2 #include "mbedtls/cipher.h"
4 #if defined(MBEDTLS_GCM_C)
5 #include "mbedtls/gcm.h"
10 * depends_on:MBEDTLS_CIPHER_C
15 void mbedtls_cipher_list( )
17 const int *cipher_type;
19 for( cipher_type = mbedtls_cipher_list(); *cipher_type != 0; cipher_type++ )
20 TEST_ASSERT( mbedtls_cipher_info_from_type( *cipher_type ) != NULL );
25 void cipher_invalid_param_unconditional( )
27 mbedtls_cipher_context_t valid_ctx;
28 mbedtls_cipher_context_t invalid_ctx;
29 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
30 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
31 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
32 int valid_size = sizeof(valid_buffer);
33 int valid_bitlen = valid_size * 8;
34 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
35 *( mbedtls_cipher_list() ) );
38 (void)valid_mode; /* In some configurations this is unused */
40 mbedtls_cipher_init( &valid_ctx );
41 mbedtls_cipher_setup( &valid_ctx, valid_info );
42 mbedtls_cipher_init( &invalid_ctx );
44 /* mbedtls_cipher_setup() */
45 TEST_ASSERT( mbedtls_cipher_setup( &valid_ctx, NULL ) ==
46 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
48 /* mbedtls_cipher_get_block_size() */
49 TEST_ASSERT( mbedtls_cipher_get_block_size( &invalid_ctx ) == 0 );
51 /* mbedtls_cipher_get_cipher_mode() */
52 TEST_ASSERT( mbedtls_cipher_get_cipher_mode( &invalid_ctx ) ==
55 /* mbedtls_cipher_get_iv_size() */
56 TEST_ASSERT( mbedtls_cipher_get_iv_size( &invalid_ctx ) == 0 );
58 /* mbedtls_cipher_get_type() */
60 mbedtls_cipher_get_type( &invalid_ctx ) ==
63 /* mbedtls_cipher_get_name() */
64 TEST_ASSERT( mbedtls_cipher_get_name( &invalid_ctx ) == 0 );
66 /* mbedtls_cipher_get_key_bitlen() */
67 TEST_ASSERT( mbedtls_cipher_get_key_bitlen( &invalid_ctx ) ==
68 MBEDTLS_KEY_LENGTH_NONE );
70 /* mbedtls_cipher_get_operation() */
71 TEST_ASSERT( mbedtls_cipher_get_operation( &invalid_ctx ) ==
72 MBEDTLS_OPERATION_NONE );
74 /* mbedtls_cipher_setkey() */
76 mbedtls_cipher_setkey( &invalid_ctx,
80 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
82 /* mbedtls_cipher_set_iv() */
84 mbedtls_cipher_set_iv( &invalid_ctx,
87 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
89 /* mbedtls_cipher_reset() */
90 TEST_ASSERT( mbedtls_cipher_reset( &invalid_ctx ) ==
91 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
93 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
94 /* mbedtls_cipher_update_ad() */
96 mbedtls_cipher_update_ad( &invalid_ctx,
99 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
100 #endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
102 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
103 /* mbedtls_cipher_set_padding_mode() */
104 TEST_ASSERT( mbedtls_cipher_set_padding_mode( &invalid_ctx, valid_mode ) ==
105 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
108 /* mbedtls_cipher_update() */
110 mbedtls_cipher_update( &invalid_ctx,
115 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
117 /* mbedtls_cipher_finish() */
119 mbedtls_cipher_finish( &invalid_ctx,
122 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
124 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
125 /* mbedtls_cipher_write_tag() */
127 mbedtls_cipher_write_tag( &invalid_ctx,
130 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
132 /* mbedtls_cipher_check_tag() */
134 mbedtls_cipher_check_tag( &invalid_ctx,
137 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
138 #endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
141 mbedtls_cipher_free( &invalid_ctx );
142 mbedtls_cipher_free( &valid_ctx );
146 /* BEGIN_CASE depends_on:MBEDTLS_CHECK_PARAMS:!MBEDTLS_PARAM_FAILED_ALT */
147 void cipher_invalid_param_conditional( )
149 mbedtls_cipher_context_t valid_ctx;
151 mbedtls_operation_t valid_operation = MBEDTLS_ENCRYPT;
152 mbedtls_operation_t invalid_operation = 100;
153 mbedtls_cipher_padding_t valid_mode = MBEDTLS_PADDING_ZEROS;
154 unsigned char valid_buffer[] = { 0x01, 0x02, 0x03, 0x04, 0x05, 0x06, 0x07 };
155 int valid_size = sizeof(valid_buffer);
156 int valid_bitlen = valid_size * 8;
157 const mbedtls_cipher_info_t *valid_info = mbedtls_cipher_info_from_type(
158 *( mbedtls_cipher_list() ) );
