mirror of
https://github.com/yuzu-emu/mbedtls.git
synced 2024-12-23 19:35:31 +00:00
8dd03cd1aa
Add tests for Key wrapping. Test vectors taken from the standards.
344 lines
11 KiB
Plaintext
344 lines
11 KiB
Plaintext
/* BEGIN_HEADER */
|
|
#include "mbedtls/nist_kw.h"
|
|
/* END_HEADER */
|
|
|
|
/* BEGIN_DEPENDENCIES
|
|
* depends_on:MBEDTLS_NIST_KW_C
|
|
* END_DEPENDENCIES
|
|
*/
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST:MBEDTLS_AES_C */
|
|
void mbedtls_nist_kw_self_test( )
|
|
{
|
|
TEST_ASSERT( mbedtls_nist_kw_self_test( 1 ) == 0 );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
|
|
void mbedtls_nist_kw_mix_contexts( )
|
|
{
|
|
mbedtls_nist_kw_context ctx1, ctx2;
|
|
unsigned char key[16];
|
|
unsigned char plaintext[32];
|
|
unsigned char ciphertext1[40];
|
|
unsigned char ciphertext2[40];
|
|
size_t output_len, i;
|
|
|
|
memset( plaintext, 0, sizeof( plaintext ) );
|
|
memset( ciphertext1, 0, sizeof( ciphertext1 ) );
|
|
memset( ciphertext2, 0, sizeof( ciphertext2 ) );
|
|
memset( key, 0, sizeof( key ) );
|
|
|
|
/*
|
|
* 1. Check wrap and unwrap with two seperate contexts
|
|
*/
|
|
mbedtls_nist_kw_init( &ctx1 );
|
|
mbedtls_nist_kw_init( &ctx2 );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx1,
|
|
MBEDTLS_CIPHER_ID_AES,
|
|
key, sizeof( key ) * 8,
|
|
1 ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KW,
|
|
plaintext, sizeof( plaintext ),
|
|
ciphertext1, &output_len,
|
|
sizeof( ciphertext1 ) ) == 0 );
|
|
TEST_ASSERT( output_len == sizeof( ciphertext1 ) );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx2,
|
|
MBEDTLS_CIPHER_ID_AES,
|
|
key, sizeof( key ) * 8,
|
|
0 ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KW,
|
|
ciphertext1, output_len,
|
|
plaintext, &output_len,
|
|
sizeof( plaintext ) ) == 0 );
|
|
|
|
TEST_ASSERT( output_len == sizeof( plaintext ) );
|
|
for( i = 0; i < sizeof( plaintext ); i++ )
|
|
{
|
|
TEST_ASSERT( plaintext[i] == 0 );
|
|
}
|
|
mbedtls_nist_kw_free( &ctx1 );
|
|
mbedtls_nist_kw_free( &ctx2 );
|
|
|
|
/*
|
|
* 2. Check wrapping with two modes, on same context
|
|
*/
|
|
mbedtls_nist_kw_init( &ctx1 );
|
|
mbedtls_nist_kw_init( &ctx2 );
|
|
output_len = sizeof( ciphertext1 );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx1,
|
|
MBEDTLS_CIPHER_ID_AES,
|
|
key, sizeof( key ) * 8,
|
|
1 ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KW,
|
|
plaintext, sizeof( plaintext ),
|
|
ciphertext1, &output_len,
|
|
sizeof( ciphertext1 ) ) == 0 );
|
|
TEST_ASSERT( output_len == sizeof( ciphertext1 ) );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx1, MBEDTLS_KW_MODE_KWP,
|
|
plaintext, sizeof( plaintext ),
|
|
ciphertext2, &output_len,
|
|
sizeof( ciphertext2 ) ) == 0 );
|
|
|
|
TEST_ASSERT( output_len == sizeof( ciphertext2 ) );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx2,
|
|
MBEDTLS_CIPHER_ID_AES,
|
|
key, sizeof( key ) * 8,
|
|
0 ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KW,
|
|
ciphertext1, sizeof( ciphertext1 ),
|
|
plaintext, &output_len,
|
|
sizeof( plaintext ) ) == 0 );
|
|
|
|
TEST_ASSERT( output_len == sizeof( plaintext ) );
|
|
|
|
for( i = 0; i < sizeof( plaintext ); i++ )
|
|
{
|
|
TEST_ASSERT( plaintext[i] == 0 );
|
|
}
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx2, MBEDTLS_KW_MODE_KWP,
