1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
|
/* BEGIN_HEADER */
#include "mbedtls/chachapoly.h"
/* END_HEADER */
/* BEGIN_DEPENDENCIES
* depends_on:MBEDTLS_CHACHAPOLY_C
* END_DEPENDENCIES
*/
/* BEGIN_CASE */
void mbedtls_chachapoly_enc( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str )
{
unsigned char output[265];
unsigned char mac[16]; /* size set by the standard */
mbedtls_chachapoly_context ctx;
TEST_ASSERT( key_str->len == 32 );
TEST_ASSERT( nonce_str->len == 12 );
TEST_ASSERT( mac_str->len == 16 );
mbedtls_chachapoly_init( &ctx );
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );
TEST_ASSERT( mbedtls_chachapoly_encrypt_and_tag( &ctx,
input_str->len, nonce_str->x,
aad_str->x, aad_str->len,
input_str->x, output, mac ) == 0 );
TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
TEST_ASSERT( memcmp( mac_str->x, mac, 16U ) == 0 );
exit:
mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void mbedtls_chachapoly_dec( data_t *key_str, data_t *nonce_str, data_t *aad_str, data_t *input_str, data_t *output_str, data_t *mac_str, int ret_exp )
{
unsigned char output[265];
int ret;
mbedtls_chachapoly_context ctx;
TEST_ASSERT( key_str->len == 32 );
TEST_ASSERT( nonce_str->len == 12 );
TEST_ASSERT( mac_str->len == 16 );
mbedtls_chachapoly_init( &ctx );
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key_str->x ) == 0 );
ret = mbedtls_chachapoly_auth_decrypt( &ctx,
input_str->len, nonce_str->x,
aad_str->x, aad_str->len,
mac_str->x, input_str->x, output );
TEST_ASSERT( ret == ret_exp );
if( ret_exp == 0 )
{
TEST_ASSERT( memcmp( output_str->x, output, output_str->len ) == 0 );
}
exit:
mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE */
void chachapoly_state()
{
unsigned char key[32];
unsigned char nonce[12];
unsigned char aad[1];
unsigned char input[1];
unsigned char output[1];
unsigned char mac[16];
size_t input_len = sizeof( input );
size_t aad_len = sizeof( aad );
mbedtls_chachapoly_context ctx;
memset( key, 0x00, sizeof( key ) );
memset( nonce, 0x00, sizeof( nonce ) );
memset( aad, 0x00, sizeof( aad ) );
memset( input, 0x00, sizeof( input ) );
memset( output, 0x00, sizeof( output ) );
memset( mac, 0x00, sizeof( mac ) );
/* Initial state: finish, update, update_aad forbidden */
mbedtls_chachapoly_init( &ctx );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Still initial state: finish, update, update_aad forbidden */
TEST_ASSERT( mbedtls_chachapoly_setkey( &ctx, key )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Starts -> finish OK */
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== 0 );
/* After finish: update, update_aad forbidden */
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Starts -> update* OK */
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update( &ctx, input_len, input, output )
== 0 );
/* After update: update_aad forbidden */
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== MBEDTLS_ERR_CHACHAPOLY_BAD_STATE );
/* Starts -> update_aad* -> finish OK */
TEST_ASSERT( mbedtls_chachapoly_starts( &ctx, nonce, MBEDTLS_CHACHAPOLY_ENCRYPT )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_update_aad( &ctx, aad, aad_len )
== 0 );
TEST_ASSERT( mbedtls_chachapoly_finish( &ctx, mac )
== 0 );
exit:
mbedtls_chachapoly_free( &ctx );
}
/* END_CASE */
/* BEGIN_CASE depends_on:MBEDTLS_SELF_TEST */
void chachapoly_selftest()
{
TEST_ASSERT( mbedtls_chachapoly_self_test( 1 ) == 0 );
}
/* END_CASE */
|