162 (void)valid_mode; /* In some configurations this is unused */
164 /* mbedtls_cipher_init() */
165 TEST_VALID_PARAM( mbedtls_cipher_init( &valid_ctx ) );
166 TEST_INVALID_PARAM( mbedtls_cipher_init( NULL ) );
168 /* mbedtls_cipher_setup() */
169 TEST_VALID_PARAM( mbedtls_cipher_setup( &valid_ctx, valid_info ) );
170 TEST_INVALID_PARAM_RET(
171 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
172 mbedtls_cipher_setup( NULL, valid_info ) );
174 /* mbedtls_cipher_get_block_size() */
175 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_block_size( NULL ) );
177 /* mbedtls_cipher_get_cipher_mode() */
178 TEST_INVALID_PARAM_RET(
180 mbedtls_cipher_get_cipher_mode( NULL ) );
182 /* mbedtls_cipher_get_iv_size() */
183 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_iv_size( NULL ) );
185 /* mbedtls_cipher_get_type() */
186 TEST_INVALID_PARAM_RET(
188 mbedtls_cipher_get_type( NULL ) );
190 /* mbedtls_cipher_get_name() */
191 TEST_INVALID_PARAM_RET( 0, mbedtls_cipher_get_name( NULL ) );
193 /* mbedtls_cipher_get_key_bitlen() */
194 TEST_INVALID_PARAM_RET(
195 MBEDTLS_KEY_LENGTH_NONE,
196 mbedtls_cipher_get_key_bitlen( NULL ) );
198 /* mbedtls_cipher_get_operation() */
199 TEST_INVALID_PARAM_RET(
200 MBEDTLS_OPERATION_NONE,
201 mbedtls_cipher_get_operation( NULL ) );
203 /* mbedtls_cipher_setkey() */
204 TEST_INVALID_PARAM_RET(
205 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
206 mbedtls_cipher_setkey( NULL,
210 TEST_INVALID_PARAM_RET(
211 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
212 mbedtls_cipher_setkey( &valid_ctx,
216 TEST_INVALID_PARAM_RET(
217 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
218 mbedtls_cipher_setkey( &valid_ctx,
221 invalid_operation ) );
223 /* mbedtls_cipher_set_iv() */
224 TEST_INVALID_PARAM_RET(
225 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
226 mbedtls_cipher_set_iv( NULL,
229 TEST_INVALID_PARAM_RET(
230 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
231 mbedtls_cipher_set_iv( &valid_ctx,
235 /* mbedtls_cipher_reset() */
236 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
237 mbedtls_cipher_reset( NULL ) );
239 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
240 /* mbedtls_cipher_update_ad() */
241 TEST_INVALID_PARAM_RET(
242 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
243 mbedtls_cipher_update_ad( NULL,
246 TEST_INVALID_PARAM_RET(
247 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
248 mbedtls_cipher_update_ad( &valid_ctx,
251 #endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
253 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
254 /* mbedtls_cipher_set_padding_mode() */
255 TEST_INVALID_PARAM_RET( MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
256 mbedtls_cipher_set_padding_mode( NULL, valid_mode ) );
259 /* mbedtls_cipher_update() */
260 TEST_INVALID_PARAM_RET(
261 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
262 mbedtls_cipher_update( NULL,
267 TEST_INVALID_PARAM_RET(
268 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
269 mbedtls_cipher_update( &valid_ctx,
273 TEST_INVALID_PARAM_RET(
274 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
275 mbedtls_cipher_update( &valid_ctx,
276 valid_buffer, valid_size,
279 TEST_INVALID_PARAM_RET(
280 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
281 mbedtls_cipher_update( &valid_ctx,
282 valid_buffer, valid_size,
286 /* mbedtls_cipher_finish() */
287 TEST_INVALID_PARAM_RET(
288 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
289 mbedtls_cipher_finish( NULL,
292 TEST_INVALID_PARAM_RET(
293 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
294 mbedtls_cipher_finish( &valid_ctx,
297 TEST_INVALID_PARAM_RET(
298 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
299 mbedtls_cipher_finish( &valid_ctx,
303 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
304 /* mbedtls_cipher_write_tag() */
305 TEST_INVALID_PARAM_RET(
306 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
307 mbedtls_cipher_write_tag( NULL,
310 TEST_INVALID_PARAM_RET(
311 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
312 mbedtls_cipher_write_tag( &valid_ctx,
316 /* mbedtls_cipher_check_tag() */
317 TEST_INVALID_PARAM_RET(