|
|
ciphertext2, sizeof( ciphertext2 ),
|
|
plaintext, &output_len,
|
|
sizeof( plaintext ) ) == 0 );
|
|
|
|
TEST_ASSERT( output_len == sizeof( plaintext ) );
|
|
|
|
for( i = 0; i < sizeof( plaintext ); i++ )
|
|
{
|
|
TEST_ASSERT( plaintext[i] == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_nist_kw_free( &ctx1 );
|
|
mbedtls_nist_kw_free( &ctx2 );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void mbedtls_nist_kw_setkey( int cipher_id, int key_size,
|
|
int is_wrap, int result )
|
|
{
|
|
mbedtls_nist_kw_context ctx;
|
|
unsigned char key[32];
|
|
int ret;
|
|
|
|
mbedtls_nist_kw_init( &ctx );
|
|
|
|
memset( key, 0x2A, sizeof( key ) );
|
|
TEST_ASSERT( (unsigned) key_size <= 8 * sizeof( key ) );
|
|
|
|
ret = mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_size, is_wrap );
|
|
TEST_ASSERT( ret == result );
|
|
|
|
exit:
|
|
mbedtls_nist_kw_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
|
|
void nist_kw_plaintext_lengths( int in_len, int out_len, int mode, int res )
|
|
{
|
|
mbedtls_nist_kw_context ctx;
|
|
unsigned char key[16];
|
|
unsigned char *plaintext = NULL;
|
|
unsigned char *ciphertext = NULL;
|
|
size_t output_len = out_len;
|
|
|
|
mbedtls_nist_kw_init( &ctx );
|
|
|
|
memset( key, 0, sizeof( key ) );
|
|
|
|
if (in_len == 0)
|
|
{
|
|
/* mbedtls_calloc can return NULL for zero-length buffers. Make sure we
|
|
* always have a plaintext buffer, even if the length is 0. */
|
|
plaintext = mbedtls_calloc( 1, 1 );
|
|
}
|
|
else
|
|
{
|
|
plaintext = mbedtls_calloc( 1, in_len );
|
|
}
|
|
TEST_ASSERT( plaintext != NULL );
|
|
ciphertext = mbedtls_calloc( 1, output_len );
|
|
TEST_ASSERT( ciphertext != NULL );
|
|
|
|
memset( plaintext, 0, in_len );
|
|
memset( ciphertext, 0, output_len );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
|
|
key, 8 * sizeof( key ), 1 ) == 0 );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, plaintext, in_len,
|
|
ciphertext, &output_len,
|
|
output_len ) == res );
|
|
if( res == 0 )
|
|
{
|
|
if( mode == MBEDTLS_KW_MODE_KWP )
|
|
TEST_ASSERT( output_len == (size_t) in_len + 8 -
|
|
( in_len % 8 ) + 8 );
|
|
else
|
|
TEST_ASSERT( output_len == (size_t) in_len + 8 );
|
|
}
|
|
else
|
|
{
|
|
TEST_ASSERT( output_len == 0 );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_free( ciphertext );
|
|
mbedtls_free( plaintext );
|
|
mbedtls_nist_kw_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE depends_on:MBEDTLS_AES_C */
|
|
void nist_kw_ciphertext_lengths( int in_len, int out_len, int mode, int res )
|
|
{
|
|
mbedtls_nist_kw_context ctx;
|
|
unsigned char key[16];
|
|
unsigned char *plaintext = NULL;
|
|
unsigned char *ciphertext = NULL;
|
|
int unwrap_ret;
|
|
size_t output_len = out_len;
|
|
|
|
mbedtls_nist_kw_init( &ctx );
|
|
|
|
memset( key, 0, sizeof( key ) );
|
|
|
|
plaintext = mbedtls_calloc( 1, output_len );
|
|
TEST_ASSERT( plaintext != NULL );
|
|
ciphertext = mbedtls_calloc( 1, in_len );
|
|
TEST_ASSERT( ciphertext != NULL );
|
|
|
|
memset( plaintext, 0, output_len );
|
|
memset( ciphertext, 0, in_len );
|
|
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, MBEDTLS_CIPHER_ID_AES,
|
|
key, 8 * sizeof( key ), 0 ) == 0 );
|
|
unwrap_ret = mbedtls_nist_kw_unwrap( &ctx, mode, ciphertext, in_len,
|
|
