac )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
input_len, nonce,
aad, 0,
input, NULL, mac )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
0, nonce,
aad, 0,
input, output, NULL )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( NULL,
0, nonce,
aad, 0,
mac, input, output )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
0, NULL,
aad, 0,
mac, input, output )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
0, nonce,
NULL, aad_len,
mac, input, output )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
0, nonce,
aad, 0,
NULL, input, output )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
input_len, nonce,
aad, 0,
mac, NULL, output )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
input_len, nonce,
aad, 0,
mac, input, NULL )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
0, nonce,
aad, aad_len,
NULL, NULL, mac )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
0, nonce,
aad, aad_len,
mac, NULL, NULL )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
input_len, nonce,
NULL, 0,
input, output, mac )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_auth_decrypt( &ctx,
input_len, nonce,
NULL, 0,
mac, input, output )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_starts( NULL, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, NULL, MBEDTLS_CHACHAPOLY_ENCRYPT )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_update_aad( NULL, aad, aad_len )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, NULL, aad_len )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_update( NULL, input_len, input, output )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, NULL, output )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, NULL )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_finish( NULL, mac )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, NULL )
== MBEDTLS_ERR_POLY1305_BAD_INPUT_DATA );
exit:
mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void chachapoly_state()
{
unsigned char key[32];
unsigned char nonce[12];
unsigned char aad[1];
unsigned char input[1];
unsigned char output[1];
unsigned char mac[16];
size_t input_len = sizeof( input );
size_t aad_len = sizeof( aad );
mbedtls_chachapoly_context ctx;
memset( key, 0x00, sizeof( key ) );
memset( nonce, 0x00, sizeof( nonce ) );
memset( aad, 0x00, sizeof( aad ) );
memset( input, 0x00, sizeof( input ) );
memset( output, 0x00, sizeof( output ) );
memset( mac, 0x00, sizeof( mac ) );
/* Initial state: finish, update, update_aad forbidden */
mbedtls_chachapoly_init( &ctx );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Still initial state: finish, update, update_aad forbidden */
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Starts -> finish OK */
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== 0 );
/* After finish: update, update_aad forbidden */
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Starts -> update* OK */
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== 0 );
/* After update: update_aad forbidden */
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Starts -> update_aad* -> finish OK */
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== 0 );
exit:
mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chachapoly_selftest()
{
TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
}
/* END_CASE */