318 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
319 mbedtls_cipher_check_tag( NULL,
322 TEST_INVALID_PARAM_RET(
323 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
324 mbedtls_cipher_check_tag( &valid_ctx,
327 #endif /* defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C) */
329 /* mbedtls_cipher_crypt() */
330 TEST_INVALID_PARAM_RET(
331 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
332 mbedtls_cipher_crypt( NULL,
333 valid_buffer, valid_size,
334 valid_buffer, valid_size,
335 valid_buffer, &size_t_var ) );
336 TEST_INVALID_PARAM_RET(
337 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
338 mbedtls_cipher_crypt( &valid_ctx,
340 valid_buffer, valid_size,
341 valid_buffer, &size_t_var ) );
342 TEST_INVALID_PARAM_RET(
343 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
344 mbedtls_cipher_crypt( &valid_ctx,
345 valid_buffer, valid_size,
347 valid_buffer, &size_t_var ) );
348 TEST_INVALID_PARAM_RET(
349 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
350 mbedtls_cipher_crypt( &valid_ctx,
351 valid_buffer, valid_size,
352 valid_buffer, valid_size,
353 NULL, &size_t_var ) );
354 TEST_INVALID_PARAM_RET(
355 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
356 mbedtls_cipher_crypt( &valid_ctx,
357 valid_buffer, valid_size,
358 valid_buffer, valid_size,
359 valid_buffer, NULL ) );
361 #if defined(MBEDTLS_CIPHER_MODE_AEAD)
362 /* mbedtls_cipher_auth_encrypt() */
363 TEST_INVALID_PARAM_RET(
364 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
365 mbedtls_cipher_auth_encrypt( NULL,
366 valid_buffer, valid_size,
367 valid_buffer, valid_size,
368 valid_buffer, valid_size,
369 valid_buffer, &size_t_var,
370 valid_buffer, valid_size ) );
371 TEST_INVALID_PARAM_RET(
372 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
373 mbedtls_cipher_auth_encrypt( &valid_ctx,
375 valid_buffer, valid_size,
376 valid_buffer, valid_size,
377 valid_buffer, &size_t_var,
378 valid_buffer, valid_size ) );
379 TEST_INVALID_PARAM_RET(
380 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
381 mbedtls_cipher_auth_encrypt( &valid_ctx,
382 valid_buffer, valid_size,
384 valid_buffer, valid_size,
385 valid_buffer, &size_t_var,
386 valid_buffer, valid_size ) );
387 TEST_INVALID_PARAM_RET(
388 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
389 mbedtls_cipher_auth_encrypt( &valid_ctx,
390 valid_buffer, valid_size,
391 valid_buffer, valid_size,
393 valid_buffer, &size_t_var,
394 valid_buffer, valid_size ) );
395 TEST_INVALID_PARAM_RET(
396 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
397 mbedtls_cipher_auth_encrypt( &valid_ctx,
398 valid_buffer, valid_size,
399 valid_buffer, valid_size,
400 valid_buffer, valid_size,
402 valid_buffer, valid_size ) );
403 TEST_INVALID_PARAM_RET(
404 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
405 mbedtls_cipher_auth_encrypt( &valid_ctx,
406 valid_buffer, valid_size,
407 valid_buffer, valid_size,
408 valid_buffer, valid_size,
410 valid_buffer, valid_size ) );
411 TEST_INVALID_PARAM_RET(
412 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
413 mbedtls_cipher_auth_encrypt( &valid_ctx,
414 valid_buffer, valid_size,
415 valid_buffer, valid_size,
416 valid_buffer, valid_size,
417 valid_buffer, &size_t_var,
418 NULL, valid_size ) );
420 /* mbedtls_cipher_auth_decrypt() */
421 TEST_INVALID_PARAM_RET(
422 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
423 mbedtls_cipher_auth_decrypt( NULL,
424 valid_buffer, valid_size,
425 valid_buffer, valid_size,
426 valid_buffer, valid_size,
427 valid_buffer, &size_t_var,
428 valid_buffer, valid_size ) );
429 TEST_INVALID_PARAM_RET(
430 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
431 mbedtls_cipher_auth_decrypt( &valid_ctx,
433 valid_buffer, valid_size,
434 valid_buffer, valid_size,
435 valid_buffer, &size_t_var,
436 valid_buffer, valid_size ) );
437 TEST_INVALID_PARAM_RET(
438 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
439 mbedtls_cipher_auth_decrypt( &valid_ctx,
440 valid_buffer, valid_size,
442 valid_buffer, valid_size,
443 valid_buffer, &size_t_var,
444 valid_buffer, valid_size ) );
445 TEST_INVALID_PARAM_RET(
446 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