plaintext, &output_len,
|
|
output_len );
|
|
|
|
if( res == 0 )
|
|
TEST_ASSERT( unwrap_ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
|
|
else
|
|
TEST_ASSERT( unwrap_ret == res );
|
|
|
|
TEST_ASSERT( output_len == 0 );
|
|
|
|
exit:
|
|
mbedtls_free( ciphertext );
|
|
mbedtls_free( plaintext );
|
|
mbedtls_nist_kw_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void mbedtls_nist_kw_wrap( int cipher_id, int mode,
|
|
char *key_hex, char *msg_hex,
|
|
char *result_hex )
|
|
{
|
|
unsigned char key[32];
|
|
unsigned char msg[512];
|
|
unsigned char result[528];
|
|
unsigned char expected_result[528];
|
|
mbedtls_nist_kw_context ctx;
|
|
size_t key_len, msg_len, output_len, result_len, i, padlen;
|
|
|
|
mbedtls_nist_kw_init( &ctx );
|
|
|
|
memset( key, 0x00, sizeof( key ) );
|
|
memset( msg, 0x00, sizeof( msg ) );
|
|
memset( result, '+', sizeof( result ) );
|
|
|
|
key_len = unhexify( key, key_hex );
|
|
msg_len = unhexify( msg, msg_hex );
|
|
result_len = unhexify( expected_result, result_hex );
|
|
output_len = sizeof( result );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 1 )
|
|
== 0 );
|
|
|
|
/* Test with input == output */
|
|
TEST_ASSERT( mbedtls_nist_kw_wrap( &ctx, mode, msg, msg_len,
|
|
result, &output_len, sizeof( result ) ) == 0 );
|
|
|
|
TEST_ASSERT( output_len == result_len );
|
|
|
|
TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 );
|
|
|
|
padlen = ( msg_len % 8 != 0 ) ? 8 - (msg_len % 8 ) : 0;
|
|
/* Check that the function didn't write beyond the end of the buffer. */
|
|
for( i = msg_len + 8 + padlen; i < sizeof( result ); i++ )
|
|
{
|
|
TEST_ASSERT( result[i] == '+' );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_nist_kw_free( &ctx );
|
|
}
|
|
/* END_CASE */
|
|
|
|
/* BEGIN_CASE */
|
|
void mbedtls_nist_kw_unwrap( int cipher_id, int mode,
|
|
char *key_hex, char *msg_hex,
|
|
char *result_hex, int expected_ret )
|
|
{
|
|
unsigned char key[32];
|
|
unsigned char msg[528];
|
|
unsigned char result[528];
|
|
unsigned char expected_result[528];
|
|
mbedtls_nist_kw_context ctx;
|
|
size_t key_len, msg_len, output_len, result_len, i;
|
|
|
|
mbedtls_nist_kw_init( &ctx );
|
|
|
|
memset( key, 0x00, sizeof( key ) );
|
|
memset( msg, 0x00, sizeof( msg ) );
|
|
memset( result, '+', sizeof( result ) );
|
|
memset( expected_result, 0x00, sizeof( expected_result ) );
|
|
|
|
key_len = unhexify( key, key_hex );
|
|
msg_len = unhexify( msg, msg_hex );
|
|
result_len = unhexify( expected_result, result_hex );
|
|
output_len = sizeof( result );
|
|
|
|
TEST_ASSERT( mbedtls_nist_kw_setkey( &ctx, cipher_id, key, key_len * 8, 0 )
|
|
== 0 );
|
|
|
|
/* Test with input == output */
|
|
TEST_ASSERT( mbedtls_nist_kw_unwrap( &ctx, mode, msg, msg_len,
|
|
result, &output_len, sizeof( result ) ) == expected_ret );
|
|
if( expected_ret == 0 )
|
|
{
|
|
TEST_ASSERT( output_len == result_len );
|
|
TEST_ASSERT( memcmp( expected_result, result, result_len ) == 0 );
|
|
}
|
|
else
|
|
{
|
|
TEST_ASSERT( output_len == 0 );
|
|
}
|
|
|
|
/* Check that the function didn't write beyond the end of the buffer. */
|
|
for( i = msg_len - 8; i < sizeof( result ); i++ )
|
|
{
|
|
TEST_ASSERT( result[i] == '+' );
|
|
}
|
|
|
|
exit:
|
|
mbedtls_nist_kw_free( &ctx );
|
|
}
|
|
/* END_CASE */
|