447 mbedtls_cipher_auth_decrypt( &valid_ctx,
448 valid_buffer, valid_size,
449 valid_buffer, valid_size,
451 valid_buffer, &size_t_var,
452 valid_buffer, valid_size ) );
453 TEST_INVALID_PARAM_RET(
454 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
455 mbedtls_cipher_auth_decrypt( &valid_ctx,
456 valid_buffer, valid_size,
457 valid_buffer, valid_size,
458 valid_buffer, valid_size,
460 valid_buffer, valid_size ) );
461 TEST_INVALID_PARAM_RET(
462 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
463 mbedtls_cipher_auth_decrypt( &valid_ctx,
464 valid_buffer, valid_size,
465 valid_buffer, valid_size,
466 valid_buffer, valid_size,
468 valid_buffer, valid_size ) );
469 TEST_INVALID_PARAM_RET(
470 MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA,
471 mbedtls_cipher_auth_decrypt( &valid_ctx,
472 valid_buffer, valid_size,
473 valid_buffer, valid_size,
474 valid_buffer, valid_size,
475 valid_buffer, &size_t_var,
476 NULL, valid_size ) );
477 #endif /* defined(MBEDTLS_CIPHER_MODE_AEAD) */
479 /* mbedtls_cipher_free() */
480 TEST_VALID_PARAM( mbedtls_cipher_free( NULL ) );
482 TEST_VALID_PARAM( mbedtls_cipher_free( &valid_ctx ) );
486 /* BEGIN_CASE depends_on:MBEDTLS_AES_C */
487 void cipher_special_behaviours( )
489 const mbedtls_cipher_info_t *cipher_info;
490 mbedtls_cipher_context_t ctx;
491 unsigned char input[32];
492 unsigned char output[32];
493 #if defined (MBEDTLS_CIPHER_MODE_CBC)
494 unsigned char iv[32];
498 mbedtls_cipher_init( &ctx );
499 memset( input, 0, sizeof( input ) );
500 memset( output, 0, sizeof( output ) );
501 #if defined(MBEDTLS_CIPHER_MODE_CBC)
502 memset( iv, 0, sizeof( iv ) );
504 /* Check and get info structures */
505 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_CBC );
506 TEST_ASSERT( NULL != cipher_info );
508 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
511 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, MBEDTLS_MAX_IV_LENGTH + 1 )
512 == MBEDTLS_ERR_CIPHER_FEATURE_UNAVAILABLE );
515 TEST_ASSERT( mbedtls_cipher_set_iv( &ctx, iv, 0 )
516 == MBEDTLS_ERR_CIPHER_BAD_INPUT_DATA );
518 mbedtls_cipher_free( &ctx );
519 mbedtls_cipher_init( &ctx );
520 #endif /* MBEDTLS_CIPHER_MODE_CBC */
521 cipher_info = mbedtls_cipher_info_from_type( MBEDTLS_CIPHER_AES_128_ECB );
522 TEST_ASSERT( NULL != cipher_info );
524 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
526 /* Update ECB with partial block */
527 TEST_ASSERT( mbedtls_cipher_update( &ctx, input, 1, output, &olen )
528 == MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED );
531 mbedtls_cipher_free( &ctx );
536 void enc_dec_buf( int cipher_id, char * cipher_string, int key_len,
537 int length_val, int pad_mode )
539 size_t length = length_val, outlen, total_len, i, block_size;
540 unsigned char key[64];
541 unsigned char iv[16];
542 unsigned char ad[13];
543 unsigned char tag[16];
544 unsigned char inbuf[64];
545 unsigned char encbuf[64];
546 unsigned char decbuf[64];
548 const mbedtls_cipher_info_t *cipher_info;
549 mbedtls_cipher_context_t ctx_dec;
550 mbedtls_cipher_context_t ctx_enc;
555 mbedtls_cipher_init( &ctx_dec );
556 mbedtls_cipher_init( &ctx_enc );
558 memset( key, 0x2a, sizeof( key ) );
560 /* Check and get info structures */
561 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
562 TEST_ASSERT( NULL != cipher_info );
563 TEST_ASSERT( mbedtls_cipher_info_from_string( cipher_string ) == cipher_info );
565 /* Initialise enc and dec contexts */
566 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
567 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
569 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
570 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );
572 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
575 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
576 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
580 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
583 * Do a few encode/decode cycles
585 for( i = 0; i < 3; i++ )
587 memset( iv , 0x00 + i, sizeof( iv ) );
588 memset( ad, 0x10 + i, sizeof( ad ) );
589 memset( inbuf, 0x20 + i, sizeof( inbuf ) );
591 memset( encbuf, 0, sizeof( encbuf ) );
592 memset( decbuf, 0, sizeof( decbuf ) );
593 memset( tag, 0, sizeof( tag ) );
595 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, sizeof( iv ) ) );
596 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, sizeof( iv ) ) );
598 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
599 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
601 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
602 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, ad, sizeof( ad ) - i ) );
603 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, ad, sizeof( ad ) - i ) );
606 block_size = mbedtls_cipher_get_block_size( &ctx_enc );
607 TEST_ASSERT( block_size != 0 );
609 /* encode length number of bytes from inbuf */
610 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, length, encbuf, &outlen ) );
613 TEST_ASSERT( total_len == length ||
614 ( total_len % block_size == 0 &&
615 total_len < length &&
616 total_len + block_size > length ) );
618 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + outlen, &outlen ) );
621 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
622 TEST_ASSERT( 0 == mbedtls_cipher_write_tag( &ctx_enc, tag, sizeof( tag ) ) );
625 TEST_ASSERT( total_len == length ||
626 ( total_len % block_size == 0 &&
627 total_len > length &&
628 total_len <= length + block_size ) );
630 /* decode the previously encoded string */
631 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, total_len, decbuf, &outlen ) );
634 TEST_ASSERT( total_len == length ||
635 ( total_len % block_size == 0 &&
636 total_len < length &&
637 total_len + block_size >= length ) );
639 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + outlen, &outlen ) );
642 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
643 TEST_ASSERT( 0 == mbedtls_cipher_check_tag( &ctx_dec, tag, sizeof( tag ) ) );
647 TEST_ASSERT( total_len == length );
648 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
655 mbedtls_cipher_free( &ctx_dec );
656 mbedtls_cipher_free( &ctx_enc );
661 void enc_fail( int cipher_id, int pad_mode, int key_len, int length_val,
664 size_t length = length_val;
665 unsigned char key[32];
666 unsigned char iv[16];
668 const mbedtls_cipher_info_t *cipher_info;
669 mbedtls_cipher_context_t ctx;
671 unsigned char inbuf[64];
672 unsigned char encbuf[64];
676 memset( key, 0, 32 );
677 memset( iv , 0, 16 );
679 mbedtls_cipher_init( &ctx );
681 memset( inbuf, 5, 64 );
682 memset( encbuf, 0, 64 );
684 /* Check and get info structures */
685 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
686 TEST_ASSERT( NULL != cipher_info );
688 /* Initialise context */
689 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
690 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, key_len, MBEDTLS_ENCRYPT ) );
691 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
692 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
695 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
696 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv, 16 ) );
697 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
698 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
699 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, NULL, 0 ) );
702 /* encode length number of bytes from inbuf */
703 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, inbuf, length, encbuf, &outlen ) );
704 TEST_ASSERT( ret == mbedtls_cipher_finish( &ctx, encbuf + outlen, &outlen ) );
708 mbedtls_cipher_free( &ctx );
713 void dec_empty_buf( int cipher )
715 unsigned char key[32];
716 unsigned char iv[16];
718 mbedtls_cipher_context_t ctx_dec;
719 const mbedtls_cipher_info_t *cipher_info;
721 unsigned char encbuf[64];
722 unsigned char decbuf[64];
728 memset( key, 0, 32 );
729 memset( iv , 0, 16 );
731 mbedtls_cipher_init( &ctx_dec );
733 memset( encbuf, 0, 64 );
734 memset( decbuf, 0, 64 );
736 /* Initialise context */
737 cipher_info = mbedtls_cipher_info_from_type( cipher );
738 TEST_ASSERT( NULL != cipher_info);
739 TEST_ASSERT( sizeof(key) * 8 >= cipher_info->key_bitlen );
741 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
743 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec,
744 key, cipher_info->key_bitlen,
747 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
749 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
751 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
752 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
755 /* decode 0-byte string */
756 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, 0, decbuf, &outlen ) );
757 TEST_ASSERT( 0 == outlen );
759 if ( cipher_info->mode == MBEDTLS_MODE_CBC ||
760 cipher_info->mode == MBEDTLS_MODE_ECB )
762 /* CBC and ECB ciphers need a full block of input. */
763 expected_ret = MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED;
767 /* Non-CBC and non-ECB ciphers are OK with decrypting empty buffers and
768 * return success, not MBEDTLS_ERR_CIPHER_FULL_BLOCK_EXPECTED, when
769 * decrypting an empty buffer. */
773 TEST_ASSERT( expected_ret == mbedtls_cipher_finish(
774 &ctx_dec, decbuf + outlen, &outlen ) );
775 TEST_ASSERT( 0 == outlen );
778 mbedtls_cipher_free( &ctx_dec );
783 void enc_dec_buf_multipart( int cipher_id, int key_len, int first_length_val,
784 int second_length_val, int pad_mode,
785 int first_encrypt_output_len, int second_encrypt_output_len,
786 int first_decrypt_output_len, int second_decrypt_output_len )
788 size_t first_length = first_length_val;
789 size_t second_length = second_length_val;
790 size_t length = first_length + second_length;
792 unsigned char key[32];
793 unsigned char iv[16];
795 mbedtls_cipher_context_t ctx_dec;
796 mbedtls_cipher_context_t ctx_enc;
797 const mbedtls_cipher_info_t *cipher_info;
799 unsigned char inbuf[64];
800 unsigned char encbuf[64];
801 unsigned char decbuf[64];
804 size_t totaloutlen = 0;
806 memset( key, 0, 32 );
807 memset( iv , 0, 16 );
809 mbedtls_cipher_init( &ctx_dec );
810 mbedtls_cipher_init( &ctx_enc );
812 memset( inbuf, 5, 64 );
813 memset( encbuf, 0, 64 );
814 memset( decbuf, 0, 64 );
816 /* Initialise enc and dec contexts */
817 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
818 TEST_ASSERT( NULL != cipher_info);
820 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_dec, cipher_info ) );
821 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx_enc, cipher_info ) );
823 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_dec, key, key_len, MBEDTLS_DECRYPT ) );
824 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx_enc, key, key_len, MBEDTLS_ENCRYPT ) );
826 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
829 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_dec, pad_mode ) );
830 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx_enc, pad_mode ) );
834 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
836 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_dec, iv, 16 ) );
837 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx_enc, iv, 16 ) );
839 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_dec ) );
840 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx_enc ) );
842 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
843 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_dec, NULL, 0 ) );
844 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx_enc, NULL, 0 ) );
847 block_size = mbedtls_cipher_get_block_size( &ctx_enc );
848 TEST_ASSERT( block_size != 0 );
850 /* encode length number of bytes from inbuf */
851 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf, first_length, encbuf, &outlen ) );
852 TEST_ASSERT( (size_t)first_encrypt_output_len == outlen );
853 totaloutlen = outlen;
854 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_enc, inbuf + first_length, second_length, encbuf + totaloutlen, &outlen ) );
855 TEST_ASSERT( (size_t)second_encrypt_output_len == outlen );
856 totaloutlen += outlen;
857 TEST_ASSERT( totaloutlen == length ||
858 ( totaloutlen % block_size == 0 &&
859 totaloutlen < length &&
860 totaloutlen + block_size > length ) );
862 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_enc, encbuf + totaloutlen, &outlen ) );
863 totaloutlen += outlen;
864 TEST_ASSERT( totaloutlen == length ||
865 ( totaloutlen % block_size == 0 &&
866 totaloutlen > length &&
867 totaloutlen <= length + block_size ) );
869 /* decode the previously encoded string */
870 second_length = totaloutlen - first_length;
871 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf, first_length, decbuf, &outlen ) );
872 TEST_ASSERT( (size_t)first_decrypt_output_len == outlen );
873 totaloutlen = outlen;
874 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx_dec, encbuf + first_length, second_length, decbuf + totaloutlen, &outlen ) );
875 TEST_ASSERT( (size_t)second_decrypt_output_len == outlen );
876 totaloutlen += outlen;
878 TEST_ASSERT( totaloutlen == length ||
879 ( totaloutlen % block_size == 0 &&
880 totaloutlen < length &&
881 totaloutlen + block_size >= length ) );
883 TEST_ASSERT( 0 == mbedtls_cipher_finish( &ctx_dec, decbuf + totaloutlen, &outlen ) );
884 totaloutlen += outlen;
886 TEST_ASSERT( totaloutlen == length );
888 TEST_ASSERT( 0 == memcmp(inbuf, decbuf, length) );
891 mbedtls_cipher_free( &ctx_dec );
892 mbedtls_cipher_free( &ctx_enc );
897 void decrypt_test_vec( int cipher_id, int pad_mode, data_t * key,
898 data_t * iv, data_t * cipher,
899 data_t * clear, data_t * ad, data_t * tag,
900 int finish_result, int tag_result )
902 unsigned char output[265];
903 mbedtls_cipher_context_t ctx;
904 size_t outlen, total_len;
906 mbedtls_cipher_init( &ctx );
908 memset( output, 0x00, sizeof( output ) );
910 #if !defined(MBEDTLS_GCM_C) && !defined(MBEDTLS_CHACHAPOLY_C)
915 /* Prepare context */
916 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
917 mbedtls_cipher_info_from_type( cipher_id ) ) );
918 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) );
919 #if defined(MBEDTLS_CIPHER_MODE_WITH_PADDING)
921 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
924 #endif /* MBEDTLS_CIPHER_MODE_WITH_PADDING */
925 TEST_ASSERT( 0 == mbedtls_cipher_set_iv( &ctx, iv->x, iv->len ) );
926 TEST_ASSERT( 0 == mbedtls_cipher_reset( &ctx ) );
927 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
928 TEST_ASSERT( 0 == mbedtls_cipher_update_ad( &ctx, ad->x, ad->len ) );
931 /* decode buffer and check tag->x */
933 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, cipher->x, cipher->len, output, &outlen ) );
935 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
938 #if defined(MBEDTLS_GCM_C) || defined(MBEDTLS_CHACHAPOLY_C)
939 TEST_ASSERT( tag_result == mbedtls_cipher_check_tag( &ctx, tag->x, tag->len ) );
942 /* check plaintext only if everything went fine */
943 if( 0 == finish_result && 0 == tag_result )
945 TEST_ASSERT( total_len == clear->len );
946 TEST_ASSERT( 0 == memcmp( output, clear->x, clear->len ) );
950 mbedtls_cipher_free( &ctx );
954 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_AEAD */
955 void auth_crypt_tv( int cipher_id, data_t * key, data_t * iv,
956 data_t * ad, data_t * cipher, data_t * tag,
957 char * result, data_t * clear )
960 unsigned char output[267]; /* above + 2 (overwrite check) */
961 unsigned char my_tag[20];
962 mbedtls_cipher_context_t ctx;
965 mbedtls_cipher_init( &ctx );
967 memset( output, 0xFF, sizeof( output ) );
968 memset( my_tag, 0xFF, sizeof( my_tag ) );
971 /* Prepare context */
972 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
973 mbedtls_cipher_info_from_type( cipher_id ) ) );
974 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, MBEDTLS_DECRYPT ) );
976 /* decode buffer and check tag->x */
977 ret = mbedtls_cipher_auth_decrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
978 cipher->x, cipher->len, output, &outlen,
981 /* make sure we didn't overwrite */
982 TEST_ASSERT( output[outlen + 0] == 0xFF );
983 TEST_ASSERT( output[outlen + 1] == 0xFF );
985 /* make sure the message is rejected if it should be */
986 if( strcmp( result, "FAIL" ) == 0 )
988 TEST_ASSERT( ret == MBEDTLS_ERR_CIPHER_AUTH_FAILED );
992 /* otherwise, make sure it was decrypted properly */
993 TEST_ASSERT( ret == 0 );
995 TEST_ASSERT( outlen == clear->len );
996 TEST_ASSERT( memcmp( output, clear->x, clear->len ) == 0 );
998 /* then encrypt the clear->x and make sure we get the same ciphertext and tag->x */
999 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len,
1000 MBEDTLS_ENCRYPT ) );
1002 memset( output, 0xFF, sizeof( output ) );
1005 ret = mbedtls_cipher_auth_encrypt( &ctx, iv->x, iv->len, ad->x, ad->len,
1006 clear->x, clear->len, output, &outlen,
1008 TEST_ASSERT( ret == 0 );
1010 TEST_ASSERT( outlen == cipher->len );
1011 TEST_ASSERT( memcmp( output, cipher->x, cipher->len ) == 0 );
1012 TEST_ASSERT( memcmp( my_tag, tag->x, tag->len ) == 0 );
1014 /* make sure we didn't overwrite */
1015 TEST_ASSERT( output[outlen + 0] == 0xFF );
1016 TEST_ASSERT( output[outlen + 1] == 0xFF );
1017 TEST_ASSERT( my_tag[tag->len + 0] == 0xFF );
1018 TEST_ASSERT( my_tag[tag->len + 1] == 0xFF );
1022 mbedtls_cipher_free( &ctx );
1027 void test_vec_ecb( int cipher_id, int operation, data_t * key,
1028 data_t * input, data_t * result, int finish_result
1031 mbedtls_cipher_context_t ctx;
1032 unsigned char output[32];
1035 mbedtls_cipher_init( &ctx );
1037 memset( output, 0x00, sizeof( output ) );
1039 /* Prepare context */
1040 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
1041 mbedtls_cipher_info_from_type( cipher_id ) ) );
1044 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key->x, 8 * key->len, operation ) );
1046 TEST_ASSERT( 0 == mbedtls_cipher_update( &ctx, input->x,
1047 mbedtls_cipher_get_block_size( &ctx ),
1048 output, &outlen ) );
1049 TEST_ASSERT( outlen == mbedtls_cipher_get_block_size( &ctx ) );
1050 TEST_ASSERT( finish_result == mbedtls_cipher_finish( &ctx, output + outlen,
1052 TEST_ASSERT( 0 == outlen );
1054 /* check plaintext only if everything went fine */
1055 if( 0 == finish_result )
1056 TEST_ASSERT( 0 == memcmp( output, result->x,
1057 mbedtls_cipher_get_block_size( &ctx ) ) );
1060 mbedtls_cipher_free( &ctx );
1064 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
1065 void test_vec_crypt( int cipher_id, int operation, char *hex_key,
1066 char *hex_iv, char *hex_input, char *hex_result,
1069 unsigned char key[50];
1070 unsigned char input[16];
1071 unsigned char result[16];
1072 unsigned char iv[16];
1073 size_t key_len, iv_len, inputlen, resultlen;
1074 mbedtls_cipher_context_t ctx;
1075 unsigned char output[32];
1078 mbedtls_cipher_init( &ctx );
1080 memset( key, 0x00, sizeof( key ) );
1081 memset( input, 0x00, sizeof( input ) );
1082 memset( result, 0x00, sizeof( result ) );
1083 memset( output, 0x00, sizeof( output ) );
1084 memset( iv, 0x00, sizeof( iv ) );
1086 /* Prepare context */
1087 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx,
1088 mbedtls_cipher_info_from_type( cipher_id ) ) );
1090 key_len = unhexify( key, hex_key );
1091 inputlen = unhexify( input, hex_input );
1092 resultlen = unhexify( result, hex_result );
1094 TEST_ASSERT( 0 == mbedtls_cipher_setkey( &ctx, key, 8 * key_len, operation ) );
1095 if( MBEDTLS_MODE_CBC == ctx.cipher_info->mode )
1096 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, MBEDTLS_PADDING_NONE ) );
1098 iv_len = unhexify( iv, hex_iv );
1100 TEST_ASSERT( finish_result == mbedtls_cipher_crypt( &ctx, iv_len ? iv : NULL,
1101 iv_len, input, inputlen,
1102 output, &outlen ) );
1103 TEST_ASSERT( resultlen == outlen );
1104 /* check plaintext only if everything went fine */
1105 if( 0 == finish_result )
1106 TEST_ASSERT( 0 == memcmp( output, result, outlen ) );
1109 mbedtls_cipher_free( &ctx );
1113 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_WITH_PADDING */
1114 void set_padding( int cipher_id, int pad_mode, int ret )
1116 const mbedtls_cipher_info_t *cipher_info;
1117 mbedtls_cipher_context_t ctx;
1119 mbedtls_cipher_init( &ctx );
1121 cipher_info = mbedtls_cipher_info_from_type( cipher_id );
1122 TEST_ASSERT( NULL != cipher_info );
1123 TEST_ASSERT( 0 == mbedtls_cipher_setup( &ctx, cipher_info ) );
1125 TEST_ASSERT( ret == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
1128 mbedtls_cipher_free( &ctx );
1132 /* BEGIN_CASE depends_on:MBEDTLS_CIPHER_MODE_CBC */
1133 void check_padding( int pad_mode, data_t * input, int ret, int dlen_check
1136 mbedtls_cipher_info_t cipher_info;
1137 mbedtls_cipher_context_t ctx;
1140 /* build a fake context just for getting access to get_padding */
1141 mbedtls_cipher_init( &ctx );
1142 cipher_info.mode = MBEDTLS_MODE_CBC;
1143 ctx.cipher_info = &cipher_info;
1145 TEST_ASSERT( 0 == mbedtls_cipher_set_padding_mode( &ctx, pad_mode ) );
1148 TEST_ASSERT( ret == ctx.get_padding( input->x, input->len, &dlen ) );
1150 TEST_ASSERT( dlen == (size_t) dlen_